Fix #16: SSL pinning in all 4 Flutter apps
- Created ssl_pinning.dart with SHA-256 DER hash pinning for intaleq.xyz and siromove.com - Replaced http.post/http.get with pinned client in all CRUD classes - Added crypto dependency to siro_admin and siro_driver pubspec
This commit is contained in:
Hamza-Ayed
@@ -17,9 +17,11 @@ import '../../print.dart';
|
||||
import 'device_info.dart';
|
||||
import 'encrypt_decrypt.dart';
|
||||
import 'security_checks.dart';
|
||||
import 'ssl_pinning.dart';
|
||||
|
||||
class CRUD {
|
||||
var dev = '';
|
||||
final _client = SslPinning.createPinnedClient();
|
||||
getJWT() async {
|
||||
// إذا كان الأدمن مسجل دخوله بالفعل، لا تقم بتوليد توكن "ضيف" قديم
|
||||
if (box.read(BoxName.driverID) != null) {
|
||||
@@ -35,7 +37,7 @@ class CRUD {
|
||||
'aud': '${AK.allowed}$dev',
|
||||
};
|
||||
Log.print('payload: ${payload}');
|
||||
var response1 = await http.post(
|
||||
var response1 = await _client.post(
|
||||
Uri.parse(AppLink.loginJwtDriver),
|
||||
body: payload,
|
||||
);
|
||||
@@ -85,7 +87,7 @@ class CRUD {
|
||||
Log.print('URL: $link');
|
||||
Log.print('Payload: $payload');
|
||||
|
||||
var response = await http.post(
|
||||
var response = await _client.post(
|
||||
url,
|
||||
body: payload,
|
||||
headers: {
|
||||
@@ -142,7 +144,7 @@ class CRUD {
|
||||
Log.print('URL: $link');
|
||||
Log.print('Payload: $payload');
|
||||
|
||||
var response = await http.post(
|
||||
var response = await _client.post(
|
||||
url,
|
||||
body: payload,
|
||||
headers: {
|
||||
@@ -210,7 +212,7 @@ class CRUD {
|
||||
'Wallet SSO token starts with: ${mainToken.substring(0, mainToken.length > 10 ? 10 : mainToken.length)}');
|
||||
|
||||
// استخدام الـ SSO للسيرفر الرئيسي إذا كان الأدمن مسجل دخوله
|
||||
var response1 = await http.post(
|
||||
var response1 = await _client.post(
|
||||
Uri.parse(AppLink.loginWalletAdminV3),
|
||||
headers: {
|
||||
'Authorization': 'Bearer $mainToken',
|
||||
@@ -254,7 +256,7 @@ class CRUD {
|
||||
'aud': '${Env.allowedWallet}${Platform.isAndroid ? 'android' : 'ios'}',
|
||||
'fingerPrint': fingerPrint
|
||||
};
|
||||
var fallbackRes = await http.post(
|
||||
var fallbackRes = await _client.post(
|
||||
Uri.parse(AppLink.loginWalletAdmin),
|
||||
body: payload,
|
||||
);
|
||||
@@ -287,7 +289,7 @@ class CRUD {
|
||||
}
|
||||
|
||||
try {
|
||||
var response = await http.post(
|
||||
var response = await _client.post(
|
||||
url,
|
||||
body: payload,
|
||||
headers: {
|
||||
@@ -345,7 +347,7 @@ class CRUD {
|
||||
try {
|
||||
// await LoginDriverController().getJWT();
|
||||
|
||||
var response = await http.post(
|
||||
var response = await _client.post(
|
||||
url,
|
||||
body: payload,
|
||||
headers: {
|
||||
@@ -397,7 +399,7 @@ class CRUD {
|
||||
required String uid,
|
||||
}) async {
|
||||
var uid = box.read(BoxName.phone) ?? box.read(BoxName.phoneDriver);
|
||||
var res = await http.get(
|
||||
var res = await _client.get(
|
||||
Uri.parse(
|
||||
'https://repulsive-pig-rugby-shirt.cyclic.app/token?channelName=$channelName'),
|
||||
headers: {'Authorization': 'Bearer ${AK.agoraAppCertificate}'});
|
||||
@@ -434,7 +436,7 @@ class CRUD {
|
||||
],
|
||||
"temperature": 0.9
|
||||
});
|
||||
var response = await http.post(
|
||||
var response = await _client.post(
|
||||
url,
|
||||
body: data,
|
||||
headers: headers,
|
||||
@@ -564,7 +566,7 @@ class CRUD {
|
||||
],
|
||||
"temperature": 0.9
|
||||
});
|
||||
var response = await http.post(
|
||||
var response = await _client.post(
|
||||
url,
|
||||
body: data,
|
||||
headers: headers,
|
||||
@@ -613,7 +615,7 @@ class CRUD {
|
||||
"receiver": phone
|
||||
});
|
||||
|
||||
var res = await http.post(
|
||||
var res = await _client.post(
|
||||
Uri.parse(AppLink.sendSms),
|
||||
body: body,
|
||||
headers: headers,
|
||||
@@ -629,7 +631,7 @@ class CRUD {
|
||||
var url = Uri.parse(
|
||||
link,
|
||||
);
|
||||
var response = await http.post(url,
|
||||
var response = await _client.post(url,
|
||||
body: payload, headers: {'Content-Type': 'application/json'});
|
||||
|
||||
var jsonData = jsonDecode(response.body);
|
||||
@@ -671,7 +673,7 @@ class CRUD {
|
||||
var url = Uri.parse(
|
||||
link,
|
||||
);
|
||||
var response = await http.post(
|
||||
var response = await _client.post(
|
||||
url,
|
||||
body: payload,
|
||||
headers: {
|
||||
@@ -707,7 +709,7 @@ class CRUD {
|
||||
'https://verify.twilio.com/v2/Services/$verifySid/Verifications');
|
||||
|
||||
// Send the verification request
|
||||
final response = await http.post(
|
||||
final response = await _client.post(
|
||||
verificationUri,
|
||||
headers: {
|
||||
'Authorization':
|
||||
@@ -730,7 +732,7 @@ class CRUD {
|
||||
final checkUri = Uri.parse(
|
||||
'https://verify.twilio.com/v2/Services/$verifySid/VerificationCheck');
|
||||
|
||||
final checkResponse = await http.post(
|
||||
final checkResponse = await _client.post(
|
||||
checkUri,
|
||||
headers: {
|
||||
'Authorization':
|
||||
@@ -754,7 +756,7 @@ class CRUD {
|
||||
var url = Uri.parse(
|
||||
link,
|
||||
);
|
||||
var response = await http.post(
|
||||
var response = await _client.post(
|
||||
url,
|
||||
body: payload,
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user