v2.1.0, refactor w/ crimson

1 files changed, 42 insertions, 0 deletions

diff --git a/src/web/_model/auth.php b/src/web/_model/auth.php
new file mode 100644
index 0000000..50cb367
--- /dev/null
+++ b/src/web/_model/auth.php
@@ -0,0 +1,42 @@
+<?php /* Copyright (c) 2024 Freya Murphy */
+class Auth_model extends XSS_Model {
+
+	private static ?array $session = NULL;
+
+	/**
+	 * Loads current session
+	 * @param string $jwt - the user provided JWT
+	 */
+	public function session(): ?array {
+		// check
+		if (self::$session)
+			return self::$session;
+		// get jwt
+		$jwt = $_SESSION['jwt'] ?? '';
+		if (!$jwt)
+			return NULL;
+		// get session
+		$result = $this->db()
+			->select("_api.verify_jwt(?) AS user_id;")
+			->row($jwt);
+		// invalid JWT
+		if (!$result)
+			return NULL;
+		// load user inside session
+		$user_id = $result['user_id'];
+		$user = $this->db()
+			->select('*')
+			->from('api.user')
+			->where('id')
+			->eq($user_id)
+			->row();
+		// valid JWT, but invalid user
+		if (!$result)
+			return NULL;
+		// return session
+		self::$session = array_merge(
+			$user,
+			array('jwt' => $jwt));
+		return self::$session;
+	}
+}