From bb38e544ee2de299a31a104a5d0dcb347c8d2668 Mon Sep 17 00:00:00 2001
From: yisroel <tech@bhbsdventures.com>
Date: Wed, 6 May 2026 15:11:19 +0300
Subject: [PATCH] add auth utility interfaces and impls

Clock + SystemClock (DateTimeImmutable in UTC), TokenGenerator +
RandomTokenGenerator (bin2hex(random_bytes(32)) -> 64-char hex),
PasswordHasher + BcryptPasswordHasher (password_hash with
PASSWORD_DEFAULT, password_verify). matching fakes:
FakeClock with mutable setTime, FakeTokenGenerator with a
pre-seeded queue (throws once exhausted), FakePasswordHasher
returns 'hashed:<plain>' for deterministic test assertions.
composer stan now passes --memory-limit=512M (default 128M
overflows once larastan loads more rules).
---
 backend/app/Auth/BcryptPasswordHasher.php  | 16 +++++++++++++
 backend/app/Auth/Clock.php                 | 10 ++++++++
 backend/app/Auth/PasswordHasher.php        | 10 ++++++++
 backend/app/Auth/RandomTokenGenerator.php  | 11 +++++++++
 backend/app/Auth/SystemClock.php           | 14 +++++++++++
 backend/app/Auth/TokenGenerator.php        |  8 +++++++
 backend/composer.json                      |  2 +-
 backend/tests/Fakes/FakeClock.php          | 21 +++++++++++++++++
 backend/tests/Fakes/FakePasswordHasher.php | 18 +++++++++++++++
 backend/tests/Fakes/FakeTokenGenerator.php | 27 ++++++++++++++++++++++
 10 files changed, 136 insertions(+), 1 deletion(-)
 create mode 100644 backend/app/Auth/BcryptPasswordHasher.php
 create mode 100644 backend/app/Auth/Clock.php
 create mode 100644 backend/app/Auth/PasswordHasher.php
 create mode 100644 backend/app/Auth/RandomTokenGenerator.php
 create mode 100644 backend/app/Auth/SystemClock.php
 create mode 100644 backend/app/Auth/TokenGenerator.php
 create mode 100644 backend/tests/Fakes/FakeClock.php
 create mode 100644 backend/tests/Fakes/FakePasswordHasher.php
 create mode 100644 backend/tests/Fakes/FakeTokenGenerator.php

diff --git a/backend/app/Auth/BcryptPasswordHasher.php b/backend/app/Auth/BcryptPasswordHasher.php
new file mode 100644
index 0000000..0bc4a46
--- /dev/null
+++ b/backend/app/Auth/BcryptPasswordHasher.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace App\Auth;
+
+class BcryptPasswordHasher implements PasswordHasher
+{
+    public function hash(string $password): string
+    {
+        return password_hash($password, PASSWORD_DEFAULT);
+    }
+
+    public function verify(string $password, string $hash): bool
+    {
+        return password_verify($password, $hash);
+    }
+}
diff --git a/backend/app/Auth/Clock.php b/backend/app/Auth/Clock.php
new file mode 100644
index 0000000..b96ad32
--- /dev/null
+++ b/backend/app/Auth/Clock.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace App\Auth;
+
+use DateTimeImmutable;
+
+interface Clock
+{
+    public function now(): DateTimeImmutable;
+}
diff --git a/backend/app/Auth/PasswordHasher.php b/backend/app/Auth/PasswordHasher.php
new file mode 100644
index 0000000..ab57a41
--- /dev/null
+++ b/backend/app/Auth/PasswordHasher.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace App\Auth;
+
+interface PasswordHasher
+{
+    public function hash(string $password): string;
+
+    public function verify(string $password, string $hash): bool;
+}
diff --git a/backend/app/Auth/RandomTokenGenerator.php b/backend/app/Auth/RandomTokenGenerator.php
new file mode 100644
index 0000000..0615bff
--- /dev/null
+++ b/backend/app/Auth/RandomTokenGenerator.php
@@ -0,0 +1,11 @@
+<?php
+
+namespace App\Auth;
+
+class RandomTokenGenerator implements TokenGenerator
+{
+    public function generate(): string
+    {
+        return bin2hex(random_bytes(32));
+    }
+}
diff --git a/backend/app/Auth/SystemClock.php b/backend/app/Auth/SystemClock.php
new file mode 100644
index 0000000..dd77c28
--- /dev/null
+++ b/backend/app/Auth/SystemClock.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace App\Auth;
+
+use DateTimeImmutable;
+use DateTimeZone;
+
+class SystemClock implements Clock
+{
+    public function now(): DateTimeImmutable
+    {
+        return new DateTimeImmutable('now', new DateTimeZone('UTC'));
+    }
+}
diff --git a/backend/app/Auth/TokenGenerator.php b/backend/app/Auth/TokenGenerator.php
new file mode 100644
index 0000000..39b4263
--- /dev/null
+++ b/backend/app/Auth/TokenGenerator.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace App\Auth;
+
+interface TokenGenerator
+{
+    public function generate(): string;
+}
diff --git a/backend/composer.json b/backend/composer.json
index abe76eb..1947a93 100644
--- a/backend/composer.json
+++ b/backend/composer.json
@@ -49,7 +49,7 @@
             "npx concurrently -c \"#93c5fd,#c4b5fd,#fb7185\" \"php artisan serve\" \"php artisan queue:listen --tries=1\" \"php artisan pail --timeout=0\" --names=server,queue,logs --kill-others"
         ],
 
-        "stan": "phpstan analyse --no-progress",
+        "stan": "phpstan analyse --no-progress --memory-limit=512M",
         "cs:fix": "php-cs-fixer fix",
         "cs:check": "php-cs-fixer check --diff -vvv",
 
diff --git a/backend/tests/Fakes/FakeClock.php b/backend/tests/Fakes/FakeClock.php
new file mode 100644
index 0000000..f112836
--- /dev/null
+++ b/backend/tests/Fakes/FakeClock.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace Tests\Fakes;
+
+use App\Auth\Clock;
+use DateTimeImmutable;
+
+class FakeClock implements Clock
+{
+    public function __construct(private DateTimeImmutable $currentTime) {}
+
+    public function now(): DateTimeImmutable
+    {
+        return $this->currentTime;
+    }
+
+    public function setTime(DateTimeImmutable $newTime): void
+    {
+        $this->currentTime = $newTime;
+    }
+}
diff --git a/backend/tests/Fakes/FakePasswordHasher.php b/backend/tests/Fakes/FakePasswordHasher.php
new file mode 100644
index 0000000..9e93325
--- /dev/null
+++ b/backend/tests/Fakes/FakePasswordHasher.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace Tests\Fakes;
+
+use App\Auth\PasswordHasher;
+
+class FakePasswordHasher implements PasswordHasher
+{
+    public function hash(string $password): string
+    {
+        return 'hashed:'.$password;
+    }
+
+    public function verify(string $password, string $hash): bool
+    {
+        return $this->hash($password) === $hash;
+    }
+}
diff --git a/backend/tests/Fakes/FakeTokenGenerator.php b/backend/tests/Fakes/FakeTokenGenerator.php
new file mode 100644
index 0000000..601eb2f
--- /dev/null
+++ b/backend/tests/Fakes/FakeTokenGenerator.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Tests\Fakes;
+
+use App\Auth\TokenGenerator;
+use RuntimeException;
+
+class FakeTokenGenerator implements TokenGenerator
+{
+    private int $callCount = 0;
+
+    /**
+     * @param  string[]  $tokens
+     */
+    public function __construct(private array $tokens) {}
+
+    public function generate(): string
+    {
+        if ($this->callCount >= count($this->tokens)) {
+            throw new RuntimeException('FakeTokenGenerator exhausted');
+        }
+        $token = $this->tokens[$this->callCount];
+        $this->callCount++;
+
+        return $token;
+    }
+}