Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): add auth to FCM relay, HMAC to shamcash webhook, fix jwtconnect webhook bypass

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-17 06:27:07 +03:00
parent d6f29802e0
commit 8c6dea5d96
3 changed files with 40 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
walletintaleq.intaleq.xyz/v2/main/jwtconnect.php
View File

@@ -93,11 +93,11 @@ try {
}
// --- Path 3: Webhook Auth Token (MTN/Cliq external services) ---
// ملاحظة: البوابة تعترف بوجود الهيدر فقط. كل webhook يتحقق من القيمة الفعلية بنفسه.
if (!$authMethod) {
$webhookToken = $_SERVER['HTTP_X_AUTH_TOKEN'] ?? '';
$expectedWebhook = getenv('WEBHOOK_AUTH_TOKEN');
if (!empty($webhookToken)) {
if (!empty($expectedWebhook) && !empty($webhookToken) && hash_equals($expectedWebhook, $webhookToken)) {
$authMethod = 'WEBHOOK';
}
}