<?php
//Obfuscated by YAK Pro - Php Obfuscator 2.0.13 at 2025-06-18 09:19:02
 namespace App\Http\Controllers\Auth; use App\Http\Controllers\Controller; use App\Laravue\JsonResponse; use App\Laravue\Models\User; use Illuminate\Http\Request; use Illuminate\Http\Response; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Hash; use PragmaRX\Google2FA\Google2FA; use Illuminate\Support\Str; use Illuminate\Support\Facades\Crypt; use BaconQrCode\Renderer\ImageRenderer; use BaconQrCode\Renderer\Image\SvgImageBackEnd; use BaconQrCode\Renderer\RendererStyle\RendererStyle; use BaconQrCode\Writer; class TwoFactorAuthController extends Controller { protected $google2fa; public function __construct(Google2FA $uG6jR) { $this->google2fa = $uG6jR; } public function verifyLogin(Request $request) { goto nz8b8; ApcpJ: $Gvvem = $this->getUserFromTempToken($request->temp_token); if ($Gvvem) { goto vDYQf; } return response()->json(new JsonResponse([], "\111\x6e\166\x61\154\151\x64\40\157\162\40\x65\x78\160\x69\162\145\x64\40\x76\145\162\x69\146\151\x63\141\164\151\157\156\40\143\157\144\x65"), Response::HTTP_UNAUTHORIZED); goto JPJiD; JPJiD: vDYQf: ChFOK: $m528p = $this->verifyCode($Gvvem, $request->code); goto Wdpy9; Wdpy9: if ($m528p) { goto LDyBB; } return response()->json(new JsonResponse([], "\111\156\x76\141\154\x69\x64\40\157\x72\40\x65\170\x70\x69\162\x65\144\x20\x76\145\x72\151\146\x69\x63\141\x74\x69\x6f\156\x20\143\157\144\x65"), Response::HTTP_UNAUTHORIZED); LDyBB: goto UQvPC; nz8b8: $request->validate(["\x63\157\144\x65" => "\x72\x65\x71\x75\151\162\145\x64\174\163\x74\x72\151\x6e\x67", "\164\x65\155\x70\137\x74\x6f\153\145\x6e" => "\162\145\161\165\x69\x72\x65\144\174\x73\164\162\x69\x6e\147"]); $Gvvem = $request->user(); if ($Gvvem) { goto ChFOK; } goto ApcpJ; UQvPC: $Gvvem->tokens()->where("\x6e\x61\155\145", "\62\x66\x61\55\x74\145\155\x70\x2d\x74\157\x6b\x65\156")->delete(); $k0vrK = $Gvvem->createToken("\154\x61\162\x61\x76\x75\x65"); return response()->json(["\x74\x6f\x6b\x65\156" => $k0vrK->plainTextToken, "\x6c\157\147\x69\x6e\137\165\x72\x6c" => "\57", "\165\163\145\x72" => $Gvvem]); goto YK_Ho; YK_Ho: } public function status(Request $request) { $Gvvem = $request->user(); return response()->json(["\145\x6e\141\142\x6c\145\x64" => $Gvvem->google2fa_enabled && $Gvvem->google2fa_verified, "\x72\x65\143\x6f\x76\145\162\171\137\x63\x6f\x64\145\163" => $Gvvem->recovery_codes ? json_decode($Gvvem->recovery_codes, true) : []]); } public function enable(Request $request) { goto Yomas; Yomas: $Gvvem = $request->user(); if (!($Gvvem->google2fa_enabled && $Gvvem->google2fa_verified)) { goto U3X8d; } return $this->status($request); goto P6NvT; P6NvT: U3X8d: if (!empty($Gvvem->google2fa_secret)) { goto nVAu0; } $Gvvem->google2fa_secret = $this->google2fa->generateSecretKey(); goto Hz1z1; Hz1z1: $Gvvem->save(); nVAu0: $iRQeQ = $this->getQRCodeUrl($Gvvem); goto QPcoJ; QPcoJ: return response()->json(["\x73\x65\143\x72\145\164" => $Gvvem->google2fa_secret, "\x71\x72\x5f\143\x6f\144\145\137\165\162\x6c" => $iRQeQ]); goto I50F1; I50F1: } public function verify(Request $request) { goto nbGOw; Zp3vL: $Gvvem->save(); return response()->json(["\155\x65\x73\x73\141\147\145" => "\x54\167\157\55\146\141\143\164\x6f\x72\x20\x61\165\x74\150\x65\156\164\x69\x63\141\x74\x69\157\x6e\x20\150\x61\x73\x20\x62\145\145\x6e\x20\145\156\x61\142\154\x65\144\40\x73\x75\x63\x63\145\x73\163\x66\x75\x6c\x6c\171\x2e", "\162\145\143\157\166\145\162\x79\137\x63\x6f\x64\145\163" => json_decode($Gvvem->recovery_codes, true)]); goto uSHWW; MjnK1: $yaTtl = $this->createNewRecoveryCodes(); $Gvvem->recovery_codes = $yaTtl; W2dxk: goto Zp3vL; u8Ltj: if ($m528p) { goto nahD6; } return response()->json(new JsonResponse([], "\x49\156\166\x61\154\x69\x64\40\166\145\x72\x69\146\x69\143\x61\164\151\157\156\x20\x63\157\x64\145"), Response::HTTP_UNPROCESSABLE_ENTITY); nahD6: goto UPcK5; nbGOw: $request->validate(["\143\157\x64\x65" => "\162\145\161\x75\151\x72\145\144\174\163\164\162\x69\x6e\147"]); $Gvvem = $request->user(); $m528p = $this->verifyCode($Gvvem, $request->code); goto u8Ltj; UPcK5: $Gvvem->google2fa_enabled = true; $Gvvem->google2fa_verified = true; if (!empty($Gvvem->recovery_codes)) { goto W2dxk; } goto MjnK1; uSHWW: } public function disable(Request $request) { goto mWLyU; mWLyU: $Gvvem = $request->user(); if ($Gvvem->google2fa_enabled) { goto xJRjr; } return response()->json(["\155\145\x73\163\141\147\x65" => "\x54\x77\x6f\x2d\146\141\143\x74\157\162\x20\x61\165\x74\150\145\156\164\151\143\141\164\151\157\x6e\x20\151\x73\40\x61\x6c\162\145\141\144\171\40\x64\x69\x73\x61\142\x6c\x65\144\56"]); goto m2f0a; m2f0a: xJRjr: if (Hash::check($request->input("\x70\141\x73\163\x77\157\x72\144"), $Gvvem->password)) { goto Dja8A; } return response()->json(new JsonResponse([], "\111\156\166\x61\154\151\144\40\x70\141\x73\163\x77\157\162\144"), Response::HTTP_UNPROCESSABLE_ENTITY); goto jjTOu; RNoHl: return response()->json(["\x6d\145\163\x73\141\147\x65" => "\124\x77\157\x2d\x66\141\143\x74\157\x72\x20\141\165\164\150\x65\x6e\164\x69\143\141\x74\151\x6f\156\x20\x68\141\x73\x20\142\145\x65\156\x20\x64\151\163\141\x62\154\x65\144\40\x73\165\x63\x63\145\x73\x73\146\x75\154\x6c\171\x2e"]); goto uPfJQ; OtQHp: $Gvvem->google2fa_verified = false; $Gvvem->recovery_codes = null; $Gvvem->save(); goto RNoHl; jjTOu: Dja8A: $Gvvem->google2fa_secret = null; $Gvvem->google2fa_enabled = false; goto OtQHp; uPfJQ: } public function generateRecoveryCodes(Request $request) { goto LGjlQ; h6q0D: $Gvvem->save(); return response()->json(["\162\x65\x63\157\166\x65\162\x79\x5f\x63\157\144\145\x73" => json_decode($yaTtl, true)]); goto fHpbM; LGjlQ: $Gvvem = $request->user(); if ($Gvvem->google2fa_enabled) { goto yY2VZ; } return response()->json(new JsonResponse([], "\x54\x77\157\x2d\146\141\x63\164\157\x72\x20\x61\x75\164\150\145\156\164\151\x63\141\x74\x69\x6f\x6e\40\151\163\x20\156\157\x74\x20\145\156\x61\x62\x6c\145\144"), Response::HTTP_UNPROCESSABLE_ENTITY); goto N0lym; N0lym: yY2VZ: $yaTtl = $this->createNewRecoveryCodes(); $Gvvem->recovery_codes = $yaTtl; goto h6q0D; fHpbM: } protected function verifyCode(User $Gvvem, $ENJJ3) { if (!$this->isRecoveryCode($Gvvem, $ENJJ3)) { goto N70AH; } return true; N70AH: return $this->google2fa->verifyKey($Gvvem->google2fa_secret, $ENJJ3, config("\141\x75\x74\x68\x2e\x32\146\x61\x2e\167\x69\x6e\144\157\x77", 1)); } protected function isRecoveryCode(User $Gvvem, $ENJJ3) { goto biJpZ; B7lMG: $yaTtl = json_decode($Gvvem->recovery_codes, true); if (is_array($yaTtl)) { goto B8jwY; } return false; goto G_MY9; jCygO: $Gvvem->recovery_codes = array_values($yaTtl); $Gvvem->save(); return true; goto F0tQC; biJpZ: if (!empty($Gvvem->recovery_codes)) { goto fm3l4; } return false; fm3l4: goto B7lMG; G_MY9: B8jwY: $JgsB1 = array_search($ENJJ3, $yaTtl); if (!($JgsB1 === false)) { goto udb9B; } goto UbeNY; UbeNY: return false; udb9B: unset($yaTtl[$JgsB1]); goto jCygO; F0tQC: } protected function createNewRecoveryCodes() { goto QXyrr; QXyrr: $yaTtl = []; $HFX0q = 0; JB2Ki: goto xh0Tg; Icmib: $HFX0q++; goto JB2Ki; FqiXe: goto Khexi; Khexi: return json_encode($yaTtl); goto bkv6l; xh0Tg: if (!($HFX0q < 8)) { goto FqiXe; } $yaTtl[] = strtoupper(Str::random(10)); yczCR: goto Icmib; bkv6l: } protected function getQRCodeUrl(User $Gvvem) { goto j5HjY; ydjik: $g6Vok = new ImageRenderer(new RendererStyle(400), new SvgImageBackEnd()); $OlHAM = new Writer($g6Vok); $iCDuK = $OlHAM->writeString($iRQeQ); goto SQN_z; j5HjY: $KV7v5 = config("\141\160\x70\56\x6e\x61\155\145", "\x4c\x61\162\x61\166\x65\154"); $H8D7R = $Gvvem->email; $iRQeQ = $this->google2fa->getQRCodeUrl($KV7v5, $H8D7R, $Gvvem->google2fa_secret); goto ydjik; SQN_z: return "\x64\141\x74\141\x3a\151\155\141\x67\x65\57\x73\166\x67\x2b\x78\x6d\154\73\142\141\163\145\66\x34\54" . base64_encode($iCDuK); goto sIxOh; sIxOh: } protected function getUserFromTempToken($BqPJt) { goto EQDLC; iDj6t: r9aXd: $Gvvem = $k0vrK->tokenable; if (in_array("\166\145\x72\151\x66\171\x2d\62\x66\x61", $k0vrK->abilities)) { goto Bk4Dv; } goto xP0JC; EQDLC: $k0vrK = \Laravel\Sanctum\PersonalAccessToken::findToken($BqPJt); if ($k0vrK) { goto r9aXd; } return null; goto iDj6t; xP0JC: return null; Bk4Dv: return $Gvvem; goto p1CgE; p1CgE: } }