feat: add Nabeh integration with phone-to-user resolution and environment configuration support

backend/nabeh/resolve_user.php

@@ -0,0 +1,137 @@
+<?php
+/**
+ * Nabeh Integration — Resolve Phone → User ID
+ *
+ * Called by the payment server (server-to-server) to resolve
+ * a phone number to a driverID or passengerID.
+ *
+ * Why: The wallet's invoice tables (invoices_shamcash, cliq_invoices, etc.)
+ * store driverID/passengerID, NOT phone numbers. Only the Siro main DB
+ * has the phone→userID mapping (with encryption).
+ *
+ * This endpoint bridges that gap:
+ *   Payment Server (phone) → Siro Backend (resolve_user.php) → driverID
+ *   Payment Server (driverID) → Wallet DB → pending invoices → AI verify
+ *
+ * Auth: X-API-Key header → NABEH_API_KEY
+ */
+
+require_once __DIR__ . '/../core/bootstrap.php';
+
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: POST, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type, X-API-Key');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    echo json_encode(['status' => 'failure', 'message' => 'Method not allowed']);
+    exit;
+}
+
+$apiKey = $_SERVER['HTTP_X_API_KEY'] ?? '';
+$expectedKey = getenv('NABEH_API_KEY') ?: '';
+
+if (empty($apiKey) || $apiKey !== $expectedKey) {
+    http_response_code(401);
+    echo json_encode(['status' => 'failure', 'message' => 'Unauthorized']);
+    exit;
+}
+
+$input = json_decode(file_get_contents('php://input'), true);
+$rawPhone = preg_replace('/\D+/', '', $input['phone'] ?? '');
+
+if (empty($rawPhone)) {
+    http_response_code(400);
+    echo json_encode(['status' => 'failure', 'message' => 'Phone number is required']);
+    exit;
+}
+
+// تطبيع رقم الهاتف حسب الدولة (بدون +، بدون أصفار زائدة)
+// حتى يتطابق مع التخزين في قاعدة البيانات (مثال: 9639XXXXXXX)
+function normalizePhone($phone) {
+    $clean = preg_replace('/\D+/', '', $phone);
+    // Syria: 099XXXXXXX → 9639XXXXXXX
+    if (strlen($clean) === 10 && strpos($clean, '09') === 0) return '963' . substr($clean, 1);
+    if (strlen($clean) === 12 && strpos($clean, '963') === 0) return $clean;
+    if (strlen($clean) === 9  && strpos($clean, '9')  === 0) return '963' . $clean;
+    // Jordan: 079XXXXXXX → 9627XXXXXXX
+    if (strlen($clean) === 10 && strpos($clean, '07') === 0) return '962' . substr($clean, 1);
+    if (strlen($clean) === 12 && strpos($clean, '962') === 0) return $clean;
+    if (strlen($clean) === 9  && strpos($clean, '7')  === 0) return '962' . $clean;
+    // Egypt: 010XXXXXXXX → 2010XXXXXXXX
+    if (strlen($clean) === 11 && strpos($clean, '01') === 0) return '20' . substr($clean, 1);
+    if (strlen($clean) === 13 && strpos($clean, '20') === 0) return $clean;
+    return $clean;
+}
+$phone = normalizePhone($rawPhone);
+
+try {
+    $db = Database::get('main');
+    global $encryptionHelper;
+
+    $encryptedPhone = $encryptionHelper->encryptData($phone);
+
+    // Look for driver first
+    $stmt = $db->prepare(
+        "SELECT id, phone, first_name, last_name FROM driver WHERE phone = :phone LIMIT 1"
+    );
+    $stmt->execute([':phone' => $encryptedPhone]);
+    $driver = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if ($driver) {
+        echo json_encode([
+            'status' => 'success',
+            'data' => [
+                'user_id' => $driver['id'],
+                'phone'   => $encryptionHelper->decryptData($driver['phone']),
+                'name'    => trim(
+                    $encryptionHelper->decryptData($driver['first_name'])
+                    . ' ' .
+                    $encryptionHelper->decryptData($driver['last_name'])
+                ),
+                'type'    => 'driver',
+            ],
+        ], JSON_UNESCAPED_UNICODE);
+        exit;
+    }
+
+    // Fallback: look for passenger
+    $stmt = $db->prepare(
+        "SELECT id, phone, first_name, last_name FROM passengers WHERE phone = :phone LIMIT 1"
+    );
+    $stmt->execute([':phone' => $encryptedPhone]);
+    $passenger = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if ($passenger) {
+        echo json_encode([
+            'status' => 'success',
+            'data' => [
+                'user_id' => $passenger['id'],
+                'phone'   => $encryptionHelper->decryptData($passenger['phone']),
+                'name'    => trim(
+                    $encryptionHelper->decryptData($passenger['first_name'])
+                    . ' ' .
+                    $encryptionHelper->decryptData($passenger['last_name'])
+                ),
+                'type'    => 'passenger',
+            ],
+        ], JSON_UNESCAPED_UNICODE);
+        exit;
+    }
+
+    echo json_encode([
+        'status'  => 'success',
+        'data'    => null,
+        'message' => 'User not found',
+    ]);
+
+} catch (\Exception $e) {
+    error_log("[ResolveUser Error] " . $e->getMessage());
+    http_response_code(500);
+    echo json_encode(['status' => 'failure', 'message' => 'Internal server error']);
+}