Hamza/intaleq_v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update authentication logic and SDK fixes

Browse Source
This commit is contained in:
Hamza-Ayed
2026-04-24 15:12:12 +03:00
parent 2745b307a9
commit 4534e8769b
18 changed files with 198 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
app/Http/Controllers/AuthController.php
View File

@@ -579,6 +579,11 @@ class AuthController extends Controller
return $this->failure('Invalid credentials');
}
// Verify password if set in DB, otherwise reject for security
if (!isset($admin->password) || !password_verify($request->input('password'), $admin->password)) {
return $this->failure('Invalid credentials');
}
$jwt = $this->createJwt((string)$admin->id, 'admin', $request->input('device_number'), 900);
return $this->success([
@@ -674,6 +679,8 @@ class AuthController extends Controller
'promos.promo_code as promo',
'promos.amount as discount',
'promos.validity_end_date as validity',
'p.api_key',
'p.api_secret',
])
->selectSub(function ($query) use ($platform, $appName) {
$query->from('packageInfo')
@@ -732,6 +739,7 @@ class AuthController extends Controller
->table('captain')
->where('email', $encryptedEmail)
->where('id', $request->input('id'))
->select('captain.*', 'captain.api_key', 'captain.api_secret')
->first();
if (!$driver) {
@@ -795,6 +803,7 @@ class AuthController extends Controller
'iat' => time(),
'exp' => time() + $expiry,
'aud' => $audience,
'iss' => 'Tripz',
'jti' => Str::uuid()->toString(),
];
@@ -826,25 +835,34 @@ class AuthController extends Controller
]);
$audience = $request->input('aud');
// Validate audience if needed (optional based on audio but good for security)
// if (!in_array($audience, config('intaleq.allowed_audiences'))) { ... }
// The user mentioned using a fixed password like 'passenger' from Flutter
// and relying on fingerprint for security.
// Generate a 24h JWT for the handshake (as requested to be consistent)
// Verify the passenger exists
$passenger = Passenger::where('id', $request->input('id'))->first();
if (!$passenger) {
return $this->failure('Invalid credentials');
}
// Verify fingerprint matches stored device (security)
$token = PassengerToken::where('passengerID', $request->input('id'))->first();
if (!$token || !hash_equals($token->fingerPrint ?? '', $request->input('fingerPrint'))) {
return $this->failure('Device verification failed', 403);
}
// Generate a 15min JWT for the handshake (security: reduced from 24h)
$jwt = $this->createJwt(
$request->input('id'),
'passenger',
$request->input('fingerPrint'),
86400,
900,
$audience
);
return response()->json([
'status' => 'success',
'jwt' => $jwt,
'expires_in' => 86400
'expires_in' => 900,
'api_key' => $passenger->api_key ?? $driver->api_key,
'api_secret' => $passenger->api_secret ?? $driver->api_secret,
]);
}
@@ -861,18 +879,30 @@ class AuthController extends Controller
'aud' => 'required|string',
]);
$driver = Driver::where('id', $request->input('id'))->first();
if (!$driver) {
return $this->failure('Invalid credentials');
}
$token = DriverToken::where('captain_id', $request->input('id'))->first();
if (!$token || !hash_equals($token->fingerPrint ?? '', $request->input('fingerPrint'))) {
return $this->failure('Device verification failed', 403);
}
$jwt = $this->createJwt(
$request->input('id'),
'driver',
$request->input('fingerPrint'),
86400,
900,
$request->input('aud')
);
return response()->json([
'status' => 'success',
'jwt' => $jwt,
'expires_in' => 86400
'expires_in' => 900,
'api_key' => $passenger->api_key ?? $driver->api_key,
'api_secret' => $passenger->api_secret ?? $driver->api_secret,
]);
}