Hamza/intaleq_v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security: Fix HMAC handshake undefined variables and relax JWT issuer for V1 compatibility

Browse Source
This commit is contained in:
Hamza-Ayed
2026-04-24 15:29:14 +03:00
parent 4534e8769b
commit 756980b6d7
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Middleware/JwtAuthMiddleware.php
View File

@@ -38,12 +38,12 @@ class JwtAuthMiddleware
try {
$decoded = JWT::decode($token, new Key(config('intaleq.jwt_secret'), 'HS256'));
// Verify issuer (defense in depth)
// Verify issuer (allow Tripz, Tripz-Wallet, Intaleq, or empty for compatibility)
$iss = $decoded->iss ?? '';
if (!in_array($iss, ['Tripz', 'Tripz-Wallet'])) {
if (!empty($iss) && !in_array($iss, ['Tripz', 'Tripz-Wallet', 'Intaleq', 'Tripz-v2'])) {
return response()->json([
'status' => 'failure',
'message' => 'Invalid token issuer'
'message' => 'Invalid token issuer: ' . $iss
], 401);
}