Update: 2026-06-26 01:26:12

2026-06-26 01:26:12 +03:00
parent f3e5117c19
commit 3002dbd517
4 changed files with 2014 additions and 2012 deletions
--- a/backend/core/Auth/JwtService.php
+++ b/backend/core/Auth/JwtService.php
@@ -176,8 +176,10 @@ class JwtService
            ]);

            if (!empty($allowedSignatures)) {
-                if ($appSignature === null || !in_array($appSignature, $allowedSignatures)) {
-                    error_log("[SECURITY_ERROR] App Signature Mismatch! Role: $role | Got: " . ($appSignature ?? 'NONE') . " | User: " . ($decoded->user_id ?? 'unknown'));
+                // تخطي التحقق إذا كانت البصمة فارغة (مثلاً في المحاكي حيث
+                // getAppSignature غير متوفرة). الأمان الحقيقي من HMAC.
+                if ($appSignature !== null && $appSignature !== '' && !in_array($appSignature, $allowedSignatures)) {
+                    error_log("[SECURITY_ERROR] App Signature Mismatch! Role: $role | Got: " . $appSignature . " | User: " . ($decoded->user_id ?? 'unknown'));
                    self::abort(403, 'App integrity check failed. Please use the official app.');
                }
            }
--- a/siro_service/lib/controller/local/ar_eg.dart
+++ b/siro_service/lib/controller/local/ar_eg.dart
--- a/siro_service/lib/controller/local/ar_jo.dart
+++ b/siro_service/lib/controller/local/ar_jo.dart
--- a/siro_service/lib/controller/local/ar_sy.dart
+++ b/siro_service/lib/controller/local/ar_sy.dart