From 5622b57da96994d7cd5eaaff7ad844b0c679c63f Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Fri, 24 Apr 2026 21:09:49 +0300
Subject: [PATCH] ;ll123Scurity:6 \Fix HMAC handshake, generate API keys in
 Google Login, and relax JWT issuer

---
 .../Controllers/NotificationController.php    | 40 +++++++++++++------
 1 file changed, 27 insertions(+), 13 deletions(-)

diff --git a/app/Http/Controllers/NotificationController.php b/app/Http/Controllers/NotificationController.php
index 93f0e47..23636af 100644
--- a/app/Http/Controllers/NotificationController.php
+++ b/app/Http/Controllers/NotificationController.php
@@ -59,20 +59,34 @@ class NotificationController extends Controller
     /** POST /v2/notifications/update (For V1 Compatibility) */
     public function updateNotification(Request $request): JsonResponse
     {
-        $id = $request->input('id');
-        if (!$id) {
-            return response()->json(['status' => 'failure', 'message' => 'Missing notification ID']);
+        try {
+            $id = $request->input('id');
+            if (!$id) {
+                return response()->json(['status' => 'failure', 'message' => 'Missing notification ID']);
+            }
+
+            $isShown = $request->input('isShown', 'true');
+            $userId = $request->attributes->get('_jwt_user_id');
+            $userType = $request->attributes->get('_jwt_user_type');
+            
+            $table = $userType === 'driver' ? 'notificationCaptain' : 'notifications';
+            $userField = $userType === 'driver' ? 'driverID' : 'passenger_id';
+
+            $affected = DB::connection('primary')->table($table)
+                ->where('id', $id)
+                ->where($userField, $userId)
+                ->update(['isShown' => $isShown]);
+
+            return response()->json([
+                'status' => 'success',
+                'affected' => $affected
+            ]);
+        } catch (\Exception $e) {
+            return response()->json([
+                'status' => 'failure',
+                'message' => 'Internal error: ' . $e->getMessage()
+            ], 500);
         }
-
-        $isShown = $request->input('isShown', 'true');
-        $userType = $request->attributes->get('_jwt_user_type');
-        $table = $userType === 'driver' ? 'notificationCaptain' : 'notifications';
-
-        DB::connection('primary')->table($table)
-            ->where('id', $id)
-            ->update(['isShown' => $isShown]);
-
-        return response()->json(['status' => 'success']);
     }
     /** POST /v2/notifications/token */
     public function updateToken(Request $request): JsonResponse