Rename the top-level lib/ directory to core/ so the project root immediately communicates which code is core platform and which lives in modules/. PHP namespaces (MintyPHP\*) are unchanged — only the Composer PSR-4 path mapping moves from lib/ to core/. Module-internal lib/ directories (modules/*/lib/) are untouched. Updated across the full stack: - composer.json PSR-4 mapping - bootstrap entry points (web/index.php, bin/*, tests/bootstrap.php) - tooling configs (phpstan.neon, phpunit.xml, php-cs-fixer) - 26 architecture contract tests - enforcement-policy, guard-catalog, quality-gates - all documentation (CLAUDE.md, README, 25 docs/, .agents/skills/) - bin/qa-extended.sh search paths - .claude/settings.local.json permission paths Workflow: .agents/runs/CORE-LIB-RENAME-001/ (Analyst → Planner → Executor → Code Review (4 findings fixed) → Security Review → Acceptance Test → Finalizer) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
104 lines
3.2 KiB
PHP
104 lines
3.2 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Repository\Auth;
|
|
|
|
use MintyPHP\DB;
|
|
|
|
/** Manages persistent login tokens with rotation, family tracking, and admin-initiated expiry. */
|
|
class RememberTokenRepository implements RememberTokenRepositoryInterface
|
|
{
|
|
private function unwrapList($rows): array
|
|
{
|
|
if (!is_array($rows)) {
|
|
return [];
|
|
}
|
|
$list = [];
|
|
foreach ($rows as $row) {
|
|
$data = $row['user_remember_tokens'] ?? $row;
|
|
if (is_array($data)) {
|
|
$list[] = $data;
|
|
}
|
|
}
|
|
return $list;
|
|
}
|
|
|
|
public function create(int $userId, string $selector, string $tokenHash, string $expiresAt): ?int
|
|
{
|
|
$id = DB::insert(
|
|
'insert into user_remember_tokens (user_id, selector, token_hash, expires_at, created) values (?,?,?,?,NOW())',
|
|
(string) $userId,
|
|
$selector,
|
|
$tokenHash,
|
|
$expiresAt
|
|
);
|
|
return $id ? (int) $id : null;
|
|
}
|
|
|
|
public function findBySelector(string $selector): ?array
|
|
{
|
|
$row = DB::selectOne(
|
|
'select id, user_id, selector, token_hash, expires_at, expired_by_admin_at, last_used from user_remember_tokens where selector = ? limit 1',
|
|
$selector
|
|
);
|
|
if (!$row || !isset($row['user_remember_tokens'])) {
|
|
return null;
|
|
}
|
|
return $row['user_remember_tokens'];
|
|
}
|
|
|
|
public function updateToken(int $id, string $tokenHash, string $expiresAt): bool
|
|
{
|
|
$result = DB::update(
|
|
'update user_remember_tokens set token_hash = ?, expires_at = ?, expired_by_admin_at = NULL, last_used = NOW() where id = ?',
|
|
$tokenHash,
|
|
$expiresAt,
|
|
(string) $id
|
|
);
|
|
return $result !== false;
|
|
}
|
|
|
|
public function expireAllByAdmin(): int
|
|
{
|
|
$result = DB::update(
|
|
'update user_remember_tokens set expires_at = NOW(), expired_by_admin_at = NOW() where expires_at > NOW()'
|
|
);
|
|
return $result !== false ? (int) $result : 0;
|
|
}
|
|
|
|
public function deleteById(int $id): bool
|
|
{
|
|
$result = DB::delete('delete from user_remember_tokens where id = ?', (string) $id);
|
|
return $result !== false;
|
|
}
|
|
|
|
public function deleteByUserId(int $userId): bool
|
|
{
|
|
$result = DB::delete('delete from user_remember_tokens where user_id = ?', (string) $userId);
|
|
return $result !== false;
|
|
}
|
|
|
|
public function listByUserId(int $userId, int $limit = 20): array
|
|
{
|
|
if ($userId <= 0) {
|
|
return [];
|
|
}
|
|
if ($limit < 1) {
|
|
$limit = 20;
|
|
} elseif ($limit > 100) {
|
|
$limit = 100;
|
|
}
|
|
$rows = DB::select(
|
|
'select id, user_id, selector, expires_at, expired_by_admin_at, last_used, created from user_remember_tokens where user_id = ? order by id desc limit ?',
|
|
(string) $userId,
|
|
(string) $limit
|
|
);
|
|
return $this->unwrapList($rows);
|
|
}
|
|
|
|
public function countActive(): int
|
|
{
|
|
$count = DB::selectValue('select count(*) from user_remember_tokens where expires_at > NOW()');
|
|
return $count ? (int) $count : 0;
|
|
}
|
|
}
|