From 671b90a9544cc6a2b27f69dadaa242c39632d0e9 Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Sat, 25 Apr 2026 16:58:16 +0300
Subject: [PATCH] Aplmpliedl manual JWT check and restored all driver
 fields68j2

---
 app/Http/Controllers/AuthController.php   | 71 +++++++++++++++++++++++
 app/Http/Controllers/InviteController.php | 13 +++--
 routes/api.php                            |  1 +
 3 files changed, 79 insertions(+), 6 deletions(-)

diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
index 3067888..2aee06f 100644
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -602,6 +602,77 @@ class AuthController extends Controller
             'message' => [$driver] // Add driver data in message for unified access
         ]);
     }
+    public function getWalletToken(Request $request): JsonResponse
+    {
+        $request->validate([
+            'id' => 'required|string',
+            'password' => 'required|string',
+            'aud' => 'required|string',
+            'fingerPrint' => 'required|string'
+        ]);
+
+        $id = $request->input('id');
+        $password = $request->input('password');
+        $audience = $request->input('aud');
+        $fingerPrint = $request->input('fingerPrint');
+
+        // Check if audience is allowed
+        $allowedAudiences = [config('intaleq.allowed_wallet_1'), config('intaleq.allowed_wallet_2')];
+        if (!in_array($audience, $allowedAudiences)) {
+            return $this->failure('Invalid audience');
+        }
+
+        // Verify password (matches passnpassenger)
+        $passwordNewPassenger = config('intaleq.password_new_passenger');
+        if (!password_verify($password, $passwordNewPassenger)) {
+            return $this->failure('Invalid credentials', 401);
+        }
+
+        // Check fingerprint
+        $storedToken = DB::connection('primary')->table('driverToken')
+            ->where('captain_id', $id)
+            ->first();
+
+        if (!$storedToken) {
+            return $this->failure('No token record found for this driver.', 403);
+        }
+
+        // Fingerprint verification
+        $fpVerified = false;
+        $fpPepper = config('intaleq.fp_pepper', '');
+        $storedFp = $storedToken->fingerPrint ?? '';
+
+        if (!empty($fpPepper)) {
+            $expectedHash = hash('sha256', $fingerPrint . $fpPepper);
+            $fpVerified = hash_equals($storedFp, $expectedHash);
+            if (!$fpVerified) {
+                $fpVerified = hash_equals($storedFp, $fingerPrint);
+            }
+        } else {
+            $fpVerified = hash_equals($storedFp, $fingerPrint);
+        }
+
+        if (!$fpVerified) {
+            \Log::warning('Wallet FP mismatch', ['driver_id' => $id, 'provided' => $fingerPrint, 'stored' => $storedFp]);
+            return $this->failure('Device fingerprint verification failed', 403);
+        }
+
+        // Generate Wallet JWT
+        $secretKeyPay = trim(config('intaleq.secret_key_pay', ''));
+        if (empty($secretKeyPay) && file_exists('/home/intaleq-api/.secret_key_pay')) {
+            $secretKeyPay = trim(file_get_contents('/home/intaleq-api/.secret_key_pay'));
+        }
+
+        $jwt = $this->createWalletJwt($id, $fingerPrint, $audience, 300, $secretKeyPay);
+        $hmac = hash_hmac('sha256', $id, config('intaleq.secret_key_hmac', ''));
+
+        return response()->json([
+            'status' => 'success',
+            'jwt' => $jwt,
+            'hmac' => $hmac,
+            'expires_in' => 300,
+        ]);
+    }
 
     // ══════════════════════════════════════════════
     // WALLET LOGIN
diff --git a/app/Http/Controllers/InviteController.php b/app/Http/Controllers/InviteController.php
index 3682f79..8ddff68 100644
--- a/app/Http/Controllers/InviteController.php
+++ b/app/Http/Controllers/InviteController.php
@@ -20,17 +20,18 @@ class InviteController extends Controller
     /** POST /v2/invites/driver */
     public function inviteDriver(Request $request): JsonResponse
     {
-        if (!$request->filled('driverId') || !$request->filled('inviterDriverPhone')) {
-            \Log::warning('Invite driver parameters missing: ' . json_encode($request->all()));
+        $driverId = $request->input('driverId') ?? $request->attributes->get('_jwt_user_id');
+        $inviterPhone = $request->input('inviterDriverPhone');
+
+        if (!$driverId || !$inviterPhone) {
+            \Log::warning('Invite driver parameters missing: ' . json_encode($request->all()) . ' JWT ID: ' . $request->attributes->get('_jwt_user_id'));
             return response()->json([
                 'status' => 'failure',
                 'message' => 'Missing required parameters: driverId or inviterDriverPhone'
-            ]);
+            ], 400);
         }
 
-        $driverId = $request->input('driverId');
-        $phone = $request->input('inviterDriverPhone');
-        $phoneEnc = $this->enc->encrypt($phone);
+        $phoneEnc = $this->enc->encrypt($inviterPhone);
 
         // التحقق من وجود دعوة مسبقة
         $existing = DB::connection('primary')->table('invites')
diff --git a/routes/api.php b/routes/api.php
index 47ce5bb..6701c14 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -63,6 +63,7 @@ Route::prefix('v2/auth')->group(function () {
     // Silent JWT Handshake (Compatibility with V1 background flow)
     Route::post('/passenger/login-jwt', [AuthController::class, 'passengerJwtHandshake']);
     Route::post('/driver/login-jwt', [AuthController::class, 'driverJwtHandshake']);
+    Route::post('/driver/wallet-token', [AuthController::class, 'getWalletToken']);
 });
 
 // Admin Error Logging (public — accepts error reports from Flutter apps)