From c438bd5da0d39c8a558ccb47fe89a53243445cab Mon Sep 17 00:00:00 2001 From: Hamza-Ayed Date: Fri, 24 Apr 2026 20:24:18 +0300 Subject: [PATCH] 123Scurity:6 \Fix HMAC handshake, generate API keys in Google Login, and relax JWT issuer --- app/Http/Controllers/InviteController.php | 90 ++++++++++++++++++++++- 1 file changed, 86 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/InviteController.php b/app/Http/Controllers/InviteController.php index 8b36cf5..1a18d3d 100644 --- a/app/Http/Controllers/InviteController.php +++ b/app/Http/Controllers/InviteController.php @@ -96,10 +96,75 @@ class InviteController extends Controller /** POST /v2/invites/passenger */ public function invitePassenger(Request $request): JsonResponse { - return response()->json([ - 'status' => 'success', - 'message' => 'Not implemented yet' - ]); + if (!$request->has(['passengerID', 'inviterPassengerPhone'])) { + return response()->json([ + 'status' => 'failure', + 'message' => 'Missing required parameters' + ]); + } + + $passengerId = $request->input('passengerID'); + $phone = $request->input('inviterPassengerPhone'); + $phoneEnc = $this->enc->encrypt($phone); + + $existing = DB::connection('primary')->table('invitesToPassengers') + ->where('inviterPassengerPhone', $phoneEnc) + ->first(); + + if ($existing) { + if ($existing->isInstall == 1) { + return response()->json([ + 'status' => 'failure', + 'message' => $existing->inviteCode + ]); + } + + $expirationTime = now()->addHour(); + DB::connection('primary')->table('invitesToPassengers') + ->where('id', $existing->id) + ->update([ + 'passengerID' => $passengerId, + 'expirationTime' => $expirationTime, + 'createdAt' => now() + ]); + + return response()->json([ + 'status' => 'success', + 'message' => [ + 'inviteId' => $existing->id, + 'inviteCode' => $existing->inviteCode, + 'expirationTime' => $expirationTime->toDateTimeString() + ] + ]); + } + + $inviteCode = $this->generateUniqueCodePassenger(); + $expirationTime = now()->addHour(); + + try { + $id = DB::connection('primary')->table('invitesToPassengers')->insertGetId([ + 'passengerID' => $passengerId, + 'inviterPassengerPhone' => $phoneEnc, + 'inviteCode' => $inviteCode, + 'expirationTime' => $expirationTime, + 'createdAt' => now(), + 'isInstall' => 0 + ]); + + return response()->json([ + 'status' => 'success', + 'message' => [ + 'inviteId' => $id, + 'inviteCode' => $inviteCode, + 'expirationTime' => $expirationTime->toDateTimeString() + ] + ]); + } catch (\Exception $e) { + return response()->json([ + 'status' => 'failure', + 'message' => 'Database error: ' . $e->getMessage() + ]); + } } /** GET /v2/invites/gift */ @@ -128,4 +193,21 @@ class InviteController extends Controller } } } + + private function generateUniqueCodePassenger(): string + { + while (true) { + $letters = strtoupper(Str::random(4)); + $numbers = rand(100, 999); + $code = $letters . $numbers; + + $exists = DB::connection('primary')->table('invitesToPassengers') + ->where('inviteCode', $code) + ->exists(); + + if (!$exists) { + return $code; + } + } + } }