65 lines
1.5 KiB
PHP
65 lines
1.5 KiB
PHP
<?php
|
|
/**
|
|
* Auth Login Endpoint
|
|
*/
|
|
|
|
use App\Core\Database;
|
|
use App\Core\JWT;
|
|
use App\Core\Validator;
|
|
|
|
use App\Middleware\RateLimitMiddleware;
|
|
use App\Core\Security;
|
|
|
|
// 0. Rate Limiting (5 attempts per minute per IP)
|
|
RateLimitMiddleware::check(5, 60);
|
|
|
|
$data = Security::sanitize(input());
|
|
|
|
// 1. Validation
|
|
$errors = Validator::validate($data, [
|
|
'email' => 'required|email',
|
|
'password' => 'required'
|
|
]);
|
|
|
|
if ($errors) {
|
|
json_error('Validation Failed', 422, $errors);
|
|
}
|
|
|
|
$email = $data['email'];
|
|
$password = $data['password'];
|
|
|
|
// 2. DB Check
|
|
$db = Database::getInstance();
|
|
$stmt = $db->prepare("SELECT * FROM users WHERE email = ? LIMIT 1");
|
|
$stmt->execute([$email]);
|
|
$user = $stmt->fetch();
|
|
|
|
if (!$user || !password_verify($password, $user['password_hash'])) {
|
|
json_error('بيانات الدخول غير صحيحة', 401);
|
|
}
|
|
|
|
// 3. Issue Token
|
|
$secret = env('JWT_SECRET', 'super-secret-key');
|
|
$payload = [
|
|
'user_id' => $user['id'],
|
|
'role' => $user['role'],
|
|
'exp' => time() + (15 * 60) // 15 minutes
|
|
];
|
|
|
|
$token = JWT::encode($payload, $secret);
|
|
|
|
// 4. Update Refresh Token (Simple stored in DB as requested)
|
|
$refreshToken = bin2hex(random_bytes(32));
|
|
$stmt = $db->prepare("UPDATE users SET refresh_token_hash = ? WHERE id = ?");
|
|
$stmt->execute([$refreshToken, $user['id']]);
|
|
|
|
json_success([
|
|
'access_token' => $token,
|
|
'refresh_token' => $refreshToken,
|
|
'user' => [
|
|
'id' => $user['id'],
|
|
'name' => $user['name'],
|
|
'email' => $user['email']
|
|
]
|
|
], 'تم تسجيل الدخول بنجاح');
|