Hamza/jordan_bot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-15 13:49:20

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-15 13:49:21 +03:00
parent fefe913ab7
commit c59d888b74
2443 changed files with 320028 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/config/db.php
View File

@@ -51,11 +51,18 @@ if ($providedKey !== $expectedApiKey) {
}
// Extra Security: App Signature Fingerprint Validation (Optional)
$expectedAppSignature = $_ENV['APP_SIGNATURE_SHA256'] ?? null;
if (!empty($expectedAppSignature)) {
$expectedSignatures = $_ENV['APP_SIGNATURE_SHA256'] ?? null;
if (!empty($expectedSignatures)) {
$providedSignature = $headers['X-App-Signature'] ?? ($headers['x-app-signature'] ?? null);
// Ignore case and compare
if (strcasecmp($providedSignature, $expectedAppSignature) !== 0) {
$validSignatures = explode(',', $expectedSignatures);
$isValid = false;
foreach ($validSignatures as $sig) {
if (strcasecmp(trim($sig), trim($providedSignature)) === 0) {
$isValid = true;
break;
}
}
if (!$isValid) {
http_response_code(403);
echo json_encode(['success' => false, 'message' => 'Forbidden: Invalid App Signature (Anti-Tamper)']);
exit;