تحديث إعدادات بوابة الواتساب لتكون مستقلة ومحمية

2026-05-23 16:33:27 +03:00
parent 2bbaa1ee16
commit 1bf06ebef3
4 changed files with 217 additions and 3 deletions
--- a/backend/api/request-otp.php
+++ b/backend/api/request-otp.php
@@ -34,6 +34,7 @@ require_once __DIR__ . '/../includes/Redis.php';
 require_once __DIR__ . '/../includes/RateLimit.php';
 require_once __DIR__ . '/../includes/Auth.php';
 require_once __DIR__ . '/../includes/Logger.php';
+require_once __DIR__ . '/../includes/WhatsApp.php';

 // Authenticate — requires app key (Flutter app)
 Auth::requireAuth('app');
@@ -100,7 +101,20 @@ if (!$rateLimit->checkIp($clientIp, 'request-otp', 30, 60)) {
 $otpCode = str_pad((string) random_int(0, 9999), 4, '0', STR_PAD_LEFT);

 // Determine delivery method
-$method = ($deviceType === 'ios') ? 'sms' : 'flash_call';
+$method = 'flash_call'; // Default fallback
+$whatsappAvailable = false;
+
+try {
+    $whatsappAvailable = WhatsAppClient::isAvailable($phone);
+} catch (\Throwable $e) {
+    error_log('WhatsApp check failed: ' . $e->getMessage());
+}
+
+if ($whatsappAvailable) {
+    $method = 'whatsapp';
+} else {
+    $method = ($deviceType === 'ios') ? 'sms' : 'flash_call';
+}

 $db = Database::getInstance();
 $redis = RedisClient::getInstance();
@@ -142,6 +156,43 @@ try {
             VALUES (?, ?, ?, 'pending', ?, 'flash_call', ?)"
        );
        $stmt->execute([$phone, $otpCode, $callerId, $device['device_id'], $expiresAt]);
+    } else if ($method === 'whatsapp') {
+        // WhatsApp delivery
+        $expiresAt = date('Y-m-d H:i:s', time() + OTP_EXPIRE_SECONDS);
+        $stmt = $db->prepare(
+            "INSERT INTO otp_requests (phone, otp_code, caller_id, status, method, expires_at)
+             VALUES (?, ?, '', 'pending_whatsapp', 'whatsapp', ?)"
+        );
+        $stmt->execute([$phone, $otpCode, $expiresAt]);
+        $otpId = $db->lastInsertId();
+
+        // Try to generate premium dynamic base64 OTP image
+        $imagePngBase64 = null;
+        try {
+            $imagePngBase64 = WhatsAppClient::generateOtpImageBase64($otpCode);
+        } catch (\Throwable $e) {
+            error_log('Failed to generate OTP image: ' . $e->getMessage());
+        }
+
+        // Message caption / body
+        $messageText = "رمز التحقق الخاص بك هو: " . $otpCode . "\nيرجى إدخاله في التطبيق لإكمال العملية.";
+
+        $sent = false;
+        try {
+            if ($imagePngBase64) {
+                // Send premium image message with caption
+                $sent = WhatsAppClient::sendMessage($phone, "رمز التحقق الخاص بك هو: " . $otpCode, $imagePngBase64);
+            } else {
+                // Fallback to text message
+                $sent = WhatsAppClient::sendMessage($phone, $messageText);
+            }
+        } catch (\Throwable $e) {
+            error_log('WhatsApp sendMessage error: ' . $e->getMessage());
+        }
+
+        if (!$sent) {
+            throw new \Exception('Failed to send OTP via WhatsApp');
+        }
    } else {
        // SMS delivery — no specific caller_id needed for the OTP request
        $expiresAt = date('Y-m-d H:i:s', time() + OTP_EXPIRE_SECONDS);