diff --git a/inc/JWT.php b/inc/JWT.php index c2c3f52..87d9106 100644 --- a/inc/JWT.php +++ b/inc/JWT.php @@ -18,30 +18,32 @@ class JWT { return self::$secretKey; } - // Try to get from environment + // Опционально: читаем из переменной окружения (если передана и достаточно длинная) $envKey = getenv('JWT_SECRET'); if ($envKey && strlen($envKey) >= 32) { self::$secretKey = $envKey; return self::$secretKey; } - // Try to get from database settings + // Единая корректная схема: settings(namespace='security', key='jwt_secret', value JSON) $pdo = DB::conn(); - $stmt = $pdo->prepare('SELECT value FROM settings WHERE key = ?'); - $stmt->execute(['jwt_secret']); + $stmt = $pdo->prepare('SELECT value FROM settings WHERE namespace = ? AND `key` = ? LIMIT 1'); + $stmt->execute(['security', 'jwt_secret']); $result = $stmt->fetch(); - if ($result && !empty($result['value'])) { - self::$secretKey = $result['value']; - return self::$secretKey; + if ($result && isset($result['value'])) { + $val = $result['value']; + $decoded = json_decode($val, true); + if (is_string($decoded) && strlen($decoded) >= 32) { + self::$secretKey = $decoded; + return self::$secretKey; + } } - // Generate new secret key and save it + // Если секрета нет — создаём и сохраняем по новой схеме $newKey = bin2hex(random_bytes(32)); - - $stmt = $pdo->prepare('INSERT INTO settings (key, value) VALUES (?, ?) ON DUPLICATE KEY UPDATE value = ?'); - $stmt->execute(['jwt_secret', $newKey, $newKey]); - + $stmt = $pdo->prepare('INSERT INTO settings (user_id, namespace, `key`, value) VALUES (NULL, ?, ?, ?) ON DUPLICATE KEY UPDATE value = VALUES(value)'); + $stmt->execute(['security', 'jwt_secret', json_encode($newKey)]); self::$secretKey = $newKey; return self::$secretKey; }