getBody(), true) ?: []; $email = $body['email'] ?? $body['user_email'] ?? ''; $password = $body['password'] ?? ''; $validator = (new Validator(['email' => $email, 'password' => $password])) ->required('email')->email('email')->maxLength('email', 255) ->required('password'); if ($validator->fails()) { return ResponseLib::sendFail($validator->firstError(), [], "E_VALIDATE")->withStatus(400); } $secret = $_ENV['JWT_SECRET'] ?? ''; if ($secret === '') { Logger::error('JWT_SECRET is not configured; cannot issue tokens'); return ResponseLib::sendFail("Internal server error", [], "E_GENERIC")->withStatus(500); } $userModel = new UserModel(); $user = $userModel->validateLogin($email, $password); if (!$user) { return ResponseLib::sendFail("Invalid credentials", [], "E_VALIDATE")->withStatus(401); } $payload = [ 'sub' => $user['user_id'], 'email' => $user['user_email'], 'company_id' => $user['company_id'], 'role' => $user['user_role'], 'iat' => time(), 'exp' => time() + 3600 ]; $jwt = JWT::encode($payload, $secret, 'HS256'); return ResponseLib::sendOk([ 'token' => $jwt, 'user' => $user, ]); } }