Update: 2026-06-12 20:40:40

2026-06-12 20:40:40 +03:00
parent 305ae01d52
commit f907212c57
294 changed files with 3592 additions and 3581 deletions
--- a/backend/auth/otp/providers.php
+++ b/backend/auth/otp/providers.php
@@ -0,0 +1,229 @@
+<?php
+// File: backend/auth/otp/providers.php
+// Encapsulates external OTP gateway API calls for Kazumi, Intaleq, and Nabeh.
+
+/**
+ * Send SMS OTP via Kazumi SMS Gateway (Egypt)
+ * 
+ * @param string $receiver Recipient phone number (e.g. +2010xxxxxxxx)
+ * @param string $otp 3-digit verification code
+ * @return bool True if OTP was sent successfully
+ */
+function sendKazumiSms(string $receiver, string $otp): bool {
+    $username = getenv('SMS_USERNAME');
+    $password = getenv('SMS_PASSWORD_EGYPT');
+    $sender   = getenv('SMS_SENDER');
+
+    if (!$username || !$password || !$sender) {
+        error_log("⚠️ [Kazumi OTP] Missing credentials in environment variables.");
+        return false;
+    }
+
+    $message = "Siro app code is " . $otp;
+    $apiUrl = 'https://sms.kazumi.me/api/sms/send-sms';
+    
+    $payload = [
+        'username' => $username,
+        'password' => $password,
+        'language' => 'e',
+        'sender'   => $sender,
+        'receiver' => $receiver,
+        'message'  => $message
+    ];
+
+    $response = curlCall("POST", $apiUrl, json_encode($payload), [
+        "Content-Type: application/json"
+    ]);
+
+    if ($response) {
+        $decoded = json_decode($response, true);
+        if (isset($decoded['message']) && $decoded['message'] === 'Success') {
+            return true;
+        }
+        error_log("❌ [Kazumi OTP] API returned failure response: " . $response);
+    }
+    return false;
+}
+
+/**
+ * Retrieve Nabeh JWT Bearer Token, caching it in Redis for 24 hours.
+ * 
+ * @return string|null The Bearer token, or null on failure.
+ */
+function getNabehBearerToken(): ?string {
+    global $redis;
+
+    // 1. Try to read cached token from Redis (TTL 24 hours)
+    if ($redis) {
+        try {
+            $cachedToken = $redis->get('nabeh_bearer_token');
+            if ($cachedToken) {
+                return $cachedToken;
+            }
+        } catch (Exception $e) {
+            error_log("⚠️ [Nabeh Auth Redis] Error reading token: " . $e->getMessage());
+        }
+    }
+
+    // 2. Token not cached, authenticate via Nabeh Login API
+    $email = getenv('NABEH_EMAIL');
+    $password = getenv('NABEH_PASSWORD');
+
+    if (!$email || !$password) {
+        error_log("⚠️ [Nabeh Auth] Missing NABEH_EMAIL or NABEH_PASSWORD environment variables.");
+        return null;
+    }
+
+    $apiUrl = 'https://nabeh.intaleqapp.com/api/auth/login';
+    $payload = [
+        'email' => $email,
+        'password' => $password
+    ];
+
+    $response = curlCall("POST", $apiUrl, json_encode($payload), [
+        'Content-Type: application/json'
+    ]);
+
+    if ($response) {
+        $decoded = json_decode($response, true);
+        $token = $decoded['token'] ?? $decoded['message']['token'] ?? $decoded['jwt'] ?? $decoded['access_token'] ?? null;
+        
+        if ($token) {
+            // Cache token in Redis for 24 hours (86400 seconds)
+            if ($redis) {
+                try {
+                    $redis->setex('nabeh_bearer_token', 86400, $token);
+                } catch (Exception $e) {
+                    error_log("⚠️ [Nabeh Auth Redis Cache Save] Error saving token: " . $e->getMessage());
+                }
+            }
+            return $token;
+        }
+        error_log("❌ [Nabeh Auth] Failed to extract token from login response: " . $response);
+    }
+    return null;
+}
+
+/**
+ * Send OTP via Nabeh JWT Auth Gateway (WhatsApp, Voice, etc.)
+ * 
+ * @param string $receiver Recipient phone number
+ * @param string $otp 3-digit verification code
+ * @param string $method text | voice | image | whatsapp
+ * @return bool True if OTP was sent successfully
+ */
+function sendNabehOtp(string $receiver, string $otp, string $method = 'text'): bool {
+    $bearerToken = getNabehBearerToken();
+    if (!$bearerToken) {
+        error_log("⚠️ [Nabeh OTP] Failed to obtain dynamic JWT Bearer token.");
+        return false;
+    }
+
+    // Strip symbols for Nabeh endpoint
+    $phoneRaw = preg_replace('/\D+/', '', $receiver);
+
+    // Map method/type
+    $type = 'text';
+    if ($method === 'voice') {
+        $type = 'voice';
+    } elseif ($method === 'image') {
+        $type = 'image';
+    } 
+    // elseif ($method === 'flash_call') {
+    //     $type = 'flash_call';
+    // }
+
+    $apiUrl = 'https://nabeh.intaleqapp.com/api/otp/send';
+    $payload = [
+        'phone' => $phoneRaw,
+        'type' => $type,
+        'code' => $otp
+    ];
+
+    $response = curlCall("POST", $apiUrl, json_encode($payload), [
+        'Content-Type: application/json',
+        "Authorization: Bearer $bearerToken"
+    ]);
+
+    if ($response) {
+        $decoded = json_decode($response, true);
+        if ($decoded && ($decoded['success'] ?? false)) {
+            return true;
+        }
+        error_log("❌ [Nabeh OTP] API returned failure response: " . $response);
+    }
+    return false;
+}
+
+/**
+ * Send OTP via Intaleq Static OTP Gateway (using body app_key parameter)
+ * 
+ * @param string $receiver Recipient phone number
+ * @param string $otp 3-digit verification code
+ * @param string $method whatsapp | sms | voice | flash_call
+ * @return bool True if OTP was sent successfully
+ */
+function sendIntaleqOtp(string $receiver, string $otp, string $method = 'whatsapp'): bool {
+    $appKey = getenv('NABEH_OTP_APP_KEY');
+    
+    if (!$appKey) {
+        error_log("⚠️ [Intaleq OTP] Missing NABEH_OTP_APP_KEY in environment.");
+        return false;
+    }
+
+    // Normalize receiver to start with +
+    $phoneWithPlus = (strpos($receiver, '+') === 0) ? $receiver : '+' . $receiver;
+
+    $apiUrl = 'https://otp.intaleqapp.com/api/request-otp.php';
+    $payload = [
+        'phone' => $phoneWithPlus,
+        'app_key' => $appKey,
+        'device_type' => 'android',
+        'method' => $method,
+        'code' => $otp
+    ];
+
+    $response = curlCall("POST", $apiUrl, json_encode($payload), [
+        'Content-Type: application/json'
+    ]);
+
+    if ($response) {
+        $decoded = json_decode($response, true);
+        if ($decoded && ($decoded['success'] ?? false)) {
+            return true;
+        }
+        error_log("❌ [Intaleq OTP] API returned failure response: " . $response);
+    }
+    return false;
+}
+
+/**
+ * Generic cURL execution helper
+ */
+function curlCall(string $method, string $url, string $data, array $headers): ?string {
+    $ch = curl_init($url);
+    curl_setopt_array($ch, [
+        CURLOPT_RETURNTRANSFER => true,
+        CURLOPT_CUSTOMREQUEST => $method,
+        CURLOPT_POSTFIELDS => $data,
+        CURLOPT_HTTPHEADER => $headers,
+        CURLOPT_TIMEOUT => 15,
+        CURLOPT_CONNECTTIMEOUT => 5
+    ]);
+
+    $response = curl_exec($ch);
+    $error = curl_error($ch);
+    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+    curl_close($ch);
+
+    if ($error) {
+        error_log("⚠️ [OTP cURL] Error calling $url: $error");
+        return null;
+    }
+
+    if ($httpCode !== 200) {
+        error_log("⚠️ [OTP cURL] Non-200 HTTP code $httpCode from $url. Response: $response");
+    }
+
+    return $response;
+}