🚀 مُصادَق: الإطلاق الأولي للنظام المتكامل

app/Services/Security/JwtService.php

@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Services\Security;
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use Exception;
+
+final class JwtService
+{
+    private string $secret;
+    private int $accessExpiry;
+    private int $refreshExpiry;
+
+    public function __construct()
+    {
+        $this->secret = $_ENV['JWT_SECRET'] ?? 'change-me';
+        $this->accessExpiry = (int)($_ENV['JWT_ACCESS_EXPIRY'] ?? 900);
+        $this->refreshExpiry = (int)($_ENV['JWT_REFRESH_EXPIRY'] ?? 604800);
+    }
+
+    public function issueAccessToken(array $payload): string
+    {
+        $payload['exp'] = time() + $this->accessExpiry;
+        $payload['iat'] = time();
+        $payload['jti'] = bin2hex(random_bytes(16));
+
+        return JWT::encode($payload, $this->secret, 'HS256');
+    }
+
+    public function issueRefreshToken(string $userId): string
+    {
+        // Refresh token is a random string stored in DB (hashed)
+        return bin2hex(random_bytes(64));
+    }
+
+    public function verifyToken(string $token): array
+    {
+        try {
+            $decoded = JWT::decode($token, new Key($this->secret, 'HS256'));
+            return (array) $decoded;
+        } catch (Exception $e) {
+            throw new Exception("Invalid or expired token: " . $e->getMessage());
+        }
+    }
+}