🚀 مُصادَق: الإطلاق الأولي للنظام المتكامل

app/Modules/Auth/AuthController.php

@@ -0,0 +1,56 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Modules\Auth;
+
+use App\Core\{Request, Response};
+use App\Modules\Auth\AuthService;
+use Throwable;
+
+final class AuthController
+{
+    public function __construct(private readonly AuthService $authService) {}
+
+    public function login(Request $request): void
+    {
+        $email = $request->input('email');
+        $password = $request->input('password');
+
+        if (!$email || !$password) {
+            Response::error('يرجى إدخال البريد الإلكتروني وكلمة المرور', 'VALIDATION_ERROR', 422);
+            return;
+        }
+
+        try {
+            $result = $this->authService->login($email, $password);
+            
+            // Set refresh token in HttpOnly cookie
+            setcookie('refresh_token', $result['refresh_token'], [
+                'expires' => time() + (60 * 60 * 24 * 7),
+                'path' => '/api/v1/auth/refresh',
+                'httponly' => true,
+                'samesite' => 'Strict',
+                'secure' => true
+            ]);
+
+            unset($result['refresh_token']);
+
+            Response::json([
+                'success' => true,
+                'data' => $result,
+                'message' => 'تم تسجيل الدخول بنجاح'
+            ]);
+        } catch (Throwable $e) {
+            Response::error($e->getMessage(), 'AUTH_FAILED', 401);
+        }
+    }
+
+    public function me(Request $request): void
+    {
+        Response::json([
+            'success' => true,
+            'data' => $request->user
+        ]);
+    }
+}

app/Modules/Auth/AuthService.php

@@ -0,0 +1,56 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Modules\Auth;
+
+use App\Modules\Users\UserModel;
+use App\Services\Security\JwtService;
+use Exception;
+
+final class AuthService
+{
+    public function __construct(
+        private readonly UserModel $userModel,
+        private readonly JwtService $jwtService
+    ) {}
+
+    public function login(string $email, string $password): array
+    {
+        $user = $this->userModel->findByEmail($email);
+
+        if (!$user || !password_verify($password, $user['password_hash'])) {
+            throw new Exception("البريد الإلكتروني أو كلمة المرور غير صحيحة");
+        }
+
+        if (!$user['is_active']) {
+            throw new Exception("هذا الحساب معطل حالياً");
+        }
+
+        $accessToken = $this->jwtService->issueAccessToken([
+            'user_id' => $user['id'],
+            'tenant_id' => $user['tenant_id'],
+            'role' => $user['role']
+        ]);
+
+        $refreshToken = $this->jwtService->issueRefreshToken($user['id']);
+        
+        // Update refresh token hash in DB
+        $this->userModel->update($user['id'], [
+            'refresh_token_hash' => password_hash($refreshToken, PASSWORD_BCRYPT),
+            'last_login_at' => date('Y-m-d H:i:s'),
+            'last_login_ip' => $_SERVER['REMOTE_ADDR'] ?? null
+        ]);
+
+        return [
+            'access_token' => $accessToken,
+            'refresh_token' => $refreshToken,
+            'user' => [
+                'id' => $user['id'],
+                'name' => $user['name'],
+                'email' => $user['email'],
+                'role' => $user['role']
+            ]
+        ];
+    }
+}