diff options
Diffstat (limited to 'src/web/_model/auth.php')
| -rw-r--r-- | src/web/_model/auth.php | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/src/web/_model/auth.php b/src/web/_model/auth.php new file mode 100644 index 0000000..50cb367 --- /dev/null +++ b/src/web/_model/auth.php @@ -0,0 +1,42 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ +class Auth_model extends XSS_Model { + + private static ?array $session = NULL; + + /** + * Loads current session + * @param string $jwt - the user provided JWT + */ + public function session(): ?array { + // check + if (self::$session) + return self::$session; + // get jwt + $jwt = $_SESSION['jwt'] ?? ''; + if (!$jwt) + return NULL; + // get session + $result = $this->db() + ->select("_api.verify_jwt(?) AS user_id;") + ->row($jwt); + // invalid JWT + if (!$result) + return NULL; + // load user inside session + $user_id = $result['user_id']; + $user = $this->db() + ->select('*') + ->from('api.user') + ->where('id') + ->eq($user_id) + ->row(); + // valid JWT, but invalid user + if (!$result) + return NULL; + // return session + self::$session = array_merge( + $user, + array('jwt' => $jwt)); + return self::$session; + } +} |