laravel-websockets/src/HttpApi/Controllers/Controller.php

<?php

namespace BeyondCode\LaravelWebSockets\HttpApi\Controllers;

use BeyondCode\LaravelWebSockets\ClientProviders\Client;
use BeyondCode\LaravelWebSockets\Dashboard\DashboardLogger;
use BeyondCode\LaravelWebSockets\Events\ExceptionThrown;
use BeyondCode\LaravelWebSockets\QueryParameters;
use Exception;
use Illuminate\Http\Request;
use GuzzleHttp\Psr7\Response;
use Ratchet\ConnectionInterface;
use Illuminate\Http\JsonResponse;
use GuzzleHttp\Psr7\ServerRequest;
use Ratchet\Http\HttpServerInterface;
use Psr\Http\Message\RequestInterface;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
use BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager;

abstract class Controller implements HttpServerInterface
{
    /** @var \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager */
    protected $channelManager;

    public function __construct(ChannelManager $channelManager)
    {
        $this->channelManager = $channelManager;
    }

    public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)
    {
        $serverRequest = (new ServerRequest(
            $request->getMethod(),
            $request->getUri(),
            $request->getHeaders(),
            $request->getBody(),
            $request->getProtocolVersion()
        ))->withQueryParams(QueryParameters::create($request)->all());

        $laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));

        $this
            ->ensureValidAppId($laravelRequest->appId)
            ->ensureValidSignature($laravelRequest);

        $response = $this($laravelRequest);

        $connection->send(JsonResponse::create($response));
        $connection->close();
    }

    function onMessage(ConnectionInterface $from, $msg)
    {
    }

    function onClose(ConnectionInterface $connection)
    {
    }

    function onError(ConnectionInterface $connection, Exception $exception)
    {
        if (! $exception instanceof HttpException) {
            return;
        }

        $response = new Response($exception->getStatusCode(), [
            'Content-Type' => 'application/json'
        ], json_encode([
            'error' => $exception->getMessage()
        ]));

        $connection->send(\GuzzleHttp\Psr7\str($response));

        $connection->close();
    }

    public function ensureValidAppId(string $appId)
    {
        if (!$client = Client::findByAppId($appId)) {
            throw new HttpException(401, "Unknown app id `{$appId}` provided.");
        }

        return $this;
    }

    protected function ensureValidSignature(Request $request)
    {
        $bodyMd5 = md5($request->getContent());

        $signature =
            "{$request->getMethod()}\n/{$request->path()}\n" .
            "auth_key={$request->get('auth_key')}" .
            "&auth_timestamp={$request->get('auth_timestamp')}" .
            "&auth_version={$request->get('auth_version')}" .
            "&body_md5={$bodyMd5}";

        $authSignature = hash_hmac('sha256', $signature, Client::findByAppId($request->get('appId'))->appSecret);

        if ($authSignature !== $request->get('auth_signature')) {
            throw new HttpException(401, 'Invalid auth signature provided.');
        }

        return $this;
    }

    abstract public function __invoke(Request $request);
}
wip 2018-11-20 13:50:37 +00:00			`<?php`

wip 2018-11-27 15:42:19 +00:00			`namespace BeyondCode\LaravelWebSockets\HttpApi\Controllers;`
wip 2018-11-20 13:50:37 +00:00
commit 2018-11-24 00:53:20 +00:00			`use BeyondCode\LaravelWebSockets\ClientProviders\Client;`
wip 2018-11-29 10:59:17 +00:00			`use BeyondCode\LaravelWebSockets\Dashboard\DashboardLogger;`
fire event on exception 2018-11-26 22:15:03 +00:00			`use BeyondCode\LaravelWebSockets\Events\ExceptionThrown;`
nitpicks 2018-11-25 23:42:45 +00:00			`use BeyondCode\LaravelWebSockets\QueryParameters;`
wip 2018-11-22 20:36:25 +00:00			`use Exception;`
wip 2018-11-21 11:13:40 +00:00			`use Illuminate\Http\Request;`
wip 2018-11-22 20:36:25 +00:00			`use GuzzleHttp\Psr7\Response;`
wip 2018-11-20 13:50:37 +00:00			`use Ratchet\ConnectionInterface;`
			`use Illuminate\Http\JsonResponse;`
wip 2018-11-21 11:13:40 +00:00			`use GuzzleHttp\Psr7\ServerRequest;`
wip 2018-11-20 13:50:37 +00:00			`use Ratchet\Http\HttpServerInterface;`
			`use Psr\Http\Message\RequestInterface;`
wip 2018-11-22 20:36:25 +00:00			`use Symfony\Component\HttpKernel\Exception\HttpException;`
wip 2018-11-21 11:13:40 +00:00			`use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;`
fix namespaces 2018-11-27 15:35:28 +00:00			`use BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager;`
wip 2018-11-20 13:50:37 +00:00
wip 2018-11-27 14:59:02 +00:00			`abstract class Controller implements HttpServerInterface`
wip 2018-11-20 13:50:37 +00:00			`{`
wip 2018-11-27 15:43:59 +00:00			`/** @var \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager */`
wip 2018-11-22 23:24:40 +00:00			`protected $channelManager;`

			`public function __construct(ChannelManager $channelManager)`
			`{`
			`$this->channelManager = $channelManager;`
			`}`

wip 2018-11-22 20:36:25 +00:00			`public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)`
wip 2018-11-20 13:50:37 +00:00			`{`
wip 2018-11-21 11:13:40 +00:00			`$serverRequest = (new ServerRequest(`
			`$request->getMethod(),`
			`$request->getUri(),`
			`$request->getHeaders(),`
			`$request->getBody(),`
			`$request->getProtocolVersion()`
nitpicks 2018-11-25 23:42:45 +00:00			`))->withQueryParams(QueryParameters::create($request)->all());`
wip 2018-11-21 11:13:40 +00:00
wip 2018-11-22 20:36:25 +00:00			`$laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));`

nitpicks 2018-11-26 08:03:04 +00:00			`$this`
			`->ensureValidAppId($laravelRequest->appId)`
			`->ensureValidSignature($laravelRequest);`
wip 2018-11-22 20:36:25 +00:00
			`$response = $this($laravelRequest);`

wip 2018-11-29 08:27:43 +00:00			`$connection->send(JsonResponse::create($response));`
wip 2018-11-22 20:36:25 +00:00			`$connection->close();`
wip 2018-11-20 13:50:37 +00:00			`}`

			`function onMessage(ConnectionInterface $from, $msg)`
			`{`
nitpicks 2018-11-21 23:10:47 +00:00			`}`

wip 2018-11-22 20:36:25 +00:00			`function onClose(ConnectionInterface $connection)`
nitpicks 2018-11-21 23:10:47 +00:00			`{`
			`}`

wip 2018-11-22 20:36:25 +00:00			`function onError(ConnectionInterface $connection, Exception $exception)`
			`{`
nitpick 2018-11-26 22:04:20 +00:00			`if (! $exception instanceof HttpException) {`
			`return;`
wip 2018-11-22 20:36:25 +00:00			`}`
nitpick 2018-11-26 22:04:20 +00:00
			`$response = new Response($exception->getStatusCode(), [`
			`'Content-Type' => 'application/json'`
			`], json_encode([`
			`'error' => $exception->getMessage()`
			`]));`

wip 2018-11-28 21:37:10 +00:00			`$connection->send(\GuzzleHttp\Psr7\str($response));`
fire event on exception 2018-11-26 22:15:03 +00:00
nitpick 2018-11-26 22:04:20 +00:00			`$connection->close();`
wip 2018-11-22 20:36:25 +00:00			`}`

nitpicks 2018-11-26 08:03:04 +00:00			`public function ensureValidAppId(string $appId)`
nitpicks 2018-11-21 23:10:47 +00:00			`{`
nitpick 2018-11-26 22:04:20 +00:00			`if (!$client = Client::findByAppId($appId)) {`
nitpicks 2018-11-26 08:03:04 +00:00			throw new HttpException(401, "Unknown app id `{$appId}` provided.");
wip 2018-11-22 20:36:25 +00:00			`}`
commit 2018-11-24 00:53:20 +00:00
wip 2018-11-26 19:50:02 +00:00			`return $this;`
wip 2018-11-20 13:50:37 +00:00			`}`

nitpicks 2018-11-26 08:03:04 +00:00			`protected function ensureValidSignature(Request $request)`
wip 2018-11-24 14:36:13 +00:00			`{`
			`$bodyMd5 = md5($request->getContent());`

			`$signature =`
nitpick 2018-11-26 22:04:20 +00:00			`"{$request->getMethod()}\n/{$request->path()}\n" .`
			`"auth_key={$request->get('auth_key')}" .`
			`"&auth_timestamp={$request->get('auth_timestamp')}" .`
			`"&auth_version={$request->get('auth_version')}" .`
wip 2018-11-24 14:36:13 +00:00			`"&body_md5={$bodyMd5}";`

			`$authSignature = hash_hmac('sha256', $signature, Client::findByAppId($request->get('appId'))->appSecret);`

			`if ($authSignature !== $request->get('auth_signature')) {`
			`throw new HttpException(401, 'Invalid auth signature provided.');`
			`}`
nitpicks 2018-11-26 08:03:04 +00:00
			`return $this;`
wip 2018-11-24 14:36:13 +00:00			`}`

wip 2018-11-21 11:13:40 +00:00			`abstract public function __invoke(Request $request);`
wip 2018-11-20 13:50:37 +00:00			`}`