46 lines
1.2 KiB
PHP
46 lines
1.2 KiB
PHP
<?php
|
|
|
|
namespace App\Models;
|
|
|
|
use App\Core\Database;
|
|
use App\Core\Security;
|
|
|
|
class User extends BaseModel
|
|
{
|
|
protected static string $table = 'users';
|
|
|
|
/**
|
|
* Find user securely by email using Blind Index (HMAC-SHA256 Hash).
|
|
*/
|
|
public static function findByEmail(string $email): ?array
|
|
{
|
|
$emailHash = Security::blindIndex($email);
|
|
|
|
return Database::selectOne(
|
|
"SELECT * FROM users WHERE email_hash = :hash LIMIT 1",
|
|
['hash' => $emailHash]
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Create a new user securely (encrypting sensitive data and generating hashes).
|
|
*/
|
|
public static function createSecure(array $data): string
|
|
{
|
|
// 1. Hash password
|
|
$data['password'] = Security::hashPassword($data['password']);
|
|
|
|
// 2. Generate blind index for email lookup
|
|
$data['email_hash'] = Security::blindIndex($data['email']);
|
|
|
|
// 3. Encrypt the email itself using AES-256-GCM
|
|
$data['email'] = Security::encrypt($data['email']);
|
|
|
|
// 4. Ensure default values if none provided
|
|
$data['role'] = $data['role'] ?? 'admin';
|
|
$data['status'] = $data['status'] ?? 'active';
|
|
|
|
return self::create($data);
|
|
}
|
|
}
|