Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 15:16

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-03 15:16:36 +03:00
parent 7cd2d91576
commit 061431f36a
4 changed files with 94 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Core/Application.php
View File

@@ -64,7 +64,7 @@ final class Application
header('Strict-Transport-Security: max-age=31536000; includeSubDomains; preload');
header('Referrer-Policy: strict-origin-when-cross-origin');
header('Permissions-Policy: camera=(), microphone=(), geolocation=()');
header('Content-Security-Policy: default-src \'self\'; script-src \'self\' cdn.tailwindcss.com unpkg.com; style-src \'self\' \'unsafe-inline\' fonts.googleapis.com; font-src fonts.gstatic.com');
header('Content-Security-Policy: default-src \'self\'; script-src \'self\' \'unsafe-inline\' cdn.tailwindcss.com unpkg.com cdn.jsdelivr.net; style-src \'self\' \'unsafe-inline\' fonts.googleapis.com; font-src fonts.gstatic.com; img-src \'self\' data: blob:;');
header_remove('X-Powered-By');
try {

31
app/Modules/Auth/AuthController.php
View File

@@ -178,6 +178,37 @@ final class AuthController
}
}
public function login2FAVerify(Request $request): void
{
$data = $request->getBody();
$code = $data['code'] ?? '';
$userId = $request->user->user_id;
$db = \App\Core\Database::getInstance();
$stmt = $db->prepare("SELECT totp_secret FROM users WHERE id = ?");
$stmt->execute([$userId]);
$secret = $stmt->fetchColumn();
$totpService = new \App\Services\TotpService();
if ($secret && $totpService->verify($secret, $code)) {
// Re-fetch user for full data
$stmt = $db->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute([$userId]);
$user = $stmt->fetch();
$authService = new AuthService();
$tokens = $authService->generateTokens($user);
Response::json([
'success' => true,
'data' => $tokens,
'message' => 'تم التحقق بنجاح'
]);
} else {
Response::error('رمز التحقق غير صحيح', 'INVALID_CODE', 401);
}
}
public function disable2FA(Request $request): void
{
$db = \App\Core\Database::getInstance();