Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-29 01:10:32

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-29 01:10:32 +03:00
parent b5e2bf2fed
commit 0af4eed1ce
5 changed files with 50 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend/auth/loginUsingCredentialsWithoutGooglePassenger.php
View File

@@ -9,11 +9,27 @@ $password = filterRequest("password");
$fingerprint = filterRequest('fingerPrint') ?? filterRequest('fingerprint');
$audience = filterRequest('aud') ?: 'siro_passenger';
// 1. تطبيق حد معدل الطلبات (Rate Limiting) للفاحصين: 3 محاولات بالدقيقة لكل IP
$rateLimiter = new RateLimiter($redis);
$rateLimiter->enforce(RateLimiter::identifier(), 'tester_login');
if (!$email || !$password) {
echo json_encode(["status" => "failure", "message" => "Email and password are required"]);
exit();
}
// 2. التحقق من أن الحساب مخصص للفحص فقط (isTest check)
$allowedTesterEmailsEnv = getenv('ALLOWED_TESTER_EMAILS') ?: '';
$allowedEmails = array_filter(array_map('trim', explode(',', $allowedTesterEmailsEnv)));
$cleanEmail = strtolower(trim($email));
$isTester = in_array($cleanEmail, $allowedEmails) || substr($cleanEmail, -13) === '@siromove.com';
if (!$isTester) {
echo json_encode(["status" => "failure", "message" => "Access denied. Only tester accounts are allowed."]);
exit();
}
try {
$con = Database::get('main');