Update: 2026-06-16 01:17:28

backend/loginFirstTime.php

@@ -6,7 +6,7 @@
 require_once __DIR__ . '/core/bootstrap.php';
 
 header('Content-Type: application/json');
-header('Access-Control-Allow-Origin: https://intaleqapp.com');
+header('Access-Control-Allow-Origin: https://siromove.com');
 header('Access-Control-Allow-Methods: POST, OPTIONS');
 header('Access-Control-Allow-Headers: Content-Type, Authorization');
 
@@ -67,7 +67,14 @@ try {
         $payload['fingerPrint'] = $fpHash;
     }
 
-    $secretKey = trim(file_get_contents('/home/siro-api/.secret_key'));
+    $secretKey = '';
+    $keyPath = getenv('JWT_SECRET_KEY_PATH');
+    if ($keyPath && file_exists($keyPath)) {
+        $secretKey = trim(file_get_contents($keyPath));
+    }
+    if (!$secretKey) {
+        $secretKey = getenv('JWT_SECRET_KEY') ?: '';
+    }
     $jwt = Firebase\JWT\JWT::encode($payload, $secretKey, 'HS256');
 
     jsonSuccess([