Se,curity:6 \Fix HMAC handshake, generate API keys in Google Login, and relax JWT issuer

2026-04-24 17:05:16 +03:00
parent 8145e459fd
commit 7805f02cd6
2 changed files with 82 additions and 1 deletions
--- a/app/Http/Controllers/OtpController.php
+++ b/app/Http/Controllers/OtpController.php
@@ -7,7 +7,7 @@ use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Cache;
 use Illuminate\Support\Str;
-use App\Helpers\LegacyEncryption;
+use App\Services\LegacyEncryption;

 /**
 * متحكم رموز التحقق (OTP Controller)
--- a/app/Services/LegacyEncryption.php
+++ b/app/Services/LegacyEncryption.php
@@ -0,0 +1,81 @@
+<?php
+
+namespace App\Services;
+
+use Exception;
+
+class LegacyEncryption
+{
+    private $key;
+    private $iv;
+
+    public function __construct()
+    {
+        $keyPath = config('intaleq.legacy_enc_key_path', '/home/intaleq-api/.enckey');
+        
+        if (file_exists($keyPath)) {
+            $this->key = trim(file_get_contents($keyPath));
+        } else {
+            $this->key = env('LEGACY_ENC_KEY', '');
+        }
+
+        $this->iv = config('intaleq.legacy_iv', env('initializationVector', ''));
+
+        if (strlen($this->key) !== 32) {
+            // Log warning or throw error in production
+        }
+        if (strlen($this->iv) !== 16) {
+            // Log warning
+        }
+    }
+
+    /**
+     * Encrypt data using AES-256-CBC (Legacy V1 compatibility)
+     */
+    public function encrypt($plainText)
+    {
+        if (empty($plainText)) return $plainText;
+        
+        try {
+            $plainText = (string) $plainText;
+            $paddedText = $this->addPadding($plainText);
+            $encrypted = openssl_encrypt($paddedText, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
+            return base64_encode($encrypted);
+        } catch (Exception $e) {
+            return $plainText;
+        }
+    }
+
+    /**
+     * Decrypt data using AES-256-CBC (Legacy V1 compatibility)
+     */
+    public function decrypt($encryptedText)
+    {
+        if (empty($encryptedText)) return $encryptedText;
+
+        try {
+            $decoded = base64_decode($encryptedText, true);
+            if ($decoded === false) return $encryptedText;
+
+            $decrypted = openssl_decrypt($decoded, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
+            if ($decrypted === false) return $encryptedText;
+
+            return $this->removePadding($decrypted);
+        } catch (Exception $e) {
+            return $encryptedText;
+        }
+    }
+
+    private function addPadding($data, $blockSize = 16)
+    {
+        $pad = $blockSize - (strlen($data) % $blockSize);
+        return $data . str_repeat(chr($pad), $pad);
+    }
+
+    private function removePadding($data)
+    {
+        $pad = ord($data[strlen($data) - 1]);
+        if ($pad < 1 || $pad > 16) return $data;
+        return substr($data, 0, -$pad);
+    }
+}