'Server configuration error: Missing environment variables.'])); } // CORS Headers header('Content-Type: application/json'); header("Access-Control-Allow-Origin: https://walletintaleq.intaleq.xyz"); header("Access-Control-Allow-Methods: POST, OPTIONS"); header("Access-Control-Allow-Headers: Content-Type, Authorization"); if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit; } try { $id = filterRequest('id') ?? ''; $password = filterRequest('password') ?? ''; $audience = filterRequest('aud') ?? ''; $fingerPrint = filterRequest('fingerPrint'); // Input validation if (empty($id) || empty($password) || empty($audience) || empty($fingerPrint)) { die(json_encode(['error' => 'Missing required parameters.'])); } if (!in_array($audience, $allowedAudiences)) { http_response_code(400); die(json_encode(['error' => 'Invalid audience'])); } /* // Database connection $dbuser = getenv('USER'); $dbpass = getenv('PASS'); $dbname = getenv('dbname'); $dsn = "mysql:host=localhost;dbname=$dbname;charset=utf8mb4"; $options = [ PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]; $con = new PDO($dsn, $dbuser, $dbpass, $options); // Fetch token data from database $stmt = $con->prepare("SELECT `id`, `token`, `captain_id`, `fingerPrint` FROM `driverToken` WHERE `captain_id` = :captain_id"); $stmt->bindParam(':captain_id', $id, PDO::PARAM_STR); $stmt->execute(); $tokenData = $stmt->fetch(PDO::FETCH_ASSOC); // 1) يجب وجود سجل if (!$tokenData) { http_response_code(403); die(json_encode(['error' => 'No token record found for this user.'])); } if (empty($tokenData['fingerPrint']) || !hash_equals($tokenData['fingerPrint'], $fingerPrint)) { http_response_code(403); die(json_encode(['error' => 'Device fingerprint verification failed'])); } */ // JWT Payload $payload = [ 'user_id' => $id, 'fingerPrint' => $fingerPrint, 'exp' => time() + 60, 'iat' => time(), 'iss' => $issuer, 'aud' => $audience ]; // Ensure secret key is valid before encoding if (empty($secretKey)) { throw new Exception("SECRET_KEY is empty."); } // Encode JWT $jwt = JWT::encode($payload, $secretKey, 'HS256'); $hmac = hash_hmac('sha256', $id, getenv('SECRET_KEY_HMAC')); echo json_encode([ 'status' => 'success', 'jwt' => $jwt, 'hmac' => $hmac, 'expires_in' => 60 ]); http_response_code(200); } catch (Exception $e) { http_response_code(500); echo "🔥 Server error: " . $e->getMessage() . "\n"; echo json_encode(['error' => 'An unexpected error occurred.']); }