109 lines
2.7 KiB
PHP
109 lines
2.7 KiB
PHP
<?php
|
|
|
|
namespace App\Modules\Auth\Services;
|
|
|
|
use App\Modules\Auth\Models\RoleModel;
|
|
use App\Modules\Auth\Models\UserModel;
|
|
use App\Modules\Auth\Models\UserRoleModel;
|
|
|
|
/**
|
|
* Auth Service
|
|
*
|
|
* Login / logout / currentUser using PHP session.
|
|
*/
|
|
class AuthService
|
|
{
|
|
public const SESSION_USER_ID = 'auth_user_id';
|
|
|
|
protected UserModel $userModel;
|
|
protected RoleModel $roleModel;
|
|
protected UserRoleModel $userRoleModel;
|
|
|
|
public function __construct()
|
|
{
|
|
$this->userModel = new UserModel();
|
|
$this->roleModel = new RoleModel();
|
|
$this->userRoleModel = new UserRoleModel();
|
|
}
|
|
|
|
/**
|
|
* Login with email and password.
|
|
*
|
|
* @param string $email
|
|
* @param string $password
|
|
* @return array|null User data + roles, or null on failure
|
|
*/
|
|
public function login(string $email, string $password): ?array
|
|
{
|
|
$user = $this->userModel->findByEmail($email);
|
|
if (!$user || !$user->isActive()) {
|
|
return null;
|
|
}
|
|
|
|
if (!password_verify($password, $user->password_hash)) {
|
|
return null;
|
|
}
|
|
|
|
$session = session();
|
|
$session->set(self::SESSION_USER_ID, $user->id);
|
|
|
|
return $this->userWithRoles($user);
|
|
}
|
|
|
|
/**
|
|
* Logout (destroy session auth data).
|
|
*/
|
|
public function logout(): void
|
|
{
|
|
$session = session();
|
|
$session->remove(self::SESSION_USER_ID);
|
|
}
|
|
|
|
/**
|
|
* Get current logged-in user with roles, or null.
|
|
*
|
|
* @return array|null { id, name, email, roles: [ role_code, role_name ] }
|
|
*/
|
|
public function currentUser(): ?array
|
|
{
|
|
$session = session();
|
|
$userId = $session->get(self::SESSION_USER_ID);
|
|
if (!$userId) {
|
|
return null;
|
|
}
|
|
|
|
$user = $this->userModel->find($userId);
|
|
if (!$user || !$user->isActive()) {
|
|
$session->remove(self::SESSION_USER_ID);
|
|
return null;
|
|
}
|
|
|
|
return $this->userWithRoles($user);
|
|
}
|
|
|
|
/**
|
|
* Build user array with roles (no password).
|
|
*/
|
|
protected function userWithRoles($user): array
|
|
{
|
|
$roleIds = $this->userRoleModel->getRoleIdsForUser($user->id);
|
|
$roles = [];
|
|
foreach ($roleIds as $roleId) {
|
|
$role = $this->roleModel->find($roleId);
|
|
if ($role) {
|
|
$roles[] = [
|
|
'role_code' => $role->role_code,
|
|
'role_name' => $role->role_name,
|
|
];
|
|
}
|
|
}
|
|
|
|
return [
|
|
'id' => $user->id,
|
|
'name' => $user->name,
|
|
'email' => $user->email,
|
|
'roles' => $roles,
|
|
];
|
|
}
|
|
}
|