new backend and more secure 29-04-2026

2026-04-30 01:44:23 +03:00
parent 6bfc15abb2
commit b102af8f28
7 changed files with 13447 additions and 13571 deletions
--- a/lib/controller/auth/login_controller.dart
+++ b/lib/controller/auth/login_controller.dart
@@ -114,8 +114,11 @@ class LoginController extends GetxController {

        if (response.statusCode == 200) {
          final decoded = jsonDecode(response.body);
-          final String? jwt =
-              decoded['data'] != null ? decoded['data']['jwt'] : (decoded['message'] != null ? decoded['message']['jwt'] : decoded['jwt']);
+          final String? jwt = decoded['data'] != null
+              ? decoded['data']['jwt']
+              : (decoded['message'] != null
+                  ? decoded['message']['jwt']
+                  : decoded['jwt']);

          if (jwt != null) {
            // نشفر الـ JWT بالتشفير الثلاثي قبل التخزين في GetStorage
@@ -144,8 +147,11 @@ class LoginController extends GetxController {
        Log.print('response: ${response.body}');
        if (response.statusCode == 200) {
          final decoded = jsonDecode(response.body);
-          final String? jwt =
-              decoded['data'] != null ? decoded['data']['jwt'] : (decoded['message'] != null ? decoded['message']['jwt'] : decoded['jwt']);
+          final String? jwt = decoded['data'] != null
+              ? decoded['data']['jwt']
+              : (decoded['message'] != null
+                  ? decoded['message']['jwt']
+                  : decoded['jwt']);

          if (jwt != null) {
            box.write(BoxName.jwt, c(jwt));
@@ -216,13 +222,12 @@ class LoginController extends GetxController {
  Future<String?> getJwtWallet() async {
    dev = Platform.isAndroid ? 'android' : 'ios';

-    // await DeviceHelper.initAndStore();
    final String fp = box.read(BoxName.deviceFpEncrypted) ?? '';

    var payload = {
      'id': box.read(BoxName.passengerID),
      'password': AK.passnpassenger,
-      'aud': '${AK.allowed}$dev',
+      'aud': '${AK.allowedWallet}$dev',
      'fingerPrint': fp,
    };

@@ -230,23 +235,26 @@ class LoginController extends GetxController {
      Uri.parse(AppLink.loginJwtWalletRider),
      body: payload,
    );
-    Log.print('AppLink.loginJwtWalletRider: ${AppLink.loginJwtWalletRider}');

-    // Log.print('payload: ${payload}');
+    Log.print('AppLink.loginJwtWalletRider: ${AppLink.loginJwtWalletRider}');
    Log.print('response wallet: ${response.body}');
+
    if (response.statusCode == 200) {
      final decoded = jsonDecode(response.body);
-      final String? jwt =
-          decoded['data'] != null ? decoded['data']['jwt'] : decoded['jwt'];
-      final String? hmac =
-          decoded['data'] != null ? decoded['data']['hmac'] : decoded['hmac'];
+
+      // ← الإصلاح: نقرأ من message أو data أو root
+      final inner = decoded['data'] ?? decoded['message'] ?? decoded;
+
+      final String? jwt = inner['jwt'];
+      final String? hmac = inner['hmac'];
+
+      Log.print('jwt extracted: $jwt');
+      Log.print('hmac extracted: $hmac');

      if (hmac != null) {
-        // نخزن الـ hmac للاستخدام في X-HMAC-Auth header
        box.write(BoxName.hmac, hmac);
      }

-      // wallet JWT يُرجَع مباشرة دون تشفير ثلاثي
      return jwt;
    }