Aplmpliedl manual JWT check and restored all driver fields68j2
This commit is contained in:
Hamza-Ayed
@@ -602,6 +602,77 @@ class AuthController extends Controller
|
|||||||
'message' => [$driver] // Add driver data in message for unified access
|
'message' => [$driver] // Add driver data in message for unified access
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
public function getWalletToken(Request $request): JsonResponse
|
||||||
|
{
|
||||||
|
$request->validate([
|
||||||
|
'id' => 'required|string',
|
||||||
|
'password' => 'required|string',
|
||||||
|
'aud' => 'required|string',
|
||||||
|
'fingerPrint' => 'required|string'
|
||||||
|
]);
|
||||||
|
|
||||||
|
$id = $request->input('id');
|
||||||
|
$password = $request->input('password');
|
||||||
|
$audience = $request->input('aud');
|
||||||
|
$fingerPrint = $request->input('fingerPrint');
|
||||||
|
|
||||||
|
// Check if audience is allowed
|
||||||
|
$allowedAudiences = [config('intaleq.allowed_wallet_1'), config('intaleq.allowed_wallet_2')];
|
||||||
|
if (!in_array($audience, $allowedAudiences)) {
|
||||||
|
return $this->failure('Invalid audience');
|
||||||
|
}
|
||||||
|
|
||||||
|
// Verify password (matches passnpassenger)
|
||||||
|
$passwordNewPassenger = config('intaleq.password_new_passenger');
|
||||||
|
if (!password_verify($password, $passwordNewPassenger)) {
|
||||||
|
return $this->failure('Invalid credentials', 401);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check fingerprint
|
||||||
|
$storedToken = DB::connection('primary')->table('driverToken')
|
||||||
|
->where('captain_id', $id)
|
||||||
|
->first();
|
||||||
|
|
||||||
|
if (!$storedToken) {
|
||||||
|
return $this->failure('No token record found for this driver.', 403);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fingerprint verification
|
||||||
|
$fpVerified = false;
|
||||||
|
$fpPepper = config('intaleq.fp_pepper', '');
|
||||||
|
$storedFp = $storedToken->fingerPrint ?? '';
|
||||||
|
|
||||||
|
if (!empty($fpPepper)) {
|
||||||
|
$expectedHash = hash('sha256', $fingerPrint . $fpPepper);
|
||||||
|
$fpVerified = hash_equals($storedFp, $expectedHash);
|
||||||
|
if (!$fpVerified) {
|
||||||
|
$fpVerified = hash_equals($storedFp, $fingerPrint);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$fpVerified = hash_equals($storedFp, $fingerPrint);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$fpVerified) {
|
||||||
|
\Log::warning('Wallet FP mismatch', ['driver_id' => $id, 'provided' => $fingerPrint, 'stored' => $storedFp]);
|
||||||
|
return $this->failure('Device fingerprint verification failed', 403);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Generate Wallet JWT
|
||||||
|
$secretKeyPay = trim(config('intaleq.secret_key_pay', ''));
|
||||||
|
if (empty($secretKeyPay) && file_exists('/home/intaleq-api/.secret_key_pay')) {
|
||||||
|
$secretKeyPay = trim(file_get_contents('/home/intaleq-api/.secret_key_pay'));
|
||||||
|
}
|
||||||
|
|
||||||
|
$jwt = $this->createWalletJwt($id, $fingerPrint, $audience, 300, $secretKeyPay);
|
||||||
|
$hmac = hash_hmac('sha256', $id, config('intaleq.secret_key_hmac', ''));
|
||||||
|
|
||||||
|
return response()->json([
|
||||||
|
'status' => 'success',
|
||||||
|
'jwt' => $jwt,
|
||||||
|
'hmac' => $hmac,
|
||||||
|
'expires_in' => 300,
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
// ══════════════════════════════════════════════
|
// ══════════════════════════════════════════════
|
||||||
// WALLET LOGIN
|
// WALLET LOGIN
|
||||||
|
|||||||
@@ -20,17 +20,18 @@ class InviteController extends Controller
|
|||||||
/** POST /v2/invites/driver */
|
/** POST /v2/invites/driver */
|
||||||
public function inviteDriver(Request $request): JsonResponse
|
public function inviteDriver(Request $request): JsonResponse
|
||||||
{
|
{
|
||||||
if (!$request->filled('driverId') || !$request->filled('inviterDriverPhone')) {
|
$driverId = $request->input('driverId') ?? $request->attributes->get('_jwt_user_id');
|
||||||
\Log::warning('Invite driver parameters missing: ' . json_encode($request->all()));
|
$inviterPhone = $request->input('inviterDriverPhone');
|
||||||
|
|
||||||
|
if (!$driverId || !$inviterPhone) {
|
||||||
|
\Log::warning('Invite driver parameters missing: ' . json_encode($request->all()) . ' JWT ID: ' . $request->attributes->get('_jwt_user_id'));
|
||||||
return response()->json([
|
return response()->json([
|
||||||
'status' => 'failure',
|
'status' => 'failure',
|
||||||
'message' => 'Missing required parameters: driverId or inviterDriverPhone'
|
'message' => 'Missing required parameters: driverId or inviterDriverPhone'
|
||||||
]);
|
], 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
$driverId = $request->input('driverId');
|
$phoneEnc = $this->enc->encrypt($inviterPhone);
|
||||||
$phone = $request->input('inviterDriverPhone');
|
|
||||||
$phoneEnc = $this->enc->encrypt($phone);
|
|
||||||
|
|
||||||
// التحقق من وجود دعوة مسبقة
|
// التحقق من وجود دعوة مسبقة
|
||||||
$existing = DB::connection('primary')->table('invites')
|
$existing = DB::connection('primary')->table('invites')
|
||||||
|
|||||||
@@ -63,6 +63,7 @@ Route::prefix('v2/auth')->group(function () {
|
|||||||
// Silent JWT Handshake (Compatibility with V1 background flow)
|
// Silent JWT Handshake (Compatibility with V1 background flow)
|
||||||
Route::post('/passenger/login-jwt', [AuthController::class, 'passengerJwtHandshake']);
|
Route::post('/passenger/login-jwt', [AuthController::class, 'passengerJwtHandshake']);
|
||||||
Route::post('/driver/login-jwt', [AuthController::class, 'driverJwtHandshake']);
|
Route::post('/driver/login-jwt', [AuthController::class, 'driverJwtHandshake']);
|
||||||
|
Route::post('/driver/wallet-token', [AuthController::class, 'getWalletToken']);
|
||||||
});
|
});
|
||||||
|
|
||||||
// Admin Error Logging (public — accepts error reports from Flutter apps)
|
// Admin Error Logging (public — accepts error reports from Flutter apps)
|
||||||
|
|||||||
Reference in New Issue
Block a user