Hamza/intaleq_v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update authentication logic and SDK fixes

Browse Source
This commit is contained in:
Hamza-Ayed
2026-04-24 15:12:12 +03:00
parent 2745b307a9
commit 4534e8769b
18 changed files with 198 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
app/Http/Controllers/AuthController.php
View File

@@ -579,6 +579,11 @@ class AuthController extends Controller
return $this->failure('Invalid credentials');
}
// Verify password if set in DB, otherwise reject for security
if (!isset($admin->password) || !password_verify($request->input('password'), $admin->password)) {
return $this->failure('Invalid credentials');
}
$jwt = $this->createJwt((string)$admin->id, 'admin', $request->input('device_number'), 900);
return $this->success([
@@ -674,6 +679,8 @@ class AuthController extends Controller
'promos.promo_code as promo',
'promos.amount as discount',
'promos.validity_end_date as validity',
'p.api_key',
'p.api_secret',
])
->selectSub(function ($query) use ($platform, $appName) {
$query->from('packageInfo')
@@ -732,6 +739,7 @@ class AuthController extends Controller
->table('captain')
->where('email', $encryptedEmail)
->where('id', $request->input('id'))
->select('captain.*', 'captain.api_key', 'captain.api_secret')
->first();
if (!$driver) {
@@ -795,6 +803,7 @@ class AuthController extends Controller
'iat' => time(),
'exp' => time() + $expiry,
'aud' => $audience,
'iss' => 'Tripz',
'jti' => Str::uuid()->toString(),
];
@@ -826,25 +835,34 @@ class AuthController extends Controller
]);
$audience = $request->input('aud');
// Validate audience if needed (optional based on audio but good for security)
// if (!in_array($audience, config('intaleq.allowed_audiences'))) { ... }
// The user mentioned using a fixed password like 'passenger' from Flutter
// and relying on fingerprint for security.
// Generate a 24h JWT for the handshake (as requested to be consistent)
// Verify the passenger exists
$passenger = Passenger::where('id', $request->input('id'))->first();
if (!$passenger) {
return $this->failure('Invalid credentials');
}
// Verify fingerprint matches stored device (security)
$token = PassengerToken::where('passengerID', $request->input('id'))->first();
if (!$token || !hash_equals($token->fingerPrint ?? '', $request->input('fingerPrint'))) {
return $this->failure('Device verification failed', 403);
}
// Generate a 15min JWT for the handshake (security: reduced from 24h)
$jwt = $this->createJwt(
$request->input('id'),
'passenger',
$request->input('fingerPrint'),
86400,
900,
$audience
);
return response()->json([
'status' => 'success',
'jwt' => $jwt,
'expires_in' => 86400
'expires_in' => 900,
'api_key' => $passenger->api_key ?? $driver->api_key,
'api_secret' => $passenger->api_secret ?? $driver->api_secret,
]);
}
@@ -861,18 +879,30 @@ class AuthController extends Controller
'aud' => 'required|string',
]);
$driver = Driver::where('id', $request->input('id'))->first();
if (!$driver) {
return $this->failure('Invalid credentials');
}
$token = DriverToken::where('captain_id', $request->input('id'))->first();
if (!$token || !hash_equals($token->fingerPrint ?? '', $request->input('fingerPrint'))) {
return $this->failure('Device verification failed', 403);
}
$jwt = $this->createJwt(
$request->input('id'),
'driver',
$request->input('fingerPrint'),
86400,
900,
$request->input('aud')
);
return response()->json([
'status' => 'success',
'jwt' => $jwt,
'expires_in' => 86400
'expires_in' => 900,
'api_key' => $passenger->api_key ?? $driver->api_key,
'api_secret' => $passenger->api_secret ?? $driver->api_secret,
]);
}

6
app/Http/Controllers/DriverDocController.php
View File

@@ -11,14 +11,14 @@ class DriverDocController extends Controller
/** POST /v2/driver/scams */
public function reportScam(Request $request): JsonResponse
{
$userId = $request->input('_jwt_user_id');
$userId = $request->attributes->get('_jwt_user_id');
return response()->json(['status' => 'success']);
}
/** GET /v2/driver/registration-car */
public function getCarReg(Request $request): JsonResponse
{
$userId = $request->input('_jwt_user_id');
$userId = $request->attributes->get('_jwt_user_id');
$data = DB::connection('primary')->table('RegisrationCar')
->where('driverID', $userId)->get();
return response()->json(['status' => 'success', 'data' => $data]);
@@ -27,7 +27,7 @@ class DriverDocController extends Controller
/** POST /v2/driver/registration-car */
public function storeCarReg(Request $request): JsonResponse
{
$userId = $request->input('_jwt_user_id');
$userId = $request->attributes->get('_jwt_user_id');
// Logic to store...
return response()->json(['status' => 'success']);
}

2
app/Http/Controllers/InviteController.php
View File

@@ -105,7 +105,7 @@ class InviteController extends Controller
/** GET /v2/invites/gift */
public function checkGift(Request $request): JsonResponse
{
$userId = $request->input('_jwt_user_id');
$userId = $request->attributes->get('_jwt_user_id');
return response()->json([
'status' => 'success',
'message' => ['gift_available' => true]

9
app/Http/Controllers/MiscController.php
View File

@@ -185,7 +185,8 @@ class MiscController extends Controller
return response()->json(['status' => 'success', 'message' => 'Help question saved successfully']);
} catch (\Exception $e) {
return response()->json(['status' => 'failure', 'message' => 'Database error: ' . $e->getMessage()]);
\Log::error('MiscController HelpCenter Error: ' . $e->getMessage());
return response()->json(['status' => 'failure', 'message' => 'An error occurred']);
}
}
@@ -212,7 +213,8 @@ class MiscController extends Controller
return response()->json(['status' => 'success', 'message' => 'Tip inserted successfully']);
} catch (\Exception $e) {
return response()->json(['status' => 'failure', 'message' => 'Database error: ' . $e->getMessage()]);
\Log::error('MiscController Tips Error: ' . $e->getMessage());
return response()->json(['status' => 'failure', 'message' => 'An error occurred']);
}
}
@@ -262,9 +264,10 @@ class MiscController extends Controller
]);
}
} catch (\Exception $e) {
\Log::error('MiscController EgyptPhones Error: ' . $e->getMessage());
return response()->json([
'status' => 'failure',
'message' => 'Database error: ' . $e->getMessage()
'message' => 'An error occurred'
]);
}
}

14
app/Http/Controllers/NotificationController.php
View File

@@ -21,8 +21,8 @@ class NotificationController extends Controller
/** GET /v2/notifications */
public function index(Request $request): JsonResponse
{
$userId = $request->input('_jwt_user_id');
$userType = $request->input('_jwt_user_type');
$userId = $request->attributes->get('_jwt_user_id');
$userType = $request->attributes->get('_jwt_user_type');
$page = (int) $request->input('page', 1);
$limit = min((int) $request->input('limit', 20), 50);
@@ -46,7 +46,7 @@ class NotificationController extends Controller
/** PUT /v2/notifications/{id}/read */
public function markRead(Request $request, int $id): JsonResponse
{
$userType = $request->input('_jwt_user_type');
$userType = $request->attributes->get('_jwt_user_type');
$table = $userType === 'driver' ? 'notificationCaptain' : 'notifications';
DB::connection('primary')->table($table)
@@ -63,8 +63,8 @@ class NotificationController extends Controller
'fingerPrint' => 'required|string',
]);
$userId = $request->input('_jwt_user_id') ?? $request->input('passengerID');
$userType = $request->input('_jwt_user_type') ?? 'passenger';
$userId = $request->attributes->get('_jwt_user_id') ?? $request->input('passengerID');
$userType = $request->attributes->get('_jwt_user_type') ?? 'passenger';
if (!$userId) {
return response()->json(['status' => 'failure', 'message' => 'User ID missing'], 400);
@@ -98,8 +98,8 @@ class NotificationController extends Controller
/** GET /v2/notifications/token */
public function getToken(Request $request): JsonResponse
{
$userId = $request->input('_jwt_user_id') ?? $request->input('passengerID');
$userType = $request->input('_jwt_user_type') ?? 'passenger';
$userId = $request->attributes->get('_jwt_user_id') ?? $request->input('passengerID');
$userType = $request->attributes->get('_jwt_user_type') ?? 'passenger';
if (!$userId) {
return response()->json(['status' => 'failure', 'message' => 'User ID missing'], 400);

8
app/Http/Controllers/ProfileController.php
View File

@@ -35,7 +35,7 @@ class ProfileController extends Controller
*/
public function passenger(Request $request): JsonResponse
{
$id = $request->input('_jwt_user_id');
$id = $request->attributes->get('_jwt_user_id');
$passenger = Passenger::active()->find($id);
if (!$passenger) {
@@ -64,7 +64,7 @@ class ProfileController extends Controller
*/
public function driver(Request $request): JsonResponse
{
$id = $request->input('_jwt_user_id');
$id = $request->attributes->get('_jwt_user_id');
$driver = Driver::active()->byId($id)->first();
if (!$driver) {
@@ -101,7 +101,7 @@ class ProfileController extends Controller
*/
public function updatePassenger(Request $request): JsonResponse
{
$id = $request->input('_jwt_user_id');
$id = $request->attributes->get('_jwt_user_id');
$passenger = Passenger::active()->find($id);
if (!$passenger) {
@@ -135,7 +135,7 @@ class ProfileController extends Controller
{
$request->validate(['email' => 'required|email']);
$id = $request->input('_jwt_user_id');
$id = $request->attributes->get('_jwt_user_id');
$driver = Driver::active()->byId($id)->first();
if (!$driver) {

4
app/Http/Controllers/PromoController.php
View File

@@ -21,7 +21,7 @@ class PromoController extends Controller
/** GET /v2/promos */
public function index(Request $request): JsonResponse
{
$passengerId = $request->input('_jwt_user_id');
$passengerId = $request->attributes->get('_jwt_user_id');
$promos = DB::connection('primary')->table('promos')
->where('passengerID', $passengerId)
@@ -70,7 +70,7 @@ class PromoController extends Controller
'amount' => 'required|string',
]);
$passengerId = $request->input('_jwt_user_id');
$passengerId = $request->attributes->get('_jwt_user_id');
$exists = DB::connection('primary')->table('promos')
->where('passengerID', $passengerId)->exists();

8
app/Http/Controllers/RatingController.php
View File

@@ -29,7 +29,7 @@ class RatingController extends Controller
'comment' => 'nullable|string|max:500',
]);
$passengerId = $request->input('_jwt_user_id');
$passengerId = $request->attributes->get('_jwt_user_id');
// Prevent duplicate ratings
$exists = DB::connection('primary')->table('ratingDriver')
@@ -60,7 +60,7 @@ class RatingController extends Controller
'comment' => 'nullable|string|max:500',
]);
$driverId = $request->input('_jwt_user_id');
$driverId = $request->attributes->get('_jwt_user_id');
$exists = DB::connection('primary')->table('ratingPassenger')
->where('rideId', $request->input('ride_id'))->exists();
@@ -88,8 +88,8 @@ class RatingController extends Controller
'comment' => 'nullable|string|max:300',
]);
$userId = $request->input('_jwt_user_id');
$userType = $request->input('_jwt_user_type');
$userId = $request->attributes->get('_jwt_user_id');
$userType = $request->attributes->get('_jwt_user_type');
DB::connection('primary')->table('ratingApp')->insert([
'name' => $request->input('name', ''),

22
app/Http/Controllers/RideController.php
View File

@@ -66,7 +66,7 @@ class RideController extends Controller
'passenger_rating' => 'nullable|numeric',
]);
$passengerId = $request->input('_jwt_user_id');
$passengerId = $request->attributes->get('_jwt_user_id');
// Prevent duplicate active rides
$activeRide = DB::connection('ride')->table('ride')
@@ -152,7 +152,7 @@ class RideController extends Controller
*/
public function accept(Request $request, int $rideId): JsonResponse
{
$driverId = $request->input('_jwt_user_id');
$driverId = $request->attributes->get('_jwt_user_id');
DB::connection('ride')->beginTransaction();
try {
@@ -233,7 +233,7 @@ class RideController extends Controller
*/
public function start(Request $request, int $rideId): JsonResponse
{
$driverId = $request->input('_jwt_user_id');
$driverId = $request->attributes->get('_jwt_user_id');
$ride = Ride::where('id', $rideId)
->where('driver_id', $driverId)
@@ -280,7 +280,7 @@ class RideController extends Controller
*/
public function arrive(Request $request, int $rideId): JsonResponse
{
$driverId = $request->input('_jwt_user_id');
$driverId = $request->attributes->get('_jwt_user_id');
$ride = Ride::where('id', $rideId)
->where('driver_id', $driverId)
@@ -316,7 +316,7 @@ class RideController extends Controller
*/
public function finish(Request $request, int $rideId): JsonResponse
{
$driverId = $request->input('_jwt_user_id');
$driverId = $request->attributes->get('_jwt_user_id');
$request->validate([
'price_for_driver' => 'required|numeric',
@@ -397,7 +397,7 @@ class RideController extends Controller
*/
public function cancelByPassenger(Request $request, int $rideId): JsonResponse
{
$passengerId = $request->input('_jwt_user_id');
$passengerId = $request->attributes->get('_jwt_user_id');
$ride = Ride::where('id', $rideId)
->where('passenger_id', $passengerId)
@@ -452,7 +452,7 @@ class RideController extends Controller
*/
public function cancelByDriver(Request $request, int $rideId): JsonResponse
{
$driverId = $request->input('_jwt_user_id');
$driverId = $request->attributes->get('_jwt_user_id');
$ride = Ride::where('id', $rideId)
->where('driver_id', $driverId)
@@ -520,8 +520,8 @@ class RideController extends Controller
*/
public function active(Request $request): JsonResponse
{
$userId = $request->input('_jwt_user_id');
$userType = $request->input('_jwt_user_type');
$userId = $request->attributes->get('_jwt_user_id');
$userType = $request->attributes->get('_jwt_user_type');
$query = Ride::active();
if ($userType === 'driver') {
@@ -544,8 +544,8 @@ class RideController extends Controller
*/
public function index(Request $request): JsonResponse
{
$userId = $request->input('_jwt_user_id');
$userType = $request->input('_jwt_user_type');
$userId = $request->attributes->get('_jwt_user_id');
$userType = $request->attributes->get('_jwt_user_type');
$page = $request->input('page', 1);
$limit = min($request->input('limit', 20), 50);

2
app/Http/Controllers/TrackingController.php
View File

@@ -196,7 +196,7 @@ class TrackingController extends Controller
/** GET /v2/tracking/captain-stats */
public function captainStats(Request $request): JsonResponse
{
$driverId = $request->input('_jwt_user_id');
$driverId = $request->attributes->get('_jwt_user_id');
$totalRides = DB::connection('ride')->table('ride')
->where('driver_id', $driverId)

4
app/Http/Controllers/UploadController.php
View File

@@ -86,7 +86,7 @@ class UploadController extends Controller
return response()->json(['status' => 'failure', 'message' => 'File too large'], 400);
}
$userId = $request->input('_jwt_user_id');
$userId = $request->attributes->get('_jwt_user_id');
$ext = $file->getClientOriginalExtension() ?: 'mp3';
$filename = 'audio_' . Str::random(24) . '.' . $ext;
@@ -130,7 +130,7 @@ class UploadController extends Controller
}
// Generate safe filename
$userId = $request->input('_jwt_user_id');
$userId = $request->attributes->get('_jwt_user_id');
$ext = match ($mime) {
'image/jpeg' => 'jpg',
'image/png' => 'png',

27
app/Http/Controllers/WalletController.php
View File

@@ -25,7 +25,7 @@ class WalletController extends Controller
/** GET /v2/wallet/passenger */
public function index(Request $request): JsonResponse
{
$id = $request->input('_jwt_user_id');
$id = $request->attributes->get('_jwt_user_id');
$wallet = DB::connection('primary')->table('passengerWallet')
->where('passenger_id', $id)->first();
@@ -38,7 +38,7 @@ class WalletController extends Controller
/** GET /v2/wallet/passenger/balance */
public function balance(Request $request): JsonResponse
{
$id = $request->input('_jwt_user_id');
$id = $request->attributes->get('_jwt_user_id');
$bal = DB::connection('primary')->table('passengerWallet')
->where('passenger_id', $id)->value('balance') ?? '0.00';
@@ -53,7 +53,7 @@ class WalletController extends Controller
'payment_method' => 'required|string',
]);
$id = $request->input('_jwt_user_id');
$id = $request->attributes->get('_jwt_user_id');
DB::connection('primary')->beginTransaction();
try {
@@ -95,15 +95,22 @@ class WalletController extends Controller
}
}
/** PUT /v2/wallet/passenger */
/** PUT /v2/wallet/passenger — ADMIN ONLY */
public function update(Request $request): JsonResponse
{
$request->validate(['balance' => 'required|numeric|min:0']);
// Only admins can directly set balance
$userType = $request->attributes->get('_jwt_user_type');
if ($userType !== 'admin') {
return response()->json(['status' => 'failure', 'message' => 'Unauthorized'], 403);
}
$id = $request->input('_jwt_user_id');
$request->validate([
'balance' => 'required|numeric|min:0',
'passenger_id' => 'required|string',
]);
DB::connection('primary')->table('passengerWallet')
->where('passenger_id', $id)
->where('passenger_id', $request->input('passenger_id'))
->update(['balance' => $request->input('balance')]);
return response()->json(['status' => 'success']);
@@ -112,7 +119,7 @@ class WalletController extends Controller
/** DELETE /v2/wallet/passenger */
public function destroy(Request $request): JsonResponse
{
$id = $request->input('_jwt_user_id');
$id = $request->attributes->get('_jwt_user_id');
DB::connection('primary')->table('passengerWallet')
->where('passenger_id', $id)->delete();
@@ -122,7 +129,7 @@ class WalletController extends Controller
/** GET /v2/wallet/passenger/transactions */
public function transactions(Request $request): JsonResponse
{
$id = $request->input('_jwt_user_id');
$id = $request->attributes->get('_jwt_user_id');
$page = (int) $request->input('page', 1);
$limit = min((int) $request->input('limit', 20), 50);
@@ -145,7 +152,7 @@ class WalletController extends Controller
'amount' => 'required|numeric|min:0.01',
]);
$id = $request->input('_jwt_user_id');
$id = $request->attributes->get('_jwt_user_id');
DB::connection('primary')->table('payment_tokens_passenger')->insert([
'token' => $request->input('token'),