Fix #16: SSL pinning in all 4 Flutter apps

- Created ssl_pinning.dart with SHA-256 DER hash pinning for intaleq.xyz and siromove.com - Replaced http.post/http.get with pinned client in all CRUD classes - Added crypto dependency to siro_admin and siro_driver pubspec
2026-06-17 07:40:43 +03:00
parent 0e28814e7d
commit f528e1d3c5
10 changed files with 220 additions and 47 deletions
--- a/siro_service/lib/controller/functions/crud.dart
+++ b/siro_service/lib/controller/functions/crud.dart
@@ -15,9 +15,11 @@ import 'package:siro_service/main.dart';
 import 'package:siro_service/print.dart';

 import '../../constant/api_key.dart';
+import 'ssl_pinning.dart';

 class CRUD {
  static String? _appSignature;
+  final _client = SslPinning.createPinnedClient();

  static String _lastErrorSignature = '';
  static DateTime _lastErrorTimestamp = DateTime(2000);
@@ -337,7 +339,7 @@ class CRUD {
    required String channelName,
    required String uid,
  }) async {
-    var res = await http.get(
+    var res = await _client.get(
        Uri.parse(
            'https://orca-app-b2i85.ondigitalocean.app/token?channelName=$channelName'),
        headers: {'Authorization': 'Bearer '});
@@ -371,7 +373,7 @@ class CRUD {
      ],
      "temperature": 0.9
    });
-    var response = await http.post(url, body: data, headers: headers);
+    var response = await _client.post(url, body: data, headers: headers);

    if (response.statusCode == 200) {
      return response.body;