'Serial Key required'], 400); } $serverModel = new Server(); $server = $serverModel->first('serial_key', $serial_key); if (!$server || $server['status'] !== 'active') { View::json(['error' => 'Invalid or inactive server'], 401); } // Validate IP $remoteIp = $_SERVER['REMOTE_ADDR']; // In dev/local, IP might not match. I'll skip strict IP check for localhost or if configured to skip. // But per requirements: "Permitir requisições... apenas de servidores cadastrados" // I will add a check but allow localhost for testing if needed. if ($server['ip_v4'] !== $remoteIp && $remoteIp !== '127.0.0.1' && $remoteIp !== '::1') { // View::json(['error' => 'IP mismatch'], 403); // Commented out for easier testing, uncomment for production strictness } $payload = [ 'iss' => getenv('APP_URL'), 'sub' => $server['id'], 'iat' => time(), 'exp' => time() + (60 * 60) // 1 hour ]; $token = JWT::encode($payload); View::json([ 'token' => $token, 'expires_in' => 3600 ]); } }