Update: 2026-06-16 02:14:34

2026-06-16 02:14:35 +03:00
parent fc58529b09
commit 2c657fa0b4
13 changed files with 100 additions and 31 deletions
--- a/backend/core/Auth/RateLimiter.php
+++ b/backend/core/Auth/RateLimiter.php
@@ -29,7 +29,8 @@ class RateLimiter
    public function check(string $identifier, string $type = 'api'): bool
    {
        if (!$this->redis) {
-            return true; // بدون Redis نمرر (fallback)
+            // HIGH-01 FIX: fallback مع ملف بدلاً من تمرير كل الطلبات
+            return $this->fileBasedCheck($identifier, $type);
        }

        $limit  = self::LIMITS[$type] ?? self::LIMITS['api'];
@@ -77,6 +78,47 @@ class RateLimiter
    {
        if ($this->redis) {
            $this->redis->del("rate:{$type}:{$identifier}");
+        } else {
+            // HIGH-01: مسح ملف الفل باك عند إعادة التعيين
+            $key = self::sanitizeKey("rate:{$type}:{$identifier}");
+            $tmpFile = sys_get_temp_dir() . "/rate_{$key}.json";
+            if (file_exists($tmpFile)) {
+                @unlink($tmpFile);
+            }
        }
    }
+
+    // ── Fallback باستخدام ملفات مؤقتة عند تعطل Redis ───────────
+    private function fileBasedCheck(string $identifier, string $type): bool
+    {
+        $limit  = self::LIMITS[$type] ?? self::LIMITS['api'];
+        $window = $limit['window'];
+        $max    = $limit['requests'];
+
+        $key = self::sanitizeKey("rate:{$type}:{$identifier}");
+        $tmpFile = sys_get_temp_dir() . "/rate_{$key}.json";
+        $now = time();
+
+        $data = [];
+        if (file_exists($tmpFile)) {
+            $data = json_decode(file_get_contents($tmpFile), true) ?: [];
+        }
+
+        // تنظيف النوافذ القديمة
+        $data = array_filter($data, fn($ts) => $ts > ($now - $window));
+
+        if (count($data) >= $max) {
+            error_log("[RATE_LIMIT_FB] File-based block: $identifier | type: $type");
+            return false;
+        }
+
+        $data[] = $now;
+        file_put_contents($tmpFile, json_encode($data));
+        return true;
+    }
+
+    private static function sanitizeKey(string $key): string
+    {
+        return preg_replace('/[^a-zA-Z0-9_\-:]/', '_', $key);
+    }
 }
--- a/backend/encrypt_decrypt.php
+++ b/backend/encrypt_decrypt.php
@@ -101,6 +101,11 @@ class EncryptionHelper {

 	public function decryptBinary($data) {
    $decrypted = openssl_decrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
+    // CRIT-07 FIX: التحقق من فشل openssl_decrypt
+    if ($decrypted === false) {
+        error_log('[CRIT-07] openssl_decrypt failed in decryptBinary');
+        throw new Exception('Decryption failed');
+    }
    return $decrypted;
 	}
 }
--- a/backend/ride/rides/cron_ride_timeout.php
+++ b/backend/ride/rides/cron_ride_timeout.php
@@ -59,6 +59,7 @@ try {
 } catch (PDOException $e) {
    $errorMsg = "❌ [Cleanup Cron] Error: " . $e->getMessage();
    error_log($errorMsg);
-    echo json_encode(["status" => "failure", "message" => $e->getMessage()]);
+    error_log("[cron_ride_timeout] Error: " . $e->getMessage());
+    echo json_encode(["status" => "failure", "message" => "An internal error occurred."]);
 }
 ?>
--- a/backend/ride/rides/getRealTimeHeatmap.php
+++ b/backend/ride/rides/getRealTimeHeatmap.php
@@ -73,7 +73,8 @@ try {
    echo json_encode(["status" => "success", "data" => $finalData]);

 } catch (Exception $e) {
-    echo json_encode(["status" => "failure", "message" => $e->getMessage()]);
+    error_log("[getRealTimeHeatmap] Error: " . $e->getMessage());
+    echo json_encode(["status" => "failure", "message" => "An internal error occurred."]);
 }

 function addToGrid(&$grid, $lat, $lng, $precision, $weight) {
--- a/backend/ride/rides/getRideOrderID.php
+++ b/backend/ride/rides/getRideOrderID.php
@@ -174,6 +174,6 @@ try {
 } catch (Exception $e) {
    error_log("API Error: " . $e->getMessage());
    http_response_code(500);
-    echo json_encode(["status" => "failure", "message" => "Server Error: " . $e->getMessage()]);
+    echo json_encode(["status" => "failure", "message" => "An internal server error occurred."]);
 }
 ?>
--- a/backend/ride/rides/getRideOrderIDNew.php
+++ b/backend/ride/rides/getRideOrderIDNew.php
@@ -143,6 +143,6 @@ try {
 } catch (Exception $e) {
    error_log("API Error: " . $e->getMessage());
    http_response_code(500);
-    echo json_encode(["status" => "failure", "message" => "Server Error: " . $e->getMessage()]);
+    echo json_encode(["status" => "failure", "message" => "An internal server error occurred."]);
 }
 ?>
--- a/backend/ride/rides/getRideStatusFromStartApp.php
+++ b/backend/ride/rides/getRideStatusFromStartApp.php
@@ -88,6 +88,7 @@ try {
    ]);

 } catch (Exception $e) {
-    echo json_encode(["status" => "failure", "message" => $e->getMessage()]);
+    error_log("[getRideStatusFromStartApp] Error: " . $e->getMessage());
+    echo json_encode(["status" => "failure", "message" => "An internal error occurred."]);
 }
 ?>