1Scurity:6 \Fix HMAC handshake, generate API keys in Google Login, and relax JWT issuer
This commit is contained in:
Hamza-Ayed
@@ -189,8 +189,18 @@ class AuthController extends Controller
|
||||
$passenger = Passenger::find($request->input('id'));
|
||||
if (!$passenger) return $this->failure('User not found');
|
||||
|
||||
if (empty($passenger->api_key)) {
|
||||
$this->generateApiKeys($passenger);
|
||||
}
|
||||
|
||||
$jwt = $this->createJwt($passenger->id, 'passenger', $request->input('fingerPrint'), 3600);
|
||||
return response()->json(['status' => 'success', 'jwt' => $jwt, 'expires_in' => 3600]);
|
||||
return response()->json([
|
||||
'status' => 'success',
|
||||
'jwt' => $jwt,
|
||||
'expires_in' => 3600,
|
||||
'api_key' => $passenger->api_key,
|
||||
'api_secret' => $passenger->api_secret
|
||||
]);
|
||||
}
|
||||
|
||||
public function driverJwtHandshake(Request $request): JsonResponse
|
||||
@@ -200,8 +210,18 @@ class AuthController extends Controller
|
||||
$driver = Driver::find($request->input('id'));
|
||||
if (!$driver) return $this->failure('User not found');
|
||||
|
||||
if (empty($driver->api_key)) {
|
||||
$this->generateApiKeys($driver);
|
||||
}
|
||||
|
||||
$jwt = $this->createJwt($driver->id, 'driver', $request->input('fingerPrint'), 14400);
|
||||
return response()->json(['status' => 'success', 'jwt' => $jwt, 'expires_in' => 14400]);
|
||||
return response()->json([
|
||||
'status' => 'success',
|
||||
'jwt' => $jwt,
|
||||
'expires_in' => 14400,
|
||||
'api_key' => $driver->api_key,
|
||||
'api_secret' => $driver->api_secret
|
||||
]);
|
||||
}
|
||||
|
||||
// ══════════════════════════════════════════════
|
||||
@@ -288,6 +308,16 @@ class AuthController extends Controller
|
||||
$data = (array) $row;
|
||||
$data['package'] = $data['package'] ?? '1.1.33'; // Default to avoid Null error in Flutter
|
||||
|
||||
// Ensure API keys exist
|
||||
if (empty($data['api_key'])) {
|
||||
$passenger = Passenger::find($data['id']);
|
||||
if ($passenger) {
|
||||
$this->generateApiKeys($passenger);
|
||||
$data['api_key'] = $passenger->api_key;
|
||||
$data['api_secret'] = $passenger->api_secret;
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($data as $key => $value) {
|
||||
if (is_string($value) && !in_array($key, ['id', 'status', 'created_at', 'updated_at', 'verified', 'isInstall', 'isGiftToken', 'api_key', 'api_secret', 'package'])) {
|
||||
$dec = $this->encryption->decrypt($value);
|
||||
@@ -295,7 +325,28 @@ class AuthController extends Controller
|
||||
}
|
||||
}
|
||||
|
||||
return response()->json(['status' => 'success', 'count' => 1, 'data' => [$data]]);
|
||||
// Fetch Notification Token & Fingerprint
|
||||
$tokenRow = DB::connection('primary')->table('passengerToken')->where('passengerID', $data['id'])->first();
|
||||
if ($tokenRow) {
|
||||
$data['fcm_token'] = $this->encryption->decrypt($tokenRow->token);
|
||||
$data['fingerprint'] = $tokenRow->fingerPrint;
|
||||
} else {
|
||||
$data['fcm_token'] = null;
|
||||
$data['fingerprint'] = null;
|
||||
}
|
||||
|
||||
// Generate JWT using the header fingerprint, or fallback to the stored one
|
||||
$clientFp = $request->header('X-Device-FP');
|
||||
$jwtFp = !empty($clientFp) ? $clientFp : ($data['fingerprint'] ?? 'unknown');
|
||||
$jwt = $this->createJwt($data['id'], 'passenger', $jwtFp, 3600);
|
||||
|
||||
return response()->json([
|
||||
'status' => 'success',
|
||||
'count' => 1,
|
||||
'data' => [$data],
|
||||
'jwt' => $jwt,
|
||||
'expires_in' => 3600
|
||||
]);
|
||||
}
|
||||
|
||||
// ══════════════════════════════════════════════
|
||||
|
||||
Reference in New Issue
Block a user