Hamza/intaleq_v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allplmpliedl manual JWT check and restored all driver fields68j2

Browse Source
This commit is contained in:
Hamza-Ayed
2026-04-25 21:28:42 +03:00
parent fca292f2a4
commit fadb373d42
6 changed files with 119 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
app/Http/Controllers/Api/PaymentTokenController.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Firebase\JWT\JWT;
use Illuminate\Support\Facades\File;
class PaymentTokenController extends Controller
{
// 1. مسار الراكب
public function generatePassengerToken(Request $request)
{
// تحقق خاص بالراكب (لا يوجد بصمة سيارة مثلاً)
return $this->buildToken($request->user()->id, 'android/ios_passenger', $request->input('fingerPrint'));
}
// 2. مسار السائق
public function generateDriverToken(Request $request)
{
// تحقق خاص بالسائق (ضرورة وجود بصمة جهاز قوية)
return $this->buildToken($request->user()->id, 'android/ios_driver', $request->input('fingerPrint'));
}
// 3. مسار المدير
public function generateAdminToken(Request $request)
{
// المدراء لديهم صلاحيات أوسع، قد يكون الـ aud مختلفاً
return $this->buildToken($request->user()->id, 'web_admin', 'admin_secure_context');
}
// 4. دالة البناء المركزية (Private)
private function buildToken($userId, $audience, $fingerprint)
{
$keyPath = env('PAYMENT_INTERNAL_KEY_PATH');
if (!File::exists($keyPath)) {
return response()->json(['status' => 'error', 'message' => 'Security Key Missing'], 500);
}
$internalSecret = trim(File::get_contents($keyPath));
$payload = [
'iss' => 'Intaleq_V2',
'sub' => $userId,
'aud' => $audience,
'iat' => time(),
'exp' => time() + 60,
'fingerprint' => $fingerprint
];
$token = JWT::encode($payload, $internalSecret, 'HS256');
return response()->json([
'status' => 'success',
'token' => $token,
'hmac' => hash_hmac('sha256', $token, $internalSecret)
]);
}
}

47
app/Http/Controllers/AuthController.php
View File

@@ -323,25 +323,28 @@ class AuthController extends Controller
'created_at' => now(),
]);
// 11. Insert Documents
// 11. Insert Documents (Wait, the user said registration response MUST return jwt, api_secret, and hmac immediately to allow subsequent protected file uploads)
// So we don't need to insert documents here if they are uploaded later. But keeping the existing code won't hurt, just the response changes.
$docKeys = [
'driver_license_front', 'driver_license_back',
'car_license_front', 'car_license_back'
];
$docUrls = [];
foreach ($docKeys as $k) {
$url = $request->input($k);
$docUrls[$k] = $url;
$name = basename(parse_url($url, PHP_URL_PATH) ?? '');
if ($name === '') { $name = $k . '_' . time() . '.jpg'; }
if ($request->has($k)) {
$url = $request->input($k);
$docUrls[$k] = $url;
$name = basename(parse_url($url, PHP_URL_PATH) ?? '');
if ($name === '') { $name = $k . '_' . time() . '.jpg'; }
DB::connection('primary')->table('driver_documents')->insert([
'driverID' => $data['id'],
'doc_type' => $k,
'image_name' => $name,
'link' => $url,
'upload_date' => now(),
]);
DB::connection('primary')->table('driver_documents')->insert([
'driverID' => $data['id'],
'doc_type' => $k,
'image_name' => $name,
'link' => $url,
'upload_date' => now(),
]);
}
}
DB::connection('primary')->commit();
@@ -360,11 +363,29 @@ class AuthController extends Controller
\Illuminate\Support\Facades\Log::error("FCM Admin notification failed: " . $e->getMessage());
}
// Generate JWT and API Keys
$fingerprint = $request->input('fingerprint', 'unknown');
$jwt = $this->createJwt($data['id'], 'driver', $fingerprint, 14400);
$apiKey = bin2hex(random_bytes(16));
$apiSecret = bin2hex(random_bytes(32));
DB::connection('primary')->table('driver')->where('id', $data['id'])->update([
'api_key' => $apiKey,
'api_secret' => $apiSecret
]);
// To be compatible with frontend, generate Wallet HMAC
$hmac = hash_hmac('sha256', $jwt, config('intaleq.secret_key_hmac', ''));
return response()->json([
'status' => 'success',
'driverID' => $data['id'],
'carRegID' => $carRegId,
'documents' => $docUrls
'documents' => $docUrls,
'jwt' => $jwt,
'api_key' => $apiKey,
'api_secret' => $apiSecret,
'hmac' => $hmac
]);
} catch (\Exception $e) {

2
app/Http/Controllers/UploadController.php
View File

@@ -51,7 +51,7 @@ class UploadController extends Controller
{
$request->validate([
'image' => 'required|file',
'doc_type' => 'required|string|in:license,registration,criminal,id_front,id_back',
'doc_type' => 'required|string|in:license,registration,criminal,id_front,id_back,driver_license_front,driver_license_back,car_license_front,car_license_back',
]);
return $this->handleImageUpload($request, 'driver_documents', 'documents');

10
app/Http/Middleware/HmacAuthMiddleware.php
View File

@@ -81,10 +81,16 @@ class HmacAuthMiddleware
}
// Compute expected signature
// METHOD:PATH:TIMESTAMP:NONCE:BODY
$method = strtoupper($request->method());
$path = $request->path(); // returns path without leading slash (e.g. v2/ride/create)
$body = $request->getContent();
if (str_contains(strtolower($request->header('Content-Type', '')), 'multipart/form-data')) {
$inputs = $request->except(array_keys($request->allFiles()));
ksort($inputs);
$body = json_encode($inputs);
} else {
$body = $request->getContent();
}
$payload = "$method:$path:$timestamp:$nonce:$body";
$expected = hash_hmac(self::ALGORITHM, $payload, $user->api_secret);