feat: dist/ pridan do repa pro server deploy

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

dist/api/admin/session.php

@@ -0,0 +1,94 @@
+<?php
+
+/**
+ * BOHA Automation - Session Check API (JWT)
+ *
+ * GET /api/admin/session.php
+ *
+ * Checks if the user has a valid session by:
+ * 1. First checking the Authorization header for a valid access token
+ * 2. If no valid access token, tries to refresh using the refresh_token cookie
+ *
+ * Response:
+ * {
+ *   "success": true,
+ *   "data": {
+ *     "authenticated": boolean,
+ *     "user": { ... } | null,
+ *     "access_token": "string" | null,
+ *     "expires_in": int | null
+ *   }
+ * }
+ */
+
+declare(strict_types=1);
+
+require_once dirname(__DIR__) . '/config.php';
+require_once dirname(__DIR__) . '/includes/JWTAuth.php';
+require_once dirname(__DIR__) . '/includes/RateLimiter.php';
+require_once __DIR__ . '/handlers/session-handlers.php';
+
+setCorsHeaders();
+setSecurityHeaders();
+setNoCacheHeaders();
+header('Content-Type: application/json; charset=utf-8');
+
+// 200 req/min - vola se pri kazde zmene route
+$rateLimiter = new RateLimiter();
+$rateLimiter->enforce('session', 200);
+
+// Cleanup expired refresh tokenu (0.1% sance)
+if (rand(1, 1000) === 1) {
+    try {
+        JWTAuth::cleanupExpiredTokens();
+    } catch (Exception $e) {
+    }
+}
+
+if (!in_array($_SERVER['REQUEST_METHOD'], ['GET', 'POST'])) {
+    errorResponse('Metoda není povolena', 405);
+}
+
+$authData = JWTAuth::optionalAuth();
+
+if ($authData) {
+    $userData = $authData['user'];
+    $userData['permissions'] = JWTAuth::getUserPermissions($authData['user_id']);
+
+    $twoFA = get2FAInfo(db(), $authData['user_id']);
+    $userData['totp_enabled'] = $twoFA['totp_enabled'];
+    $userData['require_2fa'] = $twoFA['require_2fa'];
+
+    successResponse([
+        'authenticated' => true,
+        'user' => $userData,
+        'access_token' => null,
+        'expires_in' => null,
+    ]);
+}
+
+$refreshToken = $_COOKIE['refresh_token'] ?? null;
+
+if ($refreshToken) {
+    $result = JWTAuth::refreshTokens();
+
+    if ($result) {
+        $twoFA = get2FAInfo(db(), $result['user']['id']);
+        $result['user']['totp_enabled'] = $twoFA['totp_enabled'];
+        $result['user']['require_2fa'] = $twoFA['require_2fa'];
+
+        successResponse([
+            'authenticated' => true,
+            'user' => $result['user'],
+            'access_token' => $result['access_token'],
+            'expires_in' => $result['expires_in'],
+        ]);
+    }
+}
+
+successResponse([
+    'authenticated' => false,
+    'user' => null,
+    'access_token' => null,
+    'expires_in' => null,
+]);