Security:3 Fix HMAC handshake, generate API keys in Google Login, and relax JWT issuer

app/Http/Controllers/AuthController.php

@@ -933,13 +933,5 @@ class AuthController extends Controller
         ]);
     }
 
-    private function success(array $data, int $code = 200): JsonResponse
-    {
-        return response()->json(['status' => 'success', 'data' => $data], $code);
-    }
-
-    private function failure(string $message, int $code = 401): JsonResponse
-    {
-        return response()->json(['status' => 'failure', 'message' => $message], $code);
-    }
 }
+

app/Http/Controllers/Controller.php

@@ -16,5 +16,5 @@ use Illuminate\Routing\Controller as BaseController;
  */
 abstract class Controller extends BaseController
 {
-    //
+    use \App\Traits\ApiResponses;
 }

app/Http/Controllers/OtpController.php

@@ -93,7 +93,6 @@ class OtpController extends Controller
                         'token' => $encOtp,
                         'expiration_time' => $expiration,
                         'verified' => 0,
-                        'datecreated' => now(), // V1 legacy style
                     ]);
                 } catch (\Exception $e) {
                     \Log::error("OTP Send Error ($table): " . $e->getMessage());

app/Traits/ApiResponses.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Traits;
+
+use Illuminate\Http\JsonResponse;
+
+trait ApiResponses
+{
+    /**
+     * Return a success JSON response.
+     */
+    protected function success(array $data, int $code = 200): JsonResponse
+    {
+        return response()->json([
+            'status' => 'success',
+            'data' => $data,
+        ], $code);
+    }
+
+    /**
+     * Return a failure JSON response.
+     */
+    protected function failure(string $message, int $code = 401): JsonResponse
+    {
+        return response()->json([
+            'status' => 'failure',
+            'message' => $message,
+        ], $code);
+    }
+}