Deploy: 2026-05-21 01:26:06

backend/app/Models/User.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace App\Models;
+
+use App\Core\Database;
+use App\Core\Security;
+
+class User extends BaseModel
+{
+    protected static string $table = 'users';
+
+    /**
+     * Find user securely by email using Blind Index (HMAC-SHA256 Hash).
+     */
+    public static function findByEmail(string $email): ?array
+    {
+        $emailHash = Security::blindIndex($email);
+        
+        return Database::selectOne(
+            "SELECT * FROM users WHERE email_hash = :hash LIMIT 1",
+            ['hash' => $emailHash]
+        );
+    }
+
+    /**
+     * Create a new user securely (encrypting sensitive data and generating hashes).
+     */
+    public static function createSecure(array $data): string
+    {
+        // 1. Hash password
+        $data['password'] = Security::hashPassword($data['password']);
+
+        // 2. Generate blind index for email lookup
+        $data['email_hash'] = Security::blindIndex($data['email']);
+
+        // 3. Encrypt the email itself using AES-256-GCM
+        $data['email'] = Security::encrypt($data['email']);
+
+        // 4. Ensure default values if none provided
+        $data['role'] = $data['role'] ?? 'admin';
+        $data['status'] = $data['status'] ?? 'active';
+
+        return self::create($data);
+    }
+}