From 7805f02cd6abb8973a167bb535cb60ac5158904f Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Fri, 24 Apr 2026 17:05:16 +0300
Subject: [PATCH] Se,curity:6 \Fix HMAC handshake, generate API keys in Google
 Login, and relax JWT issuer

---
 app/Http/Controllers/OtpController.php |  2 +-
 app/Services/LegacyEncryption.php      | 81 ++++++++++++++++++++++++++
 2 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 app/Services/LegacyEncryption.php

diff --git a/app/Http/Controllers/OtpController.php b/app/Http/Controllers/OtpController.php
index ac90560..9882ab9 100644
--- a/app/Http/Controllers/OtpController.php
+++ b/app/Http/Controllers/OtpController.php
@@ -7,7 +7,7 @@ use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Cache;
 use Illuminate\Support\Str;
-use App\Helpers\LegacyEncryption;
+use App\Services\LegacyEncryption;
 
 /**
  * متحكم رموز التحقق (OTP Controller)
diff --git a/app/Services/LegacyEncryption.php b/app/Services/LegacyEncryption.php
new file mode 100644
index 0000000..6fb2972
--- /dev/null
+++ b/app/Services/LegacyEncryption.php
@@ -0,0 +1,81 @@
+<?php
+
+namespace App\Services;
+
+use Exception;
+
+class LegacyEncryption
+{
+    private $key;
+    private $iv;
+
+    public function __construct()
+    {
+        $keyPath = config('intaleq.legacy_enc_key_path', '/home/intaleq-api/.enckey');
+        
+        if (file_exists($keyPath)) {
+            $this->key = trim(file_get_contents($keyPath));
+        } else {
+            $this->key = env('LEGACY_ENC_KEY', '');
+        }
+
+        $this->iv = config('intaleq.legacy_iv', env('initializationVector', ''));
+
+        if (strlen($this->key) !== 32) {
+            // Log warning or throw error in production
+        }
+        if (strlen($this->iv) !== 16) {
+            // Log warning
+        }
+    }
+
+    /**
+     * Encrypt data using AES-256-CBC (Legacy V1 compatibility)
+     */
+    public function encrypt($plainText)
+    {
+        if (empty($plainText)) return $plainText;
+        
+        try {
+            $plainText = (string) $plainText;
+            $paddedText = $this->addPadding($plainText);
+            $encrypted = openssl_encrypt($paddedText, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
+            return base64_encode($encrypted);
+        } catch (Exception $e) {
+            return $plainText;
+        }
+    }
+
+    /**
+     * Decrypt data using AES-256-CBC (Legacy V1 compatibility)
+     */
+    public function decrypt($encryptedText)
+    {
+        if (empty($encryptedText)) return $encryptedText;
+
+        try {
+            $decoded = base64_decode($encryptedText, true);
+            if ($decoded === false) return $encryptedText;
+
+            $decrypted = openssl_decrypt($decoded, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
+            if ($decrypted === false) return $encryptedText;
+
+            return $this->removePadding($decrypted);
+        } catch (Exception $e) {
+            return $encryptedText;
+        }
+    }
+
+    private function addPadding($data, $blockSize = 16)
+    {
+        $pad = $blockSize - (strlen($data) % $blockSize);
+        return $data . str_repeat(chr($pad), $pad);
+    }
+
+    private function removePadding($data)
+    {
+        $pad = ord($data[strlen($data) - 1]);
+        if ($pad < 1 || $pad > 16) return $data;
+        return substr($data, 0, -$pad);
+    }
+}