From e999cd4ffaf3421ef2d47441ec9a505ac155f961 Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Thu, 30 Apr 2026 18:23:29 +0300
Subject: [PATCH] admin 12

---
 Admin/auth/loginWallet.php                    | 80 +++++++++++++++++++
 .../debug/check_driver_phones.php             |  0
 .../debug/check_users_cols.php                |  0
 .../debug/debug_phone.php                     |  0
 env_test.php => Admin/debug/env_test.php      |  0
 ggg.php => Admin/debug/ggg.php                |  0
 .../debug/scratch_db_check.php                |  0
 .../debug/scratch_log_path.php                |  0
 .../debug/scratch_test_find.php               |  0
 .../debug/scratch_test_redis.php              |  0
 10 files changed, 80 insertions(+)
 create mode 100644 Admin/auth/loginWallet.php
 rename check_driver_phones.php => Admin/debug/check_driver_phones.php (100%)
 rename check_users_cols.php => Admin/debug/check_users_cols.php (100%)
 rename debug_phone.php => Admin/debug/debug_phone.php (100%)
 rename env_test.php => Admin/debug/env_test.php (100%)
 rename ggg.php => Admin/debug/ggg.php (100%)
 rename scratch_db_check.php => Admin/debug/scratch_db_check.php (100%)
 rename scratch_log_path.php => Admin/debug/scratch_log_path.php (100%)
 rename scratch_test_find.php => Admin/debug/scratch_test_find.php (100%)
 rename scratch_test_redis.php => Admin/debug/scratch_test_redis.php (100%)

diff --git a/Admin/auth/loginWallet.php b/Admin/auth/loginWallet.php
new file mode 100644
index 0000000..1d7eb4c
--- /dev/null
+++ b/Admin/auth/loginWallet.php
@@ -0,0 +1,80 @@
+<?php
+/**
+ * Admin/auth/loginWallet.php
+ * توليد توكن خاص بسيرفر المحفظة (Wallet SSO)
+ * يتم توقيعه بالمفتاح المشترك (SECRET_KEY_PAY)
+ */
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../core/bootstrap.php';
+
+use Firebase\JWT\JWT;
+
+// التحقق من الجلسة الحالية للأدمن
+$admin = authenticateJWT(); 
+
+if ($admin->role !== 'admin') {
+    jsonError("Unauthorized. Admin access required.");
+    exit;
+}
+
+try {
+    // جلب المفتاح المشترك لسيرفر المحفظة
+    // الأولوية لملف المفتاح المخصص للمدفوعات إن وجد، وإلا نستخدم الـ env
+    $payKeyPath = '/home/intaleq-api/.secret_key_pay';
+    $payKey = file_exists($payKeyPath) ? trim(file_get_contents($payKeyPath)) : getenv('SECRET_KEY_PAY');
+
+    if (empty($payKey)) {
+        // Fallback للمفتاح الرئيسي إذا لم يتوفر مفتاح خاص بالدفع (يجب التأكد من تطابقه مع سيرفر المحفظة)
+        $payKey = trim(@file_get_contents('/home/intaleq-api/.secret_key'));
+    }
+
+    if (empty($payKey)) {
+        jsonError("Internal configuration error: Shared secret key missing.");
+        exit;
+    }
+
+    $issuer = getenv('APP_ISSUER') ?: 'Tripz-Wallet';
+    $audience = 'Tripz-Wallet';
+    $hmacSecret = getenv('SECRET_KEY_HMAC') ?: '';
+
+    $ttl = 3600; // ساعة واحدة
+    $iat = time();
+    $exp = $iat + $ttl;
+
+    // محتوى التوكن (Payload)
+    $payload = [
+        'iss'     => $issuer,
+        'aud'     => $audience,
+        'user_id' => $admin->user_id,
+        'role'    => 'admin',
+        'iat'     => $iat,
+        'exp'     => $exp,
+        'jti'     => bin2hex(random_bytes(16))
+    ];
+
+    // إضافة بصمة الجهاز للتوكن لزيادة الأمان
+    $fpHeader = $_SERVER['HTTP_X_DEVICE_FP'] ?? null;
+    $fpPepper = getenv('FP_PEPPER');
+    if ($fpHeader && $fpPepper) {
+        $payload['fingerPrint'] = hash('sha256', $fpHeader . $fpPepper);
+    }
+
+    // توليد التوكن
+    $jwt = JWT::encode($payload, $payKey, 'HS256');
+
+    // حساب الـ HMAC Hash المطلوب لسيرفر المحفظة للتحقق
+    // بناءً على authenticateJWT المرسل: hash_hmac('sha256', $userId, $hmacSecret)
+    $hmacHash = hash_hmac('sha256', (string)$admin->user_id, $hmacSecret);
+
+    printSuccess([
+        "status" => "success",
+        "jwt"    => $jwt,
+        "hmac"   => $hmacHash, 
+        "expires_in" => $ttl
+    ]);
+
+} catch (Exception $e) {
+    error_log("[Admin Wallet SSO Error] " . $e->getMessage());
+    jsonError("Server Error: " . $e->getMessage());
+}
diff --git a/check_driver_phones.php b/Admin/debug/check_driver_phones.php
similarity index 100%
rename from check_driver_phones.php
rename to Admin/debug/check_driver_phones.php
diff --git a/check_users_cols.php b/Admin/debug/check_users_cols.php
similarity index 100%
rename from check_users_cols.php
rename to Admin/debug/check_users_cols.php
diff --git a/debug_phone.php b/Admin/debug/debug_phone.php
similarity index 100%
rename from debug_phone.php
rename to Admin/debug/debug_phone.php
diff --git a/env_test.php b/Admin/debug/env_test.php
similarity index 100%
rename from env_test.php
rename to Admin/debug/env_test.php
diff --git a/ggg.php b/Admin/debug/ggg.php
similarity index 100%
rename from ggg.php
rename to Admin/debug/ggg.php
diff --git a/scratch_db_check.php b/Admin/debug/scratch_db_check.php
similarity index 100%
rename from scratch_db_check.php
rename to Admin/debug/scratch_db_check.php
diff --git a/scratch_log_path.php b/Admin/debug/scratch_log_path.php
similarity index 100%
rename from scratch_log_path.php
rename to Admin/debug/scratch_log_path.php
diff --git a/scratch_test_find.php b/Admin/debug/scratch_test_find.php
similarity index 100%
rename from scratch_test_find.php
rename to Admin/debug/scratch_test_find.php
diff --git a/scratch_test_redis.php b/Admin/debug/scratch_test_redis.php
similarity index 100%
rename from scratch_test_redis.php
rename to Admin/debug/scratch_test_redis.php