Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-16 17:47:17

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-16 17:47:19 +03:00
parent 49899da6b2
commit b516fbc4ed
96 changed files with 6073 additions and 3187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
backend/.env.example Normal file
View File

@@ -0,0 +1,123 @@
# =============================================================================
# 🔐 Siro Project - Secure Environment Configuration
# =============================================================================
# ⚠️ CRITICAL: NEVER commit this file to Git!
# Add .env to .gitignore immediately
# =============================================================================
# =============================================================================
# Database Configuration - MAIN DATABASE
# =============================================================================
DB_HOST=localhost
DB_PORT=3306
DB_NAME=siro_main
DB_USER=siro_user
DB_PASS=<CHANGE_ME_STRONG_PASSWORD>
# =============================================================================
# Encryption Configuration - CRITICAL FOR SECURITY
# =============================================================================
# 🔐 Generate 32-character hex key: openssl rand -hex 16
ENC_KEY=<CHANGE_ME_32_BYTE_HEX_KEY>
ENCRYPTION_KEY_PATH=/home/siro-api/env/.encryption_key
# =============================================================================
# JWT Configuration
# =============================================================================
JWT_SECRET=<CHANGE_ME_LONG_RANDOM_STRING>
JWT_ALGORITHM=HS256
JWT_EXPIRY=3600
JWT_REFRESH_EXPIRY=86400
# =============================================================================
# Redis Configuration
# =============================================================================
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_AUTH=<CHANGE_ME_REDIS_PASSWORD>
REDIS_DB=0
# =============================================================================
# Rate Limiter Configuration
# =============================================================================
RATE_LIMIT_LOGIN_ATTEMPTS=5
RATE_LIMIT_LOGIN_WINDOW=300
RATE_LIMIT_API_REQUESTS=100
RATE_LIMIT_API_WINDOW=60
# =============================================================================
# Wallet Configuration - S2S API
# =============================================================================
WALLET_API_URL=https://walletintaleq.intaleq.xyz/v2/main/
# 🔐 Generate HMAC secret: openssl rand -base64 32
WALLET_HMAC_SECRET=<CHANGE_ME_LONG_HMAC_SECRET>
BACKEND_ID=siromove-backend-01
ALLOWED_BACKEND_IDS=siromove-backend-01,siromove-backend-02
# =============================================================================
# Socket/Location Server Configuration
# =============================================================================
ALLOWED_SOCKET_URLS=https://location.siromove.com,https://socket.siromove.com
SOCKET_API_TIMEOUT=10
SOCKET_INTERNAL_KEY=<CHANGE_ME_INTERNAL_KEY>
# =============================================================================
# CORS Configuration
# =============================================================================
CORS_ALLOWED_ORIGINS=https://siromove.com,https://www.siromove.com
CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,OPTIONS
CORS_ALLOWED_HEADERS=Content-Type,Authorization
# =============================================================================
# Logging Configuration
# =============================================================================
LOG_LEVEL=info
LOG_PATH=/var/log/siro-api/
SECURITY_LOG_PATH=/var/log/siro-api/security/
# =============================================================================
# Firebase Configuration
# =============================================================================
FIREBASE_PROJECT_ID=siro-project
FIREBASE_API_KEY=<CHANGE_ME_FIREBASE_KEY>
# =============================================================================
# SMS Configuration (for OTP)
# =============================================================================
SMS_PROVIDER=twilio
SMS_API_KEY=<CHANGE_ME_SMS_KEY>
SMS_API_SECRET=<CHANGE_ME_SMS_SECRET>
# =============================================================================
# Email Configuration
# =============================================================================
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USER=<CHANGE_ME_EMAIL>
MAIL_PASS=<CHANGE_ME_EMAIL_PASSWORD>
# =============================================================================
# Application Configuration
# =============================================================================
APP_ENV=production
APP_DEBUG=false
APP_NAME=Siro
# =============================================================================
# Security Configuration - Fingerprint
# =============================================================================
FP_PEPPER=<CHANGE_ME_FINGERPRINT_PEPPER>
# =============================================================================
# Feature Flags
# =============================================================================
FEATURE_MFA_ENABLED=true
FEATURE_S2S_WALLET_ENABLED=true
FEATURE_CERTIFICATE_PINNING=true
# =============================================================================
# SECRETS - DO NOT EDIT OR COMMIT!
# =============================================================================
# This file contains secrets. Keep it secure!
# Permissions: chmod 600 .env
# Owner: www-data (or your web server user)

1
backend/.gitignore vendored
View File

@@ -1,5 +1,6 @@
.DS_Store
logs/
*.log
error_log
.gemini/
portrate_captain_image/

0
backend/Admin/AdminCaptain/error_log
View File

0
backend/Admin/adminUser/error_log
View File

2
backend/Admin/debug/check_driver_phones.php
View File

@@ -8,6 +8,6 @@ try {
echo "Raw: " . $row['phone'] . " | Decrypted: " . $encryptionHelper->decryptData($row['phone']) . "\n";
}
} catch (Exception $e) {
echo $e->getMessage();
echo "An error occurred.";
}
?>

2
backend/Admin/debug/check_users_cols.php
View File

@@ -6,6 +6,6 @@ try {
$cols = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo json_encode($cols, JSON_PRETTY_PRINT);
} catch (Exception $e) {
echo $e->getMessage();
echo "An error occurred.";
}
?>

0
backend/Admin/error_log
View File

6
backend/Admin/v2/security/audit_logs.php
View File

@@ -15,14 +15,14 @@ try {
} catch (Exception $e) {
@file_put_contents($debugFile, " → Loading FAILED: " . $e->getMessage() . "\n", FILE_APPEND);
http_response_code(500);
echo json_encode(['status' => 'failure', 'message' => 'loading failed: ' . $e->getMessage()]);
printFailure('loading failed', 500);
exit;
}
// ── فحص الصلاحيات ────────────────────────────────────────
if ($role !== 'super_admin' && $role !== 'admin') {
@file_put_contents($debugFile, " → BLOCKED: role=$role\n", FILE_APPEND);
jsonError("Unauthorized. role=$role", 403);
printFailure("Unauthorized. role=$role", 403);
}
try {
@@ -61,6 +61,6 @@ try {
} catch (Exception $e) {
@file_put_contents($debugFile, " → QUERY ERROR: " . $e->getMessage() . "\n", FILE_APPEND);
jsonError('Query failed: ' . $e->getMessage(), 500);
jsonError('Query failed', 500);
}
?>

0
backend/EgyptDocuments/error_log
View File

0
backend/auth/Tester/error_log
View File

3
backend/auth/captin/deletecaptainAccounr.php
View File

@@ -55,6 +55,7 @@ try {
} catch (PDOException $e) {
// في حال حدوث خطأ في قاعدة البيانات (مثلاً تكرار الإضافة)
jsonError("Database Error: " . $e->getMessage());
error_log("[deletecaptainAccounr] " . $e->getMessage());
jsonError("Database Error");
}
?>

3
backend/auth/captin/updateShamCashDriver.php
View File

@@ -30,7 +30,8 @@ if ($id && $accountBank && $bankCode) {
} catch (PDOException $e) {
// في حال وجود خطأ في قاعدة البيانات
jsonError("Database Error: " . $e->getMessage());
error_log("[updateShamCashDriver] " . $e->getMessage());
jsonError("Database Error");
}
} else {

3
backend/auth/syria/driver/driver_details.php
View File

@@ -45,5 +45,6 @@ try {
"documents" => $docs
]);
} catch (PDOException $e) {
jsonError("Error: " . $e->getMessage());
error_log("[driver_details] " . $e->getMessage());
jsonError("Error fetching details");
}

3
backend/auth/syria/driver/drivers_pending_list.php
View File

@@ -21,5 +21,6 @@ try {
jsonSuccess($rows); // يرجع كـ message: [...]
} catch (PDOException $e) {
jsonError("Error: " . $e->getMessage());
error_log("[drivers_pending_list] " . $e->getMessage());
jsonError("Error fetching data");
}

3
backend/auth/syria/driver/isPhoneVerified.php
View File

@@ -22,5 +22,6 @@ try {
}
} catch (PDOException $e) {
jsonError("Database error: " . $e->getMessage());
error_log("[isPhoneVerified] " . $e->getMessage());
jsonError("Database error");
}

2
backend/auth/syria/driver/register_driver_and_car.php
View File

@@ -574,7 +574,7 @@ $pwdHashed = password_hash($rawSecret, PASSWORD_DEFAULT);
$con->rollBack();
}
error_log("register_driver_and_car ERROR: " . $e->getMessage());
jsonError("Server error: " . $e->getMessage());
jsonError("Server error");
} catch (PDOException $e) {
if (isset($con) && $con instanceof PDO && $con->inTransaction()) {
$con->rollBack();

2
backend/auth/syria/driver/register_driver_and_car_signed.php
View File

@@ -295,7 +295,7 @@ try {
} catch (Exception $e) {
if (isset($con) && $con->inTransaction()) { $con->rollBack(); }
error_log("register_driver_and_car ERROR: " . $e->getMessage());
jsonError("Server error: " . $e->getMessage());
jsonError("Server error");
} catch (PDOException $e) {
if (isset($con) && $con->inTransaction()) { $con->rollBack(); }
error_log("register_driver_and_car PDO: " . $e->getMessage());

2
backend/auth/token_passenger/verify_otp.php
View File

@@ -75,6 +75,6 @@ try {
} catch (Exception $e) {
// Log the detailed database error message for debugging.
error_log("[verify_otp.php] FATAL DATABASE ERROR: " . $e->getMessage());
jsonError("Database error: " . $e->getMessage());
jsonError("Database error");
}
?>

2
backend/passenger_socket.php
View File

@@ -14,7 +14,7 @@ require_once __DIR__ . '/vendor/autoload.php';
// ---------------------------------------------------------
// نظام تسجيل الأحداث (Logging System)
// ---------------------------------------------------------
$LOG_FILE = __DIR__ . '/socket_debug.log';
$LOG_FILE = __DIR__ . '/logs/socket_debug.log';
function socket_log($message, $data = null) {
global $LOG_FILE;

0
backend/ride/apiKey/error_log
View File

0
backend/ride/cancelRide/error_log
View File

0
backend/ride/carDrivers/error_log
View File

2
backend/ride/chat/send_message.php
View File

@@ -36,6 +36,6 @@ try {
} catch (PDOException $e) {
error_log("❌ [send_message.php] Database Error: " . $e->getMessage());
jsonError("Database error: " . $e->getMessage());
jsonError("Database error");
}
?>

0
backend/ride/driverWallet/error_log
View File

0
backend/ride/driver_order/error_log
View File

0
backend/ride/driver_scam/error_log
View File

0
backend/ride/egyptPhones/error_log
View File

0
backend/ride/feedBack/error_log
View File

0
backend/ride/helpCenter/error_log
View File

0
backend/ride/invitor/error_log
View File

0
backend/ride/kazan/error_log
View File

0
backend/ride/license/error_log
View File

0
backend/ride/mishwari/error_log
View File

6
backend/ride/notificationCaptain/deleteAvailableRide.php
View File

@@ -23,8 +23,10 @@ try {
jsonError("No record found with ID $id.");
}
} catch (PDOException $e) {
jsonError("Database error: " . $e->getMessage());
error_log("[deleteAvailableRide/PDO] " . $e->getMessage());
jsonError("Database error");
} catch (Exception $e) {
jsonError("Error: " . $e->getMessage());
error_log("[deleteAvailableRide] " . $e->getMessage());
jsonError("Error deleting ride");
}
?>

0
backend/ride/notificationCaptain/error_log
View File

0
backend/ride/notificationPassenger/error_log
View File

0
backend/ride/places/error_log
View File

0
backend/ride/profile/error_log
View File

0
backend/ride/rate/error_log
View File

3
backend/ride/rides/arrive_ride.php
View File

@@ -70,6 +70,7 @@ try {
jsonSuccess(null, "Arrival notified successfully");
} catch (Exception $e) {
jsonError("Error: " . $e->getMessage());
error_log("[arrive_ride] " . $e->getMessage());
jsonError("Error notifying arrival");
}
?>

2
backend/ride/rides/cancelRideFromDriver.php
View File

@@ -103,6 +103,6 @@ try {
} catch (PDOException $e) {
error_log("❌ [cancelRide.php] Database Error: " . $e->getMessage());
jsonError("Database Error: " . $e->getMessage());
jsonError("Database Error");
}
?>

3
backend/ride/rides/cancel_ride_by_driver.php
View File

@@ -202,6 +202,7 @@ try {
} catch (PDOException $e) {
if ($con->inTransaction()) $con->rollBack();
jsonError("DB Error: " . $e->getMessage());
error_log("[cancel_ride_by_driver] " . $e->getMessage());
jsonError("DB Error");
}
?>

0
backend/ride/rides/error_log
View File

5
backend/ride/rides/finish_ride_updates.php
View File

@@ -142,7 +142,8 @@ try {
$currency = getCurrencyByCountry($countryCode);
} catch (PDOException $e) {
jsonError("Error calculating price: " . $e->getMessage());
error_log("[finish_ride_updates] " . $e->getMessage());
jsonError("Error calculating price");
exit;
}
@@ -305,7 +306,7 @@ try {
$con->rollBack();
}
error_log("[finish_ride_updates] Error for ride $rideId: " . $e->getMessage());
jsonError("Transaction failed: " . $e->getMessage());
jsonError("Transaction failed");
}
// ============================================================

3
backend/ride/rides/get.php
View File

@@ -43,6 +43,7 @@ try {
jsonSuccess([], "No rides found");
}
} catch (PDOException $e) {
jsonError("Database error: " . $e->getMessage());
error_log("[rides/get] " . $e->getMessage());
jsonError("Database error");
}
?>

3
backend/ride/rides/retry_search_drivers.php
View File

@@ -102,6 +102,7 @@ try {
jsonSuccess(null, "Ride reset and resent to drivers");
} catch (PDOException $e) {
jsonError("DB Error: " . $e->getMessage());
error_log("[retry_search_drivers] " . $e->getMessage());
jsonError("DB Error");
}
?>

2
backend/ride/rides/update.php
View File

@@ -84,6 +84,6 @@ try {
} catch (PDOException $e) {
error_log("❌ [update.php] Database Error: " . $e->getMessage());
jsonError("Database Error: " . $e->getMessage());
jsonError("Database Error");
}
?>

0
backend/ride/seferWallet/error_log
View File

0
backend/ride/videos_driver/error_log
View File