a8748cf4c9
M-01: Host header injection - replaced HTTP_HOST with APP_DOMAIN M-02: Unauthenticated CRUD - ownership checks on carDrivers add/delete M-03: MD5 tracking token - replaced md5() with hash_hmac sha256 M-04: Webhook SMS - absolute log path instead of relative M-05: Weak 3-digit OTP - already noted as requirement (Fix #5) M-06: Redis without auth - added password + prefix to cancel_ride_by_driver M-07: SSRF bypass - str_ends_with -> strict equality in allowlist
Siro Ecosystem 🚗📦
Welcome to Siro, a comprehensive suite of applications built to power a modern, scalable, and fully integrated ride-hailing and service delivery ecosystem.
Siro provides specialized solutions for every stakeholder in the transportation and delivery network, ensuring a seamless experience across all touchpoints.
📱 Applications Included
The Siro repository is a unified monorepo containing the following core applications:
- siro_rider: The customer-facing application. Users can easily book rides, request services, track their driver in real-time, and manage their payments securely.
- siro_driver: The captain/driver application. Provides drivers with ride requests, real-time navigation, earnings tracking, and a built-in wallet system.
- siro_admin: The centralized control panel for system administrators. Monitor active rides, manage drivers and users, adjust pricing algorithms, and view comprehensive analytics.
- siro_service: Dedicated application for specialized service providers within the Siro network, facilitating efficient task management and service fulfillment.
- backend: The robust and scalable backend infrastructure that powers the entire Siro ecosystem, handling real-time socket connections, database operations, and secure API endpoints.
🚀 Key Features
- Real-time Tracking: Live location updates for riders and drivers powered by precise socket integrations.
- Comprehensive Wallet System: Built-in digital wallet for both users and captains to handle payments, promotional points, and automated cashouts.
- Advanced Administrator Control: Complete oversight over the platform's operations, user base, and financial metrics.
- Multi-Service Capability: Beyond traditional ride-hailing, Siro supports various service requests seamlessly integrated into the ecosystem.
🛠 Tech Stack
Siro is built utilizing modern frameworks and tools to ensure high performance and maintainability across both mobile and backend environments.
- Frontend App: Flutter (Dart)
- Backend Infrastructure: Scalable Server Environment
- Payment Integration: Secure, robust handling of dynamic budgets and digital wallets.
⚙️ Setup & Deployment
- Make sure to run
flutter pub getin each of the app directories to fetch dependencies. - Use the provided
./deploy.shscript to quickly commit and push your changes to the remote repository.
Built with passion for a seamless transportation experience.