Security:6 Fix HMAC handshake, generate API keys in Google Login, and relax JWT issuer

app/Http/Controllers/OtpController.php

@@ -108,10 +108,15 @@ class OtpController extends Controller
         // TODO: Send SMS/WhatsApp via external provider
 
         // Check if passenger exists to allow immediate login (V1 style)
-        // Note: Phone is stored ENCRYPTED in passengers table in V1
-        $encPhone = $this->encryption->encrypt($phone);
+        // We check both encrypted and raw phone with multiple formats (963... and 0...)
+        $rawPhone = $phone;
+        $localPhone = '0' . substr($phone, 3); // Convert 9639... to 09...
+        
+        $encRawPhone = $this->encryption->encrypt($rawPhone);
+        $encLocalPhone = $this->encryption->encrypt($localPhone);
+        
         $passenger = DB::connection('primary')->table('passengers')
-            ->where('phone', $encPhone)
+            ->whereIn('phone', [$rawPhone, $localPhone, $encRawPhone, $encLocalPhone])
             ->first();
 
         return $this->success([