refactor: rename lib/ to core/ for clearer core-module separation

Rename the top-level lib/ directory to core/ so the project root
immediately communicates which code is core platform and which lives
in modules/. PHP namespaces (MintyPHP\*) are unchanged — only the
Composer PSR-4 path mapping moves from lib/ to core/.

Module-internal lib/ directories (modules/*/lib/) are untouched.

Updated across the full stack:
- composer.json PSR-4 mapping
- bootstrap entry points (web/index.php, bin/*, tests/bootstrap.php)
- tooling configs (phpstan.neon, phpunit.xml, php-cs-fixer)
- 26 architecture contract tests
- enforcement-policy, guard-catalog, quality-gates
- all documentation (CLAUDE.md, README, 25 docs/, .agents/skills/)
- bin/qa-extended.sh search paths
- .claude/settings.local.json permission paths

Workflow: .agents/runs/CORE-LIB-RENAME-001/ (Analyst → Planner →
Executor → Code Review (4 findings fixed) → Security Review →
Acceptance Test → Finalizer)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-04-13 23:20:05 +02:00
parent 7c10fadcb9
commit 0e86925464
371 changed files with 191 additions and 192 deletions

View File

@@ -0,0 +1,223 @@
<?php
namespace MintyPHP\Repository\Auth;
use MintyPHP\DB;
use MintyPHP\Repository\Support\RepoQuery;
/** Persists API tokens with selector/hash pairs, expiry tracking, and usage timestamps. */
class ApiTokenRepository implements ApiTokenRepositoryInterface
{
private const UUID_REGEX = '/^[a-f0-9]{8}-[a-f0-9]{4}-[1-5][a-f0-9]{3}-[89ab][a-f0-9]{3}-[a-f0-9]{12}$/i';
private function unwrapList($rows): array
{
if (!is_array($rows)) {
return [];
}
$list = [];
foreach ($rows as $row) {
$data = $row['user_api_tokens'] ?? $row;
if (is_array($data)) {
$list[] = $data;
}
}
return $list;
}
public function isUuid(string $value): bool
{
return (bool) preg_match(self::UUID_REGEX, trim($value));
}
public function create(
int $userId,
string $name,
string $selector,
string $tokenHash,
?int $tenantId,
?string $expiresAt,
?int $createdBy
): ?int {
$id = DB::insert(
'insert into user_api_tokens (uuid, user_id, name, selector, token_hash, tenant_id, expires_at, created_by, created) values (?,?,?,?,?,?,?,?,NOW())',
RepoQuery::uuidV4(),
(string) $userId,
$name,
$selector,
$tokenHash,
$tenantId !== null ? (string) $tenantId : null,
$expiresAt,
$createdBy !== null ? (string) $createdBy : null
);
return $id ? (int) $id : null;
}
public function findBySelector(string $selector): ?array
{
$row = DB::selectOne(
'select id, uuid, user_id, name, selector, token_hash, tenant_id, last_used_at, last_ip, expires_at, revoked_at, created_by, created from user_api_tokens where selector = ? limit 1',
$selector
);
if (!$row || !isset($row['user_api_tokens'])) {
return null;
}
return $row['user_api_tokens'];
}
public function find(int $id): ?array
{
$row = DB::selectOne(
'select id, uuid, user_id, name, selector, tenant_id, last_used_at, last_ip, expires_at, revoked_at, created_by, created from user_api_tokens where id = ? limit 1',
(string) $id
);
if (!$row || !isset($row['user_api_tokens'])) {
return null;
}
return $row['user_api_tokens'];
}
public function findByUuid(string $uuid): ?array
{
$uuid = trim($uuid);
if (!$this->isUuid($uuid)) {
return null;
}
$row = DB::selectOne(
'select id, uuid, user_id, name, selector, tenant_id, last_used_at, last_ip, expires_at, revoked_at, created_by, created from user_api_tokens where uuid = ? limit 1',
$uuid
);
if (!$row || !isset($row['user_api_tokens'])) {
return null;
}
return $row['user_api_tokens'];
}
public function findByUuidForUser(string $uuid, int $userId): ?array
{
$uuid = trim($uuid);
if ($userId <= 0 || !$this->isUuid($uuid)) {
return null;
}
$row = DB::selectOne(
'select id, uuid, user_id, name, selector, tenant_id, last_used_at, last_ip, expires_at, revoked_at, created_by, created from user_api_tokens where uuid = ? and user_id = ? limit 1',
$uuid,
(string) $userId
);
if (!$row || !isset($row['user_api_tokens'])) {
return null;
}
return $row['user_api_tokens'];
}
public function updateLastUsed(int $id, string $ip): bool
{
$result = DB::update(
'update user_api_tokens set last_used_at = NOW(), last_ip = ? where id = ?',
$ip,
(string) $id
);
return $result !== false;
}
public function revoke(int $id): bool
{
$result = DB::update(
'update user_api_tokens set revoked_at = NOW() where id = ? and revoked_at is null',
(string) $id
);
return $result !== false;
}
public function revokeByUuidForUser(string $uuid, int $userId): bool
{
$uuid = trim($uuid);
if ($userId <= 0 || !$this->isUuid($uuid)) {
return false;
}
$result = DB::update(
'update user_api_tokens set revoked_at = NOW() where uuid = ? and user_id = ? and revoked_at is null',
$uuid,
(string) $userId
);
return $result !== false;
}
public function revokeAllForUser(int $userId, ?int $tenantId = null): int
{
if ($tenantId !== null && $tenantId > 0) {
$result = DB::update(
'update user_api_tokens set revoked_at = NOW() where user_id = ? and (tenant_id = ? or tenant_id is null) and revoked_at is null',
(string) $userId,
(string) $tenantId
);
} else {
$result = DB::update(
'update user_api_tokens set revoked_at = NOW() where user_id = ? and revoked_at is null',
(string) $userId
);
}
return $result !== false ? (int) $result : 0;
}
public function revokeAllActiveByAdmin(): int
{
$result = DB::update(
'update user_api_tokens set revoked_at = NOW() where revoked_at is null and (expires_at is null or expires_at > NOW())'
);
return $result !== false ? (int) $result : 0;
}
public function listByUserId(int $userId, int $limit = 25): array
{
if ($userId <= 0) {
return [];
}
if ($limit < 1) {
$limit = 25;
} elseif ($limit > 100) {
$limit = 100;
}
$rows = DB::select(
'select id, uuid, user_id, name, selector, tenant_id, last_used_at, last_ip, expires_at, revoked_at, created_by, created from user_api_tokens where user_id = ? order by id desc limit ?',
(string) $userId,
(string) $limit
);
return $this->unwrapList($rows);
}
public function countActiveForUser(int $userId): int
{
$count = DB::selectValue(
'select count(*) from user_api_tokens where user_id = ? and revoked_at is null and (expires_at is null or expires_at > NOW())',
(string) $userId
);
return $count ? (int) $count : 0;
}
public function countActiveForUserExcludingId(int $userId, int $excludeId): int
{
if ($userId <= 0) {
return 0;
}
$count = DB::selectValue(
'select count(*) from user_api_tokens where user_id = ? and id != ? and revoked_at is null and (expires_at is null or expires_at > NOW())',
(string) $userId,
(string) $excludeId
);
return $count ? (int) $count : 0;
}
public function countActive(): int
{
$count = DB::selectValue(
'select count(*) from user_api_tokens where revoked_at is null and (expires_at is null or expires_at > NOW())'
);
return $count ? (int) $count : 0;
}
}

View File

@@ -0,0 +1,45 @@
<?php
namespace MintyPHP\Repository\Auth;
/** Contract for API bearer token creation, lookup by selector or UUID, and revocation. */
interface ApiTokenRepositoryInterface
{
public function isUuid(string $value): bool;
public function create(
int $userId,
string $name,
string $selector,
string $tokenHash,
?int $tenantId,
?string $expiresAt,
?int $createdBy
): ?int;
public function findBySelector(string $selector): ?array;
public function find(int $id): ?array;
public function findByUuid(string $uuid): ?array;
public function findByUuidForUser(string $uuid, int $userId): ?array;
public function updateLastUsed(int $id, string $ip): bool;
public function revoke(int $id): bool;
public function revokeByUuidForUser(string $uuid, int $userId): bool;
public function revokeAllForUser(int $userId, ?int $tenantId = null): int;
public function revokeAllActiveByAdmin(): int;
public function listByUserId(int $userId, int $limit = 25): array;
public function countActiveForUser(int $userId): int;
public function countActiveForUserExcludingId(int $userId, int $excludeId): int;
public function countActive(): int;
}

View File

@@ -0,0 +1,72 @@
<?php
namespace MintyPHP\Repository\Auth;
use MintyPHP\DB;
/** Stores email verification codes with attempt counters, expiry, and completion status. */
class EmailVerificationRepository implements EmailVerificationRepositoryInterface
{
public function create(int $userId, string $codeHash, string $expiresAt): ?int
{
$id = DB::insert(
'insert into email_verifications (user_id, code_hash, expires_at, attempts, used_at, created) values (?,?,?,?,NULL,NOW())',
(string) $userId,
$codeHash,
$expiresAt,
0
);
return $id ? (int) $id : null;
}
public function invalidateForUser(int $userId): bool
{
$result = DB::update(
'update email_verifications set used_at = NOW() where user_id = ? and used_at is null',
(string) $userId
);
return $result !== false;
}
public function findActiveByUserId(int $userId): ?array
{
$row = DB::selectOne(
'select id, user_id, code_hash, expires_at, attempts, used_at from email_verifications where user_id = ? and used_at is null and expires_at > UTC_TIMESTAMP() order by id desc limit 1',
(string) $userId
);
if (!$row || !isset($row['email_verifications'])) {
return null;
}
return $row['email_verifications'];
}
public function findById(int $id): ?array
{
$row = DB::selectOne(
'select id, user_id, code_hash, expires_at, attempts, used_at from email_verifications where id = ? limit 1',
(string) $id
);
if (!$row || !isset($row['email_verifications'])) {
return null;
}
return $row['email_verifications'];
}
public function incrementAttempts(int $id): bool
{
$result = DB::update(
'update email_verifications set attempts = attempts + 1 where id = ?',
(string) $id
);
return $result !== false;
}
public function markUsed(int $id): bool
{
$result = DB::update(
'update email_verifications set used_at = NOW() where id = ?',
(string) $id
);
return $result !== false;
}
}

View File

@@ -0,0 +1,19 @@
<?php
namespace MintyPHP\Repository\Auth;
/** Contract for email verification code lifecycle: creation, lookup, attempt tracking, and completion. */
interface EmailVerificationRepositoryInterface
{
public function create(int $userId, string $codeHash, string $expiresAt): ?int;
public function invalidateForUser(int $userId): bool;
public function findActiveByUserId(int $userId): ?array;
public function findById(int $id): ?array;
public function incrementAttempts(int $id): bool;
public function markUsed(int $id): bool;
}

View File

@@ -0,0 +1,105 @@
<?php
namespace MintyPHP\Repository\Auth;
use MintyPHP\DB;
/** Stores password reset codes with attempt counters, expiry, and completion history. */
class PasswordResetRepository implements PasswordResetRepositoryInterface
{
private function unwrapList($rows): array
{
if (!is_array($rows)) {
return [];
}
$list = [];
foreach ($rows as $row) {
$data = $row['password_resets'] ?? $row;
if (is_array($data)) {
$list[] = $data;
}
}
return $list;
}
public function create(int $userId, string $codeHash, string $expiresAt): ?int
{
$id = DB::insert(
'insert into password_resets (user_id, code_hash, expires_at, attempts, used_at, created) values (?,?,?,?,NULL,NOW())',
(string) $userId,
$codeHash,
$expiresAt,
0
);
return $id ? (int) $id : null;
}
public function invalidateForUser(int $userId): bool
{
$result = DB::update(
'update password_resets set used_at = NOW() where user_id = ? and used_at is null',
(string) $userId
);
return $result !== false;
}
public function findActiveByUserId(int $userId): ?array
{
$row = DB::selectOne(
'select id, user_id, code_hash, expires_at, attempts, used_at from password_resets where user_id = ? and used_at is null and expires_at > UTC_TIMESTAMP() order by id desc limit 1',
(string) $userId
);
if (!$row || !isset($row['password_resets'])) {
return null;
}
return $row['password_resets'];
}
public function findById(int $id): ?array
{
$row = DB::selectOne(
'select id, user_id, code_hash, expires_at, attempts, used_at from password_resets where id = ? limit 1',
(string) $id
);
if (!$row || !isset($row['password_resets'])) {
return null;
}
return $row['password_resets'];
}
public function incrementAttempts(int $id): bool
{
$result = DB::update(
'update password_resets set attempts = attempts + 1 where id = ?',
(string) $id
);
return $result !== false;
}
public function markUsed(int $id): bool
{
$result = DB::update(
'update password_resets set used_at = NOW() where id = ?',
(string) $id
);
return $result !== false;
}
public function listByUserId(int $userId, int $limit = 20): array
{
if ($userId <= 0) {
return [];
}
if ($limit < 1) {
$limit = 20;
} elseif ($limit > 100) {
$limit = 100;
}
$rows = DB::select(
'select id, user_id, expires_at, attempts, used_at, created from password_resets where user_id = ? order by id desc limit ?',
(string) $userId,
(string) $limit
);
return $this->unwrapList($rows);
}
}

View File

@@ -0,0 +1,21 @@
<?php
namespace MintyPHP\Repository\Auth;
/** Contract for password reset code lifecycle: creation, lookup, attempt tracking, and completion. */
interface PasswordResetRepositoryInterface
{
public function create(int $userId, string $codeHash, string $expiresAt): ?int;
public function invalidateForUser(int $userId): bool;
public function findActiveByUserId(int $userId): ?array;
public function findById(int $id): ?array;
public function incrementAttempts(int $id): bool;
public function markUsed(int $id): bool;
public function listByUserId(int $userId, int $limit = 20): array;
}

View File

@@ -0,0 +1,103 @@
<?php
namespace MintyPHP\Repository\Auth;
use MintyPHP\DB;
/** Manages persistent login tokens with rotation, family tracking, and admin-initiated expiry. */
class RememberTokenRepository implements RememberTokenRepositoryInterface
{
private function unwrapList($rows): array
{
if (!is_array($rows)) {
return [];
}
$list = [];
foreach ($rows as $row) {
$data = $row['user_remember_tokens'] ?? $row;
if (is_array($data)) {
$list[] = $data;
}
}
return $list;
}
public function create(int $userId, string $selector, string $tokenHash, string $expiresAt): ?int
{
$id = DB::insert(
'insert into user_remember_tokens (user_id, selector, token_hash, expires_at, created) values (?,?,?,?,NOW())',
(string) $userId,
$selector,
$tokenHash,
$expiresAt
);
return $id ? (int) $id : null;
}
public function findBySelector(string $selector): ?array
{
$row = DB::selectOne(
'select id, user_id, selector, token_hash, expires_at, expired_by_admin_at, last_used from user_remember_tokens where selector = ? limit 1',
$selector
);
if (!$row || !isset($row['user_remember_tokens'])) {
return null;
}
return $row['user_remember_tokens'];
}
public function updateToken(int $id, string $tokenHash, string $expiresAt): bool
{
$result = DB::update(
'update user_remember_tokens set token_hash = ?, expires_at = ?, expired_by_admin_at = NULL, last_used = NOW() where id = ?',
$tokenHash,
$expiresAt,
(string) $id
);
return $result !== false;
}
public function expireAllByAdmin(): int
{
$result = DB::update(
'update user_remember_tokens set expires_at = NOW(), expired_by_admin_at = NOW() where expires_at > NOW()'
);
return $result !== false ? (int) $result : 0;
}
public function deleteById(int $id): bool
{
$result = DB::delete('delete from user_remember_tokens where id = ?', (string) $id);
return $result !== false;
}
public function deleteByUserId(int $userId): bool
{
$result = DB::delete('delete from user_remember_tokens where user_id = ?', (string) $userId);
return $result !== false;
}
public function listByUserId(int $userId, int $limit = 20): array
{
if ($userId <= 0) {
return [];
}
if ($limit < 1) {
$limit = 20;
} elseif ($limit > 100) {
$limit = 100;
}
$rows = DB::select(
'select id, user_id, selector, expires_at, expired_by_admin_at, last_used, created from user_remember_tokens where user_id = ? order by id desc limit ?',
(string) $userId,
(string) $limit
);
return $this->unwrapList($rows);
}
public function countActive(): int
{
$count = DB::selectValue('select count(*) from user_remember_tokens where expires_at > NOW()');
return $count ? (int) $count : 0;
}
}

View File

@@ -0,0 +1,23 @@
<?php
namespace MintyPHP\Repository\Auth;
/** Contract for remember-me token creation, rotation, expiry, and active session counting. */
interface RememberTokenRepositoryInterface
{
public function create(int $userId, string $selector, string $tokenHash, string $expiresAt): ?int;
public function findBySelector(string $selector): ?array;
public function updateToken(int $id, string $tokenHash, string $expiresAt): bool;
public function expireAllByAdmin(): int;
public function deleteById(int $id): bool;
public function deleteByUserId(int $userId): bool;
public function listByUserId(int $userId, int $limit = 20): array;
public function countActive(): int;
}