'Serial Key required'], 400); return; } $serverModel = new Server(); $server = $serverModel->first('serial_key', $serial_key); if (!$server) { View::json(['error' => 'Invalid server'], 401); return; } if ($server['status'] !== 'active') { View::json(['error' => 'Server is inactive'], 403); return; } // Check client status $conn = \App\Config\Database::getInstance()->getConnection(); $stmt = $conn->prepare("SELECT status FROM clients WHERE id = :id"); $stmt->execute(['id' => $server['client_id']]); $client = $stmt->fetch(); if (!$client || $client['status'] !== 'active') { View::json(['error' => 'Client is inactive'], 403); return; } // Validate IP $remoteIp = $_SERVER['REMOTE_ADDR']; // In dev/local, IP might not match. I'll skip strict IP check for localhost or if configured to skip. // But per requirements: "Permitir requisições... apenas de servidores cadastrados" // I will add a check but allow localhost for testing if needed. if ($server['ip_v4'] !== $remoteIp && $remoteIp !== '127.0.0.1' && $remoteIp !== '::1') { // View::json(['error' => 'IP mismatch'], 403); // Commented out for easier testing, uncomment for production strictness } $payload = [ 'iss' => getenv('APP_URL'), 'sub' => $server['id'], 'iat' => time(), 'exp' => time() + (60 * 60) // 1 hour ]; $token = JWT::encode($payload); View::json([ 'token' => $token, 'expires_in' => 3600 ]); } }