Hamza/intaleq_v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Applied correct V1 secret keys for passenger vs driver wallet tokens

Browse Source
This commit is contained in:
Hamza-Ayed
2026-04-24 01:30:10 +03:00
parent d9039aaf14
commit 2745b307a9
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Controllers/AuthController.php
View File

@@ -472,7 +472,9 @@ class AuthController extends Controller
} }
// ── 3. Success -> Generate Token ──────────────────────── // ── 3. Success -> Generate Token ────────────────────────
$jwt = $this->createWalletJwt($request->input('id'), $fingerprint, $audience, 300); // V1 Note: Passenger wallet used .secret_key (jwt_secret)
$secret = config('intaleq.jwt_secret');
$jwt = $this->createWalletJwt($request->input('id'), $fingerprint, $audience, 300, $secret);
$hmac = hash_hmac('sha256', $request->input('id'), config('intaleq.wallet_hmac_secret')); $hmac = hash_hmac('sha256', $request->input('id'), config('intaleq.wallet_hmac_secret'));
return $this->success([ return $this->success([
@@ -540,7 +542,9 @@ class AuthController extends Controller
} }
// ── 3. Success -> Generate Token ──────────────────────── // ── 3. Success -> Generate Token ────────────────────────
$jwt = $this->createWalletJwt($request->input('id'), $fingerprint, $audience, 300); // V1 Note: Driver wallet used .secret_key_pay (wallet_jwt_secret)
$secret = config('intaleq.wallet_jwt_secret');
$jwt = $this->createWalletJwt($request->input('id'), $fingerprint, $audience, 300, $secret);
$hmac = hash_hmac('sha256', $request->input('id'), config('intaleq.wallet_hmac_secret')); $hmac = hash_hmac('sha256', $request->input('id'), config('intaleq.wallet_hmac_secret'));
return $this->success([ return $this->success([
@@ -761,7 +765,7 @@ class AuthController extends Controller
// HELPERS // HELPERS
// ══════════════════════════════════════════════ // ══════════════════════════════════════════════
private function createWalletJwt(string $userId, string $fingerprint, string $audience, int $expiry = 60): string private function createWalletJwt(string $userId, string $fingerprint, string $audience, int $expiry = 300, ?string $secret = null): string
{ {
// V1 Security: Hash fingerprint with pepper before embedding in JWT // V1 Security: Hash fingerprint with pepper before embedding in JWT
$fpPepper = config('intaleq.fp_pepper', ''); $fpPepper = config('intaleq.fp_pepper', '');
@@ -769,14 +773,17 @@ class AuthController extends Controller
$payload = [ $payload = [
'user_id' => $userId, 'user_id' => $userId,
'sub' => $userId,
'fingerPrint' => $hashedFp, 'fingerPrint' => $hashedFp,
'exp' => time() + $expiry, 'exp' => time() + $expiry,
'iat' => time(), 'iat' => time(),
'iss' => 'Tripz-Wallet', 'iss' => 'Tripz-Wallet',
'aud' => $audience 'aud' => $audience,
'jti' => bin2hex(random_bytes(16)),
]; ];
return JWT::encode($payload, config('intaleq.wallet_jwt_secret'), 'HS256'); $key = $secret ?? config('intaleq.wallet_jwt_secret');
return JWT::encode($payload, $key, 'HS256');
} }
private function createJwt(string $userId, string $userType, string $fingerprint, int $expiry, string $audience = 'Tripz'): string private function createJwt(string $userId, string $userType, string $fingerprint, int $expiry, string $audience = 'Tripz'): string

2
config/intaleq.php
View File

@@ -60,7 +60,7 @@ return [
// Wallet Security // Wallet Security
// 'wallet_jwt_secret' => env('WALLET_JWT_SECRET'), // 'wallet_jwt_secret' => env('WALLET_JWT_SECRET'),
'wallet_hmac_secret' => env('WALLET_HMAC_SECRET'), 'wallet_hmac_secret' => env('SECRET_KEY_HMAC'),
'wallet_allowed_audiences' => [ 'wallet_allowed_audiences' => [
'Tripz-Wallet', 'Tripz-Wallet',
'TripzWallet:android', 'TripzWallet:android',