service add APP_SIGNATURE_SERVICE 1

2026-05-02 16:15:06 +03:00
parent e10ee5989f
commit 070fca9891
2 changed files with 7 additions and 0 deletions
--- a/core/Auth/JwtService.php
+++ b/core/Auth/JwtService.php
@@ -267,6 +267,8 @@ class JwtService
                error_log("[SECURITY] HMAC mismatch | user: $userId | IP: " . ($_SERVER['REMOTE_ADDR'] ?? '?'));
                self::abort(403, 'Invalid HMAC signature');
            }
+
+
        }

        return $decoded;
--- a/serviceapp/login.php
+++ b/serviceapp/login.php
@@ -78,13 +78,18 @@ try {
                $expires_in = $ttl;
            }

+            // توليد مفتاح HMAC فريد للمستخدم (للتوافق مع CRUD الجديد)
+            $hmacKey = hash_hmac('sha256', (string)$user['id'], getenv('SECRET_KEY_HMAC'));
+
            printSuccess([
                "message" => "Login successful",
                "data" => $user,
                "jwt" => $jwt,
+                "hmac" => $hmacKey,
                "expires_in" => $expires_in
            ]);

+
        } else {
            jsonError("Incorrect password");
        }