<?php
require_once "{$_SERVER['DOCUMENT_ROOT']}/dependencies.php";

if (
    (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) or (
        $db->querySingle("SELECT auth.login(:username, :password)", [
            'username' => $_SERVER['PHP_AUTH_USER'],
            'password' => $_SERVER['PHP_AUTH_PW']
        ])['login'] === false AND $db->where('clave', $_SERVER['PHP_AUTH_USER'])->has('auth.usuario')
    )
) {
    header('WWW-Authenticate: Basic realm="Moodle"');

    header('HTTP/1.0 401 Unauthorized');
    echo 'Acceso no autorizado';
    exit;
} else {
    $token = $db->querySingle("SELECT sign(('{\"exp\":' || EXTRACT(EPOCH FROM NOW() + INTERVAL'1 day') || ', \"role\": \"app_user\"}')::JSON, '{$_ENV['KEY_ENCRYPT']}') as token");
    $_SESSION['user'] = $_SERVER['PHP_AUTH_USER'];
    header('Content-Type: application/json');
    echo json_encode($token);
}