<?php
/**
 * Auth Refresh Endpoint
 */

use App\Core\Database;
use App\Core\JWT;

$data = input();
$refreshToken = $data['refresh_token'] ?? null;

if (!$refreshToken) {
    json_error('Refresh token is required', 400);
}

$db = Database::getInstance();
$stmt = $db->prepare("SELECT * FROM users WHERE refresh_token = ? LIMIT 1");
$stmt->execute([$refreshToken]);
$user = $stmt->fetch();

if (!$user) {
    json_error('Invalid refresh token', 401);
}

$secret = env('JWT_SECRET', 'super-secret-key');
$payload = [
    'user_id' => $user['id'],
    'role'    => $user['role'],
    'exp'     => time() + (15 * 60)
];

$newToken = JWT::encode($payload, $secret);
$newRefreshToken = bin2hex(random_bytes(32));

$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?");
$stmt->execute([$newRefreshToken, $user['id']]);

json_success([
    'access_token'  => $newToken,
    'refresh_token' => $newRefreshToken
], 'تم تجديد الجلسة بنجاح');