Hamza/nabeh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deploy: 2026-05-22 04:07:44

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-22 04:07:44 +03:00
parent 2b9bc0e4a3
commit b82a02f6fa
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
backend/app/Controllers/SallaController.php
View File

@@ -32,11 +32,15 @@ class SallaController extends BaseController
$clientId = getenv('SALLA_CLIENT_ID') ?: '69ea789c-f611-4ea7-a3ee-7ead41420225'; $clientId = getenv('SALLA_CLIENT_ID') ?: '69ea789c-f611-4ea7-a3ee-7ead41420225';
$redirectUri = getenv('APP_URL') . '/api/integrations/salla/callback'; $redirectUri = getenv('APP_URL') . '/api/integrations/salla/callback';
// Build state: company_id + random token (min 8 chars required by Salla)
$randomToken = bin2hex(random_bytes(8)); // 16-char hex
$state = $companyId . '_' . $randomToken;
$authUrl = "https://accounts.salla.sa/oauth2/auth?" . http_build_query([ $authUrl = "https://accounts.salla.sa/oauth2/auth?" . http_build_query([
'client_id' => $clientId, 'client_id' => $clientId,
'redirect_uri' => $redirectUri, 'redirect_uri' => $redirectUri,
'response_type' => 'code', 'response_type' => 'code',
'state' => $companyId 'state' => $state
]); ]);
header("Location: " . $authUrl); header("Location: " . $authUrl);
@@ -60,7 +64,11 @@ class SallaController extends BaseController
} }
$code = $_GET['code'] ?? ''; $code = $_GET['code'] ?? '';
$companyId = $_GET['state'] ?? ''; $rawState = $_GET['state'] ?? '';
// Extract company_id from state (format: "companyId_randomToken")
$stateParts = explode('_', $rawState, 2);
$companyId = $stateParts[0] ?? '';
if (empty($code) || empty($companyId)) { if (empty($code) || empty($companyId)) {
$response->status(400)->html("<h3>Error: Missing authorization code or state (company_id).</h3>"); $response->status(400)->html("<h3>Error: Missing authorization code or state (company_id).</h3>");