Hamza/intaleq_v3_pure_php
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

service add APP_SIGNATURE_SERVICE 1

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-02 16:15:06 +03:00
parent e10ee5989f
commit 070fca9891
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/Auth/JwtService.php
View File

@@ -267,6 +267,8 @@ class JwtService
error_log("[SECURITY] HMAC mismatch | user: $userId | IP: " . ($_SERVER['REMOTE_ADDR'] ?? '?')); error_log("[SECURITY] HMAC mismatch | user: $userId | IP: " . ($_SERVER['REMOTE_ADDR'] ?? '?'));
self::abort(403, 'Invalid HMAC signature'); self::abort(403, 'Invalid HMAC signature');
} }
} }
return $decoded; return $decoded;

5
serviceapp/login.php
View File

@@ -78,13 +78,18 @@ try {
$expires_in = $ttl; $expires_in = $ttl;
} }
// توليد مفتاح HMAC فريد للمستخدم (للتوافق مع CRUD الجديد)
$hmacKey = hash_hmac('sha256', (string)$user['id'], getenv('SECRET_KEY_HMAC'));
printSuccess([ printSuccess([
"message" => "Login successful", "message" => "Login successful",
"data" => $user, "data" => $user,
"jwt" => $jwt, "jwt" => $jwt,
"hmac" => $hmacKey,
"expires_in" => $expires_in "expires_in" => $expires_in
]); ]);
} else { } else {
jsonError("Incorrect password"); jsonError("Incorrect password");
} }