101 lines
3.3 KiB
PHP
101 lines
3.3 KiB
PHP
<?php
|
|
// ============================================================
|
|
// loginJwtDriver.php — تجديد توكن السائق
|
|
// ============================================================
|
|
|
|
require_once __DIR__ . '/core/bootstrap.php';
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
header('Access-Control-Allow-Origin: https://siromove.com');
|
|
header('Access-Control-Allow-Methods: POST, OPTIONS');
|
|
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Device-FP');
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
|
http_response_code(204);
|
|
exit;
|
|
}
|
|
|
|
$startTime = microtime(true);
|
|
|
|
function unauthorizedDriver(): never {
|
|
global $startTime;
|
|
$elapsed = microtime(true) - $startTime;
|
|
if ($elapsed < 0.1) usleep((int)((0.1 - $elapsed) * 1000000));
|
|
jsonError('Invalid driver credentials', 401);
|
|
}
|
|
|
|
try {
|
|
$limiter = new RateLimiter($redis);
|
|
$limiter->enforce(RateLimiter::identifier(), 'login');
|
|
|
|
$id = filterRequest('id');
|
|
$audience = filterRequest('aud');
|
|
$fingerprint = filterRequest('fingerPrint') ?? filterRequest('fingerprint');
|
|
|
|
$aud1 = getenv('allowedDriver1');
|
|
$aud2 = getenv('allowedDriver2');
|
|
$allowedAudiences = array_values(array_filter([$aud1, $aud2]));
|
|
|
|
if (empty($id) || empty($audience)) {
|
|
jsonError('Missing required fields', 400);
|
|
}
|
|
|
|
if (!in_array($audience, $allowedAudiences, true)) {
|
|
jsonError('Invalid audience', 400);
|
|
}
|
|
|
|
$con = Database::get('main');
|
|
$pepper = getenv('SECRET_KEY_HMAC');
|
|
|
|
$stmt = $con->prepare('
|
|
SELECT id, phone, national_number, email, password
|
|
FROM driver
|
|
WHERE id = :id
|
|
LIMIT 1
|
|
');
|
|
$stmt->execute([':id' => $id]);
|
|
$driver = $stmt->fetch();
|
|
|
|
if (!$driver || empty($driver['password'])) {
|
|
unauthorizedDriver();
|
|
}
|
|
|
|
$decPhone = !empty($driver['phone']) ? $encryptionHelper->decryptData($driver['phone']) : null;
|
|
$decNat = !empty($driver['national_number']) ? $encryptionHelper->decryptData($driver['national_number']) : null;
|
|
|
|
// ✅ FIX M-04: تسجيل معلومات تشخيصية عند فشل فك التشفير
|
|
if (empty($decPhone) || empty($decNat)) {
|
|
securityLog("LoginDriver failed: decryption returned null", [
|
|
'driver_id' => $driver['id'] ?? 'unknown',
|
|
'has_phone' => !empty($driver['phone']),
|
|
'has_nat' => !empty($driver['national_number']),
|
|
]);
|
|
unauthorizedDriver();
|
|
}
|
|
|
|
$baseString = $driver['id'] . '|' . trim($decPhone) . '|' . trim($decNat);
|
|
$hmacHex = hash_hmac('sha256', $baseString, $pepper, false);
|
|
|
|
if (!password_verify($hmacHex, $driver['password'])) {
|
|
unauthorizedDriver();
|
|
}
|
|
|
|
$limiter->reset(RateLimiter::identifier(), 'login');
|
|
|
|
$jwtService = new JwtService($redis);
|
|
$jwt = $jwtService->generateAccessToken($driver['id'], 'driver', $audience, $fingerprint);
|
|
// $refresh = $jwtService->generateRefreshToken($driver['id']);
|
|
|
|
jsonSuccess([
|
|
'jwt' => $jwt,
|
|
// 'refresh_token' => $refresh['token'],
|
|
'expires_in' => 14400
|
|
]);
|
|
|
|
} catch (PDOException $e) {
|
|
securityLog("LoginDriver PDO Error", ['msg' => $e->getMessage()]);
|
|
jsonError('Database error', 500);
|
|
} catch (Exception $e) {
|
|
securityLog("LoginDriver Error", ['msg' => $e->getMessage()]);
|
|
jsonError('Server error', 500);
|
|
} |