Initial V2 commit 4\9

2026-04-23 21:23:23 +03:00
parent 098aa9ad37
commit c4bf4ea679
8 changed files with 666 additions and 8 deletions
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -614,7 +614,7 @@ class AuthController extends Controller
        return JWT::encode($payload, config('intaleq.wallet_jwt_secret'), 'HS256');
    }

-    private function createJwt(string $userId, string $userType, string $fingerprint, int $expiry): string
+    private function createJwt(string $userId, string $userType, string $fingerprint, int $expiry, string $audience = 'Tripz'): string
    {
        $payload = [
            'user_id' => $userId,
@@ -622,6 +622,7 @@ class AuthController extends Controller
            'fingerprint' => $fingerprint,
            'iat' => time(),
            'exp' => time() + $expiry,
+            'aud' => $audience,
            'jti' => Str::uuid()->toString(),
        ];

@@ -639,6 +640,70 @@ class AuthController extends Controller
        ]);
    }

+    /**
+     * POST /v2/auth/passenger/login-jwt
+     * Background handshake for passengers
+     */
+    public function passengerJwtHandshake(Request $request): JsonResponse
+    {
+        $request->validate([
+            'id' => 'required|string',
+            'password' => 'required|string',
+            'fingerPrint' => 'required|string',
+            'aud' => 'required|string',
+        ]);
+
+        $audience = $request->input('aud');
+        // Validate audience if needed (optional based on audio but good for security)
+        // if (!in_array($audience, config('intaleq.allowed_audiences'))) { ... }
+
+        // The user mentioned using a fixed password like 'passenger' from Flutter
+        // and relying on fingerprint for security.
+        
+        // Generate a 24h JWT for the handshake (as requested to be consistent)
+        $jwt = $this->createJwt(
+            $request->input('id'), 
+            'passenger', 
+            $request->input('fingerPrint'), 
+            86400, 
+            $audience
+        );
+
+        return response()->json([
+            'status' => 'success', 
+            'jwt' => $jwt,
+            'expires_in' => 86400
+        ]);
+    }
+
+    /**
+     * POST /v2/auth/driver/login-jwt
+     * Background handshake for drivers
+     */
+    public function driverJwtHandshake(Request $request): JsonResponse
+    {
+        $request->validate([
+            'id' => 'required|string',
+            'password' => 'required|string',
+            'fingerPrint' => 'required|string',
+            'aud' => 'required|string',
+        ]);
+
+        $jwt = $this->createJwt(
+            $request->input('id'), 
+            'driver', 
+            $request->input('fingerPrint'), 
+            86400, 
+            $request->input('aud')
+        );
+
+        return response()->json([
+            'status' => 'success', 
+            'jwt' => $jwt,
+            'expires_in' => 86400
+        ]);
+    }
+
    private function success(array $data, int $code = 200): JsonResponse
    {
        return response()->json(['status' => 'success', 'data' => $data], $code);