123Scurity:6 \Fix HMAC handshake, generate API keys in Google Login, and relax JWT issuer

2026-04-24 20:24:18 +03:00
parent ee36011f35
commit c438bd5da0
1 changed files with 86 additions and 4 deletions
--- a/app/Http/Controllers/InviteController.php
+++ b/app/Http/Controllers/InviteController.php
@@ -96,10 +96,75 @@ class InviteController extends Controller
    /** POST /v2/invites/passenger */
    public function invitePassenger(Request $request): JsonResponse
    {
-        return response()->json([
-            'status' => 'success',
-            'message' => 'Not implemented yet'
-        ]);
+        if (!$request->has(['passengerID', 'inviterPassengerPhone'])) {
+            return response()->json([
+                'status' => 'failure',
+                'message' => 'Missing required parameters'
+            ]);
+        }
+
+        $passengerId = $request->input('passengerID');
+        $phone = $request->input('inviterPassengerPhone');
+        $phoneEnc = $this->enc->encrypt($phone);
+
+        $existing = DB::connection('primary')->table('invitesToPassengers')
+            ->where('inviterPassengerPhone', $phoneEnc)
+            ->first();
+
+        if ($existing) {
+            if ($existing->isInstall == 1) {
+                return response()->json([
+                    'status' => 'failure', 
+                    'message' => $existing->inviteCode
+                ]);
+            }
+
+            $expirationTime = now()->addHour();
+            DB::connection('primary')->table('invitesToPassengers')
+                ->where('id', $existing->id)
+                ->update([
+                    'passengerID' => $passengerId,
+                    'expirationTime' => $expirationTime,
+                    'createdAt' => now()
+                ]);
+
+            return response()->json([
+                'status' => 'success',
+                'message' => [
+                    'inviteId' => $existing->id,
+                    'inviteCode' => $existing->inviteCode,
+                    'expirationTime' => $expirationTime->toDateTimeString()
+                ]
+            ]);
+        }
+
+        $inviteCode = $this->generateUniqueCodePassenger();
+        $expirationTime = now()->addHour();
+
+        try {
+            $id = DB::connection('primary')->table('invitesToPassengers')->insertGetId([
+                'passengerID' => $passengerId,
+                'inviterPassengerPhone' => $phoneEnc,
+                'inviteCode' => $inviteCode,
+                'expirationTime' => $expirationTime,
+                'createdAt' => now(),
+                'isInstall' => 0
+            ]);
+
+            return response()->json([
+                'status' => 'success',
+                'message' => [
+                    'inviteId' => $id,
+                    'inviteCode' => $inviteCode,
+                    'expirationTime' => $expirationTime->toDateTimeString()
+                ]
+            ]);
+        } catch (\Exception $e) {
+            return response()->json([
+                'status' => 'failure',
+                'message' => 'Database error: ' . $e->getMessage()
+            ]);
+        }
    }

    /** GET /v2/invites/gift */
@@ -128,4 +193,21 @@ class InviteController extends Controller
            }
        }
    }
+
+    private function generateUniqueCodePassenger(): string
+    {
+        while (true) {
+            $letters = strtoupper(Str::random(4));
+            $numbers = rand(100, 999);
+            $code = $letters . $numbers;
+
+            $exists = DB::connection('primary')->table('invitesToPassengers')
+                ->where('inviteCode', $code)
+                ->exists();
+
+            if (!$exists) {
+                return $code;
+            }
+        }
+    }
 }