Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Nabeh integration with phone-to-user resolution and environment configuration support

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-18 14:59:24 +03:00
parent 72fa97477b
commit 8b52d2f115
4 changed files with 484 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
backend/nabeh/resolve_user.php Normal file
View File

@@ -0,0 +1,137 @@
<?php
/**
* Nabeh Integration — Resolve Phone → User ID
*
* Called by the payment server (server-to-server) to resolve
* a phone number to a driverID or passengerID.
*
* Why: The wallet's invoice tables (invoices_shamcash, cliq_invoices, etc.)
* store driverID/passengerID, NOT phone numbers. Only the Siro main DB
* has the phone→userID mapping (with encryption).
*
* This endpoint bridges that gap:
* Payment Server (phone) → Siro Backend (resolve_user.php) → driverID
* Payment Server (driverID) → Wallet DB → pending invoices → AI verify
*
* Auth: X-API-Key header → NABEH_API_KEY
*/
require_once __DIR__ . '/../core/bootstrap.php';
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, X-API-Key');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['status' => 'failure', 'message' => 'Method not allowed']);
exit;
}
$apiKey = $_SERVER['HTTP_X_API_KEY'] ?? '';
$expectedKey = getenv('NABEH_API_KEY') ?: '';
if (empty($apiKey) || $apiKey !== $expectedKey) {
http_response_code(401);
echo json_encode(['status' => 'failure', 'message' => 'Unauthorized']);
exit;
}
$input = json_decode(file_get_contents('php://input'), true);
$rawPhone = preg_replace('/\D+/', '', $input['phone'] ?? '');
if (empty($rawPhone)) {
http_response_code(400);
echo json_encode(['status' => 'failure', 'message' => 'Phone number is required']);
exit;
}
// تطبيع رقم الهاتف حسب الدولة (بدون +، بدون أصفار زائدة)
// حتى يتطابق مع التخزين في قاعدة البيانات (مثال: 9639XXXXXXX)
function normalizePhone($phone) {
$clean = preg_replace('/\D+/', '', $phone);
// Syria: 099XXXXXXX → 9639XXXXXXX
if (strlen($clean) === 10 && strpos($clean, '09') === 0) return '963' . substr($clean, 1);
if (strlen($clean) === 12 && strpos($clean, '963') === 0) return $clean;
if (strlen($clean) === 9 && strpos($clean, '9') === 0) return '963' . $clean;
// Jordan: 079XXXXXXX → 9627XXXXXXX
if (strlen($clean) === 10 && strpos($clean, '07') === 0) return '962' . substr($clean, 1);
if (strlen($clean) === 12 && strpos($clean, '962') === 0) return $clean;
if (strlen($clean) === 9 && strpos($clean, '7') === 0) return '962' . $clean;
// Egypt: 010XXXXXXXX → 2010XXXXXXXX
if (strlen($clean) === 11 && strpos($clean, '01') === 0) return '20' . substr($clean, 1);
if (strlen($clean) === 13 && strpos($clean, '20') === 0) return $clean;
return $clean;
}
$phone = normalizePhone($rawPhone);
try {
$db = Database::get('main');
global $encryptionHelper;
$encryptedPhone = $encryptionHelper->encryptData($phone);
// Look for driver first
$stmt = $db->prepare(
"SELECT id, phone, first_name, last_name FROM driver WHERE phone = :phone LIMIT 1"
);
$stmt->execute([':phone' => $encryptedPhone]);
$driver = $stmt->fetch(PDO::FETCH_ASSOC);
if ($driver) {
echo json_encode([
'status' => 'success',
'data' => [
'user_id' => $driver['id'],
'phone' => $encryptionHelper->decryptData($driver['phone']),
'name' => trim(
$encryptionHelper->decryptData($driver['first_name'])
. ' ' .
$encryptionHelper->decryptData($driver['last_name'])
),
'type' => 'driver',
],
], JSON_UNESCAPED_UNICODE);
exit;
}
// Fallback: look for passenger
$stmt = $db->prepare(
"SELECT id, phone, first_name, last_name FROM passengers WHERE phone = :phone LIMIT 1"
);
$stmt->execute([':phone' => $encryptedPhone]);
$passenger = $stmt->fetch(PDO::FETCH_ASSOC);
if ($passenger) {
echo json_encode([
'status' => 'success',
'data' => [
'user_id' => $passenger['id'],
'phone' => $encryptionHelper->decryptData($passenger['phone']),
'name' => trim(
$encryptionHelper->decryptData($passenger['first_name'])
. ' ' .
$encryptionHelper->decryptData($passenger['last_name'])
),
'type' => 'passenger',
],
], JSON_UNESCAPED_UNICODE);
exit;
}
echo json_encode([
'status' => 'success',
'data' => null,
'message' => 'User not found',
]);
} catch (\Exception $e) {
error_log("[ResolveUser Error] " . $e->getMessage());
http_response_code(500);
echo json_encode(['status' => 'failure', 'message' => 'Internal server error']);
}

41
walletintaleq.intaleq.xyz/v2/.env.example Normal file
View File

@@ -0,0 +1,41 @@
# =============================================================================
# Wallet Payment Server - Environment Configuration
# =============================================================================
# Copy this to .env and fill in values:
# cp .env.example .env
# Or deploy to: /home/intaleq-walletintaleq/env/.env
# =============================================================================
# Database
dbname=WalletIntaleqDB
USER=root
PASS=<CHANGE_ME>
# JWT / Security
SECRET_KEY=<CHANGE_ME>
SECRET_KEY_HMAC=<CHANGE_ME>
FP_PEPPER=<CHANGE_ME>
S2S_SHARED_KEY=<CHANGE_ME>
PAYMENT_KEY=<CHANGE_ME>
WEBHOOK_AUTH_TOKEN=<CHANGE_ME>
CRON_KEY=<CHANGE_ME>
# Encryption
keyOfApp=<32_byte_hex>
initializationVector=<16_byte_hex>
# Gemini AI (receipt analysis)
GEMINI_API_KEY=<CHANGE_ME>
# Nabeh Integration (must match Nabeh's .env)
NABEH_API_KEY=<CHANGE_ME_SHARED_SECRET>
# Siro Backend URL (for phone→driverID resolution)
# Used by verify_payment.php to call resolve_user.php
# Example: https://api-syria.siromove.com/siro
SIRO_BACKEND_URL=https://api-syria.siromove.com/siro
# Admin login
passwordnewpassenger=<CHANGE_ME>
allowedWallet1=Tripz-Wallet
allowedWallet2=Intaleq-Wallet

17
walletintaleq.intaleq.xyz/v2/main/jwtconnect.php
View File

@@ -10,7 +10,8 @@
* Path 2: Payment Key → PAYMENT_KEY header
* Path 3: Webhook Token → X-Auth-Token header
* Path 4: Cron Key / CLI → X-Cron-Key header أو CLI execution
* Path 5: JWT (default) → Authorization: Bearer <token>
* Path 5: Nabeh API Key → X-API-Key header (server-to-server من منصة نبه)
* Path 6: JWT (default) → Authorization: Bearer <token>
*
* أي طلب بدون أي مصادقة → يُرفض تلقائياً من authenticateJWT()
* ═══════════════════════════════════════════════════════════════
@@ -40,7 +41,7 @@ if (in_array($origin, $allowedOrigins)) {
header("Access-Control-Allow-Origin: https://walletintaleq.intaleq.xyz");
}
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-S2S-Api-Key, PAYMENT_KEY, X-Auth-Token, X-Cron-Key, X-HMAC-Auth, X-Device-FP");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-S2S-Api-Key, PAYMENT_KEY, X-Auth-Token, X-Cron-Key, X-HMAC-Auth, X-Device-FP, X-API-Key");
header('Content-Type: application/json');
// Handle preflight requests (OPTIONS)
@@ -118,7 +119,17 @@ try {
}
}
// --- Path 5 (DEFAULT): JWT Authentication ---
// --- Path 5: Nabeh API Key (server-to-server من منصة نبه) ---
if (!$authMethod) {
$nabehKey = $_SERVER['HTTP_X_API_KEY'] ?? '';
$expectedNabeh = getenv('NABEH_API_KEY');
if (!empty($nabehKey) && !empty($expectedNabeh) && hash_equals($expectedNabeh, $nabehKey)) {
$authMethod = 'NABEH';
}
}
// --- Path 6 (DEFAULT): JWT Authentication ---
// إذا لم يتم التعرف على أي مسار آخر، يُفرض JWT.
// authenticateJWT() ستُرجع 401 وتوقف التنفيذ إذا لم يكن هناك JWT صالح.
if (!$authMethod) {

292
walletintaleq.intaleq.xyz/v2/main/ride/nabeh/verify_payment.php Normal file
View File

@@ -0,0 +1,292 @@
<?php
/**
* Nabeh Payment Verification Endpoint
*
* Auto-detects the user's pending invoice and uses Gemini AI to verify
* the receipt image against the invoice. No manual invoice number needed.
*
* ===============================
* INPUT (JSON body)
* ===============================
* driver_id (optional) — from Nabeh's Siro API resolution (preferred)
* phone (required if no driver_id) — lookup via Siro backend resolve_user
* payment_method (required) — shamcash / cliq / mtn / sms
* receipt_image (optional for AI verification)
* image_mime_type (optional, default: image/jpeg)
*
* ===============================
* FLOW
* ===============================
* 1. Auth via jwtconnect.php (X-API-Key → NABEH_API_KEY)
* 2. Resolve driverID:
* a. Use driver_id directly if provided
* b. Otherwise call Siro backend resolve_user.php (phone → driverID)
* 3. Auto-find latest pending invoice for that driver
* 4. If shamcash + receipt_image:
* a. Call GeminiAi::verifyPayment(invoice_number, amount, "ShamCash", "", receipt_image)
* b. Gemini returns {"verified": true/false, "reason": "..."}
* c. If verified → UPDATE status='processing' → finalizeShamCashDeposit()
* d. Return result
* 5. If other methods or no receipt_image:
* - Return invoice status info
*
* Auth: X-API-Key header → NABEH_API_KEY (via jwtconnect.php Path 5)
*/
require_once __DIR__ . '/../../jwtconnect.php';
require_once __DIR__ . '/../GeminiAi.php';
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['status' => 'failure', 'message' => 'Method not allowed']);
exit;
}
$raw = file_get_contents('php://input');
$data = json_decode($raw, true) ?: $_POST;
$driverId = trim($data['driver_id'] ?? '');
$phone = trim($data['phone'] ?? '');
$paymentMethod = strtolower(trim($data['payment_method'] ?? ''));
$receiptImage = $data['receipt_image'] ?? '';
$imageMimeType = $data['image_mime_type'] ?? 'image/jpeg';
// ── Step 1: Resolve driverID ──────────────────────────────────
// driver_id (from Nabeh's Siro API resolution) is preferred
// phone fallback calls Siro backend resolve_user endpoint via S2S
$userName = '';
$userPhone = $phone;
$userType = 'driver';
if (empty($driverId) && empty($phone)) {
printFailure('driver_id or phone is required');
exit;
}
if (empty($driverId) && !empty($phone)) {
$siroBackendUrl = rtrim(getenv('SIRO_BACKEND_URL') ?: 'https://api-syria.siromove.com/siro', '/');
$resolveUrl = $siroBackendUrl . '/nabeh/resolve_user.php';
$resolvePayload = json_encode(['phone' => $phone]);
$apiKey = getenv('NABEH_API_KEY') ?: '';
$ch = curl_init($resolveUrl);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $resolvePayload,
CURLOPT_HTTPHEADER => [
'Content-Type: application/json',
'X-API-Key: ' . $apiKey,
],
CURLOPT_TIMEOUT => 10,
]);
$resolveRes = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode !== 200 || empty($resolveRes)) {
printFailure('Could not resolve user. Please ensure you are registered in Siro.');
exit;
}
$resolveData = json_decode($resolveRes, true);
if (($resolveData['status'] ?? '') !== 'success' || empty($resolveData['data']['user_id'] ?? '')) {
printFailure('User not found in Siro system.');
exit;
}
$driverId = $resolveData['data']['user_id'];
$userName = $resolveData['data']['name'] ?? '';
$userPhone = $resolveData['data']['phone'] ?? $phone;
$userType = $resolveData['data']['type'] ?? 'driver';
}
$paymentMethod = $paymentMethod ?: 'shamcash';
// ═══════════════════════════════════════════════════════════════
// SHAMCASH — AI Verification (auto-find pending invoice)
// ═══════════════════════════════════════════════════════════════
if ($paymentMethod === 'shamcash') {
// Auto-find latest pending invoice for this driver
$stmt = $con->prepare("
SELECT id, invoice_number, amount, status, created_at
FROM invoices_shamcash
WHERE driverID = ? AND status = 'pending'
ORDER BY created_at DESC
LIMIT 1
");
$stmt->execute([$driverId]);
$invoice = $stmt->fetch();
if (!$invoice) {
$stmt = $con->prepare("
SELECT id, invoice_number, amount, status, created_at
FROM invoices_shamcash
WHERE driverID = ? AND status = 'completed'
ORDER BY created_at DESC
LIMIT 1
");
$stmt->execute([$driverId]);
$lastCompleted = $stmt->fetch();
if ($lastCompleted) {
echo json_encode([
'status' => 'success',
'verified'=> true,
'message' => 'آخر فاتورة لديك مكتملة بالفعل.',
'invoice' => $lastCompleted,
], JSON_UNESCAPED_UNICODE);
exit;
}
echo json_encode([
'status' => 'success',
'verified'=> false,
'message' => 'لا توجد فاتورة معلقة. يرجى إنشاء فاتورة عبر تطبيق Siro أولاً.',
], JSON_UNESCAPED_UNICODE);
exit;
}
// ── If no receipt image, just return invoice info ─────
if (empty($receiptImage)) {
echo json_encode([
'status' => 'success',
'verified' => false,
'requires_image' => true,
'message' => "تم العثور على فاتورة رقم {$invoice['invoice_number']} بمبلغ {$invoice['amount']} ل.س. يرجى إرسال صورة الإيصال.",
'invoice' => $invoice,
], JSON_UNESCAPED_UNICODE);
exit;
}
// ── Run AI verification ─────────────────────────────────
$geminiKey = getenv('GEMINI_API_KEY');
if (empty($geminiKey)) {
printFailure('AI verification service not configured');
exit;
}
try {
$gemini = new GeminiAi($geminiKey);
$aiResult = $gemini->verifyPayment(
$invoice['invoice_number'],
$invoice['amount'],
'ShamCash',
'',
$receiptImage
);
if (!empty($aiResult['verified'])) {
// ── AI confirmed → finalize ─────────────────────
$con->beginTransaction();
$upd = $con->prepare("
UPDATE invoices_shamcash
SET status = 'processing'
WHERE id = ? AND status = 'pending'
");
$upd->execute([$invoice['id']]);
if ($upd->rowCount() > 0) {
require_once __DIR__ . '/../shamcash/finalize_deposit.php';
$finalized = finalizeShamCashDeposit($con, $invoice['id']);
if ($finalized) {
$con->commit();
echo json_encode([
'status' => 'success',
'verified' => true,
'message' => '✅ تم التحقق من عملية الدفع بنجاح! تم تحديث رصيد حسابك.',
'invoice' => [
'invoice_number' => $invoice['invoice_number'],
'amount' => $invoice['amount'],
'status' => 'completed',
],
'ai_reason' => $aiResult['reason'] ?? null,
], JSON_UNESCAPED_UNICODE);
} else {
$con->rollBack();
echo json_encode([
'status' => 'error',
'message' => 'Verification passed but wallet update failed. Contact support.',
], JSON_UNESCAPED_UNICODE);
}
} else {
$con->rollBack();
echo json_encode([
'status' => 'success',
'verified'=> false,
'message' => 'These funds have already been credited.',
], JSON_UNESCAPED_UNICODE);
}
} else {
$reason = $aiResult['reason'] ?? 'لم يتم التأكيد';
echo json_encode([
'status' => 'success',
'verified' => false,
'message' => "⚠️ $reason",
'ai_reason' => $reason,
], JSON_UNESCAPED_UNICODE);
}
} catch (Exception $e) {
error_log("[Nabeh ShamCash AI] " . $e->getMessage());
printFailure('AI verification service error');
}
exit;
}
// ═══════════════════════════════════════════════════════════════
// OTHER METHODS — Status query (find pending invoice by phone)
// ═══════════════════════════════════════════════════════════════
$table = '';
$columns = '';
$conditions = '';
switch ($paymentMethod) {
case 'sms':
case 'syriatel':
$table = 'invoices_sms';
$columns = "id, invoice_number, amount, status, NULL AS transaction_id, created_at, paid_at";
$conditions = "driverID = ? AND status = 'pending'";
break;
case 'cliq':
$table = 'cliq_invoices';
$columns = "id, invoice_number, amount, status, NULL AS transaction_id, created_at, updated_at AS paid_at";
$conditions = "user_id = ? AND user_type = 'driver' AND status = 'pending'";
break;
case 'mtn':
$table = 'mtn_invoices';
$columns = "id, invoice_number, amount, status, mtn_transaction_id AS transaction_id, created_at, updated_at AS paid_at";
$conditions = "user_id = ? AND user_type = 'driver' AND status = 'pending'";
break;
default:
printFailure("Invalid payment method: $paymentMethod");
exit;
}
$stmt = $con->prepare("
SELECT $columns, ? AS payment_method
FROM $table
WHERE $conditions
ORDER BY created_at DESC
LIMIT 5
");
$stmt->execute([$paymentMethod, $driverId]);
$invoices = $stmt->fetchAll();
echo json_encode([
'status' => 'success',
'verified' => !empty($invoices),
'message' => empty($invoices) ? 'لا توجد فواتير معلقة.' : null,
'user' => [
'id' => $driverId,
'phone' => $userPhone,
'name' => $userName,
],
'invoices' => $invoices,
], JSON_UNESCAPED_UNICODE);