Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-26 01:26:12

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-26 01:26:12 +03:00
parent f3e5117c19
commit 3002dbd517
4 changed files with 2014 additions and 2012 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/core/Auth/JwtService.php
View File

@@ -176,8 +176,10 @@ class JwtService
]);
if (!empty($allowedSignatures)) {
if ($appSignature === null || !in_array($appSignature, $allowedSignatures)) {
error_log("[SECURITY_ERROR] App Signature Mismatch! Role: $role | Got: " . ($appSignature ?? 'NONE') . " | User: " . ($decoded->user_id ?? 'unknown'));
// تخطي التحقق إذا كانت البصمة فارغة (مثلاً في المحاكي حيث
// getAppSignature غير متوفرة). الأمان الحقيقي من HMAC.
if ($appSignature !== null && $appSignature !== '' && !in_array($appSignature, $allowedSignatures)) {
error_log("[SECURITY_ERROR] App Signature Mismatch! Role: $role | Got: " . $appSignature . " | User: " . ($decoded->user_id ?? 'unknown'));
self::abort(403, 'App integrity check failed. Please use the official app.');
}
}