Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d8901e1a879f696e512e13d389d666baae33dc84
Siro/backend/login.php
Hamza-Ayed d8901e1a87 first commit
2026-06-09 08:40:31 +03:00

88 lines
2.8 KiB
PHP
Raw Blame History

<?php
// ============================================================
// login.php — تجديد توكن الراكب
// ============================================================
require_once __DIR__ . '/core/bootstrap.php';
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: https://intaleqapp.com');
header('Access-Control-Allow-Methods: POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Device-FP');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
$startTime = microtime(true);
try {
$limiter = new RateLimiter($redis);
$limiter->enforce(RateLimiter::identifier(), 'login');
$passengerId = filterRequest('id');
$fingerprint = filterRequest('fingerPrint') ?? filterRequest('fingerprint');
$audience = filterRequest('aud');
if (empty($passengerId) || empty($fingerprint) || empty($audience)) {
jsonError('Missing required parameters', 400);
}
$con = Database::get('main');
// التحقق من الجهاز من خلال البصمة
$stmt = $con->prepare('
SELECT passengerID, fingerprint
FROM tokens
WHERE passengerID = :pid
LIMIT 1
');
$stmt->execute([':pid' => $passengerId]);
$row = $stmt->fetch();
$fpVerified = false;
if ($row) {
$fpPepper = getenv('FP_PEPPER') ?: '';
$storedFp = $row['fingerprint'];
// دعم الطريقة الجديدة (hash) والقديمة (مباشر)
if ($fpPepper) {
$expectedHash = hash('sha256', $fingerprint . $fpPepper);
$fpVerified = hash_equals($storedFp, $expectedHash);
if (!$fpVerified) {
$fpVerified = hash_equals($storedFp, $fingerprint);
}
} else {
$fpVerified = hash_equals($storedFp, $fingerprint);
}
}
// وقت رد ثابت لمنع Timing Attack
$elapsed = microtime(true) - $startTime;
if ($elapsed < 0.1) usleep((int)((0.1 - $elapsed) * 1000000));
if (!$fpVerified) {
securityLog("Invalid login fingerprint", ['passengerId' => $passengerId]);
jsonError('Invalid credentials', 401);
}
$limiter->reset(RateLimiter::identifier(), 'login');
$jwtService = new JwtService($redis);
$jwt = $jwtService->generateAccessToken($passengerId, 'passenger', $audience, $fingerprint);
// $refresh = $jwtService->generateRefreshToken($passengerId);
jsonSuccess([
'jwt' => $jwt,
// 'refresh_token' => $refresh['token'],
'expires_in' => 3600
]);
} catch (PDOException $e) {
securityLog("Login PDO Error", ['msg' => $e->getMessage()]);
jsonError('Database error', 500);
} catch (Exception $e) {
securityLog("Login Error", ['msg' => $e->getMessage()]);
jsonError('Server error', 500);
}
Reference in New Issue View Git Blame Copy Permalink