Update: 2026-05-15 04:16:32

2026-05-15 04:16:32 +03:00
parent 5b34f3ae07
commit fefe913ab7
7 changed files with 99 additions and 0 deletions
--- a/app/src/main/java/com/jordanbot/autoride/MainActivity.kt
+++ b/app/src/main/java/com/jordanbot/autoride/MainActivity.kt
@@ -20,6 +20,8 @@ import androidx.core.app.NotificationManagerCompat
 import androidx.core.content.ContextCompat
 import com.jordanbot.autoride.service.BotForegroundService
 import com.jordanbot.autoride.service.OverlayService
+import com.jordanbot.autoride.api.ApiClient
+import com.jordanbot.autoride.utils.DeviceUtils

 import androidx.lifecycle.lifecycleScope
 import kotlinx.coroutines.launch
@@ -51,6 +53,9 @@ class MainActivity : AppCompatActivity() {
        // Load Settings
        FilterEngine.init(this)

+        // Set App Signature for API Security
+        ApiClient.appSignature = DeviceUtils.getAppSignatureSHA256(this)
+
        // Load cached subscription data
        SubscriptionManager.loadLocalCache(this)

--- a/app/src/main/java/com/jordanbot/autoride/api/BackendApi.kt
+++ b/app/src/main/java/com/jordanbot/autoride/api/BackendApi.kt
@@ -4,6 +4,8 @@ import retrofit2.Retrofit
 import retrofit2.converter.gson.GsonConverterFactory
 import retrofit2.http.Body
 import retrofit2.http.POST
+import okhttp3.Interceptor
+import okhttp3.OkHttpClient

 // Data models for the API
 data class RideLogRequest(
@@ -78,10 +80,23 @@ interface BackendApiService {
 object ApiClient {
    // Replace with your actual server URL
    private const val BASE_URL = "https://lawer.tripz-egypt.com/jordan_bot/backend/"
+    private val API_KEY = com.jordanbot.autoride.BuildConfig.API_KEY
+    var appSignature: String = ""
+
+    private val httpClient = OkHttpClient.Builder().apply {
+        addInterceptor(Interceptor { chain ->
+            val request = chain.request().newBuilder()
+                .addHeader("X-API-Key", API_KEY)
+                .addHeader("X-App-Signature", appSignature)
+                .build()
+            chain.proceed(request)
+        })
+    }.build()

    val service: BackendApiService by lazy {
        Retrofit.Builder()
            .baseUrl(BASE_URL)
+            .client(httpClient)
            .addConverterFactory(GsonConverterFactory.create())
            .build()
            .create(BackendApiService::class.java)
--- a/app/src/main/java/com/jordanbot/autoride/utils/DeviceUtils.kt
+++ b/app/src/main/java/com/jordanbot/autoride/utils/DeviceUtils.kt
@@ -3,6 +3,9 @@ package com.jordanbot.autoride.utils
 import android.content.Context
 import android.provider.Settings

+import android.content.pm.PackageManager
+import java.security.MessageDigest
+
 object DeviceUtils {
    /**
     * Returns a unique fingerprint for the device based on Android ID.
@@ -10,4 +13,25 @@ object DeviceUtils {
    fun getDeviceFingerprint(context: Context): String {
        return Settings.Secure.getString(context.contentResolver, Settings.Secure.ANDROID_ID) ?: "UNKNOWN_DEVICE"
    }
+
+    /**
+     * Returns the SHA-256 signature of the installed app.
+     */
+    fun getAppSignatureSHA256(context: Context): String {
+        try {
+            val packageInfo = context.packageManager.getPackageInfo(
+                context.packageName,
+                PackageManager.GET_SIGNATURES
+            )
+            for (signature in packageInfo.signatures) {
+                val md = MessageDigest.getInstance("SHA-256")
+                md.update(signature.toByteArray())
+                val digest = md.digest()
+                return digest.joinToString("") { "%02x".format(it) }
+            }
+        } catch (e: Exception) {
+            e.printStackTrace()
+        }
+        return ""
+    }
 }