46 lines
1.0 KiB
PHP
46 lines
1.0 KiB
PHP
<?php
|
|
/**
|
|
* Refresh Token Endpoint (Secure Cookie Based)
|
|
*/
|
|
|
|
use App\Core\Database;
|
|
use Firebase\JWT\JWT;
|
|
|
|
// 1. Get Refresh Token from HttpOnly Cookie
|
|
$refreshToken = $_COOKIE['refresh_token'] ?? null;
|
|
|
|
if (!$refreshToken) {
|
|
json_error('Refresh token is required', 401);
|
|
}
|
|
|
|
$db = Database::getInstance();
|
|
$refreshTokenHash = hash('sha256', $refreshToken);
|
|
|
|
// 2. Verify in DB
|
|
$stmt = $db->prepare("SELECT * FROM users WHERE refresh_token_hash = ? AND is_active = 1 LIMIT 1");
|
|
$stmt->execute([$refreshTokenHash]);
|
|
$user = $stmt->fetch();
|
|
|
|
if (!$user) {
|
|
json_error('Invalid refresh token', 401);
|
|
}
|
|
|
|
// 3. Generate New Access Token
|
|
$secret = $_ENV['JWT_SECRET'] ?? null;
|
|
if (!$secret) {
|
|
json_error('Server configuration error', 500);
|
|
}
|
|
|
|
$payload = [
|
|
'user_id' => $user['id'],
|
|
'tenant_id' => $user['tenant_id'], // Now including tenant_id
|
|
'role' => $user['role'],
|
|
'exp' => time() + (15 * 60) // 15 minutes
|
|
];
|
|
|
|
$token = JWT::encode($payload, $secret, 'HS256');
|
|
|
|
json_success([
|
|
'access_token' => $token
|
|
]);
|