musadaq-saas/app/Modules/Auth/AuthController.php

<?php

declare(strict_types=1);

namespace App\Modules\Auth;

use App\Core\{Request, Response};
use App\Modules\Auth\AuthService;
use Throwable;

final class AuthController
{
    public function __construct(private readonly AuthService $authService) {}

    public function login(Request $request): void
    {
        $email = $request->input('email');
        $password = $request->input('password');

        if (!$email || !$password) {
            Response::error('يرجى إدخال البريد الإلكتروني وكلمة المرور', 'VALIDATION_ERROR', 422);
            return;
        }

        try {
            $result = $this->authService->login($email, $password);
            
            // Set refresh token in HttpOnly cookie
            setcookie('refresh_token', $result['refresh_token'], [
                'expires' => time() + (60 * 60 * 24 * 7),
                'path' => '/api/v1/auth/refresh',
                'httponly' => true,
                'samesite' => 'Strict',
                'secure' => true
            ]);

            unset($result['refresh_token']);

            Response::json([
                'success' => true,
                'data' => $result,
                'message' => 'تم تسجيل الدخول بنجاح'
            ]);
        } catch (Throwable $e) {
            Response::error($e->getMessage(), 'AUTH_FAILED', 401);
        }
    }

    public function me(Request $request): void
    {
        Response::json([
            'success' => true,
            'data' => $request->user
        ]);
    }

    public function logout(Request $request): void
    {
        // Clear refresh token cookie
        setcookie('refresh_token', '', [
            'expires' => time() - 3600,
            'path' => '/api/v1/auth/refresh',
            'httponly' => true,
            'samesite' => 'Strict',
            'secure' => true
        ]);

        Response::json([
            'success' => true,
            'message' => 'تم تسجيل الخروج بنجاح'
        ]);
    }

    public function refresh(Request $request): void
    {
        $refreshToken = $_COOKIE['refresh_token'] ?? null;

        if (!$refreshToken) {
            Response::error('رمز التجديد مفقود', 'UNAUTHORIZED', 401);
            return;
        }

        try {
            $result = $this->authService->refresh($refreshToken);
            
            // Set new refresh token in HttpOnly cookie
            setcookie('refresh_token', $result['refresh_token'], [
                'expires' => time() + (60 * 60 * 24 * 7),
                'path' => '/api/v1/auth/refresh',
                'httponly' => true,
                'samesite' => 'Strict',
                'secure' => true
            ]);

            unset($result['refresh_token']);

            Response::json([
                'success' => true,
                'data' => $result,
                'message' => 'تم تجديد الجلسة بنجاح'
            ]);
        } catch (Throwable $e) {
            Response::error($e->getMessage(), 'REFRESH_FAILED', 401);
        }
    }
    public function register(Request $request): void
    {
        try {
            $result = $this->authService->register($request->getBody());
            
            // Set refresh token in HttpOnly cookie
            setcookie('refresh_token', $result['refresh_token'], [
                'expires' => time() + (60 * 60 * 24 * 7),
                'path' => '/api/v1/auth/refresh',
                'httponly' => true,
                'samesite' => 'Strict',
                'secure' => true
            ]);

            unset($result['refresh_token']);

            Response::json([
                'success' => true,
                'data' => $result,
                'message' => 'تم إنشاء الحساب وتسجيل الدخول بنجاح'
            ]);
        } catch (Throwable $e) {
            Response::error($e->getMessage(), 'REGISTRATION_FAILED', 400);
        }
    }
}