refactor(JWT): improve secret key retrieval and storage logic

- Update database query to use namespace/key pattern for better organization
- Add JSON decoding for stored secret values
- Ensure minimum key length requirement is consistently enforced
- Simplify key generation and storage with proper JSON encoding

inc/JWT.php

@@ -18,30 +18,32 @@ class JWT {
             return self::$secretKey;
         }
         
-        // Try to get from environment
+        // Опционально: читаем из переменной окружения (если передана и достаточно длинная)
         $envKey = getenv('JWT_SECRET');
         if ($envKey && strlen($envKey) >= 32) {
             self::$secretKey = $envKey;
             return self::$secretKey;
         }
         
-        // Try to get from database settings
+        // Единая корректная схема: settings(namespace='security', key='jwt_secret', value JSON)
         $pdo = DB::conn();
-        $stmt = $pdo->prepare('SELECT value FROM settings WHERE key = ?');
-        $stmt->execute(['jwt_secret']);
+        $stmt = $pdo->prepare('SELECT value FROM settings WHERE namespace = ? AND `key` = ? LIMIT 1');
+        $stmt->execute(['security', 'jwt_secret']);
         $result = $stmt->fetch();
         
-        if ($result && !empty($result['value'])) {
-            self::$secretKey = $result['value'];
+        if ($result && isset($result['value'])) {
+            $val = $result['value'];
+            $decoded = json_decode($val, true);
+            if (is_string($decoded) && strlen($decoded) >= 32) {
+                self::$secretKey = $decoded;
                 return self::$secretKey;
             }
+        }
         
-        // Generate new secret key and save it
+        // Если секрета нет — создаём и сохраняем по новой схеме
         $newKey = bin2hex(random_bytes(32));
-        
-        $stmt = $pdo->prepare('INSERT INTO settings (key, value) VALUES (?, ?) ON DUPLICATE KEY UPDATE value = ?');
-        $stmt->execute(['jwt_secret', $newKey, $newKey]);
-        
+        $stmt = $pdo->prepare('INSERT INTO settings (user_id, namespace, `key`, value) VALUES (NULL, ?, ?, ?) ON DUPLICATE KEY UPDATE value = VALUES(value)');
+        $stmt->execute(['security', 'jwt_secret', json_encode($newKey)]);
         self::$secretKey = $newKey;
         return self::$secretKey;
     }