Security hardening: fixed 13 vulnerabilities, added AI-powered SupportController (Gemini), and stabilized Flutter Complaint logic

2026-04-24 22:55:56 +03:00
parent cc85fe1815
commit 540c5cc7ab
11 changed files with 292 additions and 71 deletions
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -189,6 +189,15 @@ class AuthController extends Controller
        $passenger = Passenger::find($request->input('id'));
        if (!$passenger) return $this->failure('User not found');

+        // Security Check: Verify fingerprint matches stored token
+        $storedToken = DB::connection('primary')->table('tokens')
+            ->where('passengerID', $passenger->id)
+            ->first();
+
+        if ($storedToken && !hash_equals((string)$storedToken->fingerPrint, (string)$request->input('fingerPrint'))) {
+            return $this->failure('Security mismatch: Invalid device fingerprint', 403);
+        }
+
        if (empty($passenger->api_key)) {
            $this->generateApiKeys($passenger);
        }
@@ -210,6 +219,15 @@ class AuthController extends Controller
        $driver = Driver::find($request->input('id'));
        if (!$driver) return $this->failure('User not found');

+        // Security Check: Verify fingerprint matches stored token
+        $storedToken = DB::connection('primary')->table('captainToken')
+            ->where('captain_id', $driver->id)
+            ->first();
+
+        if ($storedToken && !hash_equals((string)$storedToken->fingerPrint, (string)$request->input('fingerPrint'))) {
+            return $this->failure('Security mismatch: Invalid device fingerprint', 403);
+        }
+
        if (empty($driver->api_key)) {
            $this->generateApiKeys($driver);
        }