laravel-websockets/src/LaravelEcho/Http/Controllers/EchoController.php

<?php

namespace BeyondCode\LaravelWebSockets\LaravelEcho\Http\Controllers;

use BeyondCode\LaravelWebSockets\ClientProviders\Client;
use Exception;
use Illuminate\Http\Request;
use GuzzleHttp\Psr7 as gPsr;
use GuzzleHttp\Psr7\Response;
use Ratchet\ConnectionInterface;
use Illuminate\Http\JsonResponse;
use GuzzleHttp\Psr7\ServerRequest;
use Ratchet\Http\HttpServerInterface;
use Psr\Http\Message\RequestInterface;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
use BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Channels\ChannelManager;

abstract class EchoController implements HttpServerInterface
{
    /** @var \BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Channels\ChannelManager */
    protected $channelManager;

    public function __construct(ChannelManager $channelManager)
    {
        $this->channelManager = $channelManager;
    }

    public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)
    {
        $queryParameters = [];
        parse_str($request->getUri()->getQuery(), $queryParameters);

        $serverRequest = (new ServerRequest(
            $request->getMethod(),
            $request->getUri(),
            $request->getHeaders(),
            $request->getBody(),
            $request->getProtocolVersion()
        ))->withQueryParams($queryParameters);

        $laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));

        $this->verifyAppId($laravelRequest->appId);
        $this->verifySignature($laravelRequest);

        $response = $this($laravelRequest);

        $connection->send(JsonResponse::create($response)->send());
        $connection->close();
    }

    function onMessage(ConnectionInterface $from, $msg)
    {
    }

    function onClose(ConnectionInterface $connection)
    {
    }

    function onError(ConnectionInterface $connection, Exception $exception)
    {
        if ($exception instanceof HttpException) {
            $response = new Response($exception->getStatusCode(), [
                'Content-Type' => 'application/json'
            ], json_encode([
                'error' => $exception->getMessage()
            ]));

            $connection->send(gPsr\str($response));
            $connection->close();
        }
    }

    public function verifyAppId(string $appId)
    {
        if ($client = Client::findByAppId($appId)) {
             return;
        }

        throw new HttpException(401, "Unknown app id `{$appId}` provided.");
    }

    protected function verifySignature(Request $request)
    {
        $bodyMd5 = md5($request->getContent());

        $signature =
            "{$request->getMethod()}\n/{$request->path()}\n".
            "auth_key={$request->get('auth_key')}".
            "&auth_timestamp={$request->get('auth_timestamp')}".
            "&auth_version={$request->get('auth_version')}".
            "&body_md5={$bodyMd5}";

        $authSignature = hash_hmac('sha256', $signature, Client::findByAppId($request->get('appId'))->appSecret);

        if ($authSignature !== $request->get('auth_signature')) {
            throw new HttpException(401, 'Invalid auth signature provided.');
        }
    }

    abstract public function __invoke(Request $request);
}
wip 2018-11-20 13:50:37 +00:00			`<?php`

wip 2018-11-21 11:13:40 +00:00			`namespace BeyondCode\LaravelWebSockets\LaravelEcho\Http\Controllers;`
wip 2018-11-20 13:50:37 +00:00
commit 2018-11-24 00:53:20 +00:00			`use BeyondCode\LaravelWebSockets\ClientProviders\Client;`
wip 2018-11-22 20:36:25 +00:00			`use Exception;`
wip 2018-11-21 11:13:40 +00:00			`use Illuminate\Http\Request;`
wip 2018-11-22 20:36:25 +00:00			`use GuzzleHttp\Psr7 as gPsr;`
			`use GuzzleHttp\Psr7\Response;`
wip 2018-11-20 13:50:37 +00:00			`use Ratchet\ConnectionInterface;`
			`use Illuminate\Http\JsonResponse;`
wip 2018-11-21 11:13:40 +00:00			`use GuzzleHttp\Psr7\ServerRequest;`
wip 2018-11-20 13:50:37 +00:00			`use Ratchet\Http\HttpServerInterface;`
			`use Psr\Http\Message\RequestInterface;`
wip 2018-11-22 20:36:25 +00:00			`use Symfony\Component\HttpKernel\Exception\HttpException;`
wip 2018-11-21 11:13:40 +00:00			`use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;`
wip 2018-11-22 23:24:40 +00:00			`use BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Channels\ChannelManager;`
wip 2018-11-20 13:50:37 +00:00
			`abstract class EchoController implements HttpServerInterface`
			`{`
wip 2018-11-22 23:24:40 +00:00			`/** @var \BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Channels\ChannelManager */`
			`protected $channelManager;`

			`public function __construct(ChannelManager $channelManager)`
			`{`
			`$this->channelManager = $channelManager;`
			`}`

wip 2018-11-22 20:36:25 +00:00			`public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)`
wip 2018-11-20 13:50:37 +00:00			`{`
wip 2018-11-21 11:13:40 +00:00			`$queryParameters = [];`
			`parse_str($request->getUri()->getQuery(), $queryParameters);`

			`$serverRequest = (new ServerRequest(`
			`$request->getMethod(),`
			`$request->getUri(),`
			`$request->getHeaders(),`
			`$request->getBody(),`
			`$request->getProtocolVersion()`
			`))->withQueryParams($queryParameters);`

wip 2018-11-22 20:36:25 +00:00			`$laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));`

			`$this->verifyAppId($laravelRequest->appId);`
wip 2018-11-24 14:36:13 +00:00			`$this->verifySignature($laravelRequest);`
wip 2018-11-22 20:36:25 +00:00
			`$response = $this($laravelRequest);`

			`$connection->send(JsonResponse::create($response)->send());`
			`$connection->close();`
wip 2018-11-20 13:50:37 +00:00			`}`

			`function onMessage(ConnectionInterface $from, $msg)`
			`{`
nitpicks 2018-11-21 23:10:47 +00:00			`}`

wip 2018-11-22 20:36:25 +00:00			`function onClose(ConnectionInterface $connection)`
nitpicks 2018-11-21 23:10:47 +00:00			`{`
			`}`

wip 2018-11-22 20:36:25 +00:00			`function onError(ConnectionInterface $connection, Exception $exception)`
			`{`
commit 2018-11-24 00:53:20 +00:00			`if ($exception instanceof HttpException) {`
wip 2018-11-22 21:02:36 +00:00			`$response = new Response($exception->getStatusCode(), [`
			`'Content-Type' => 'application/json'`
			`], json_encode([`
			`'error' => $exception->getMessage()`
			`]));`
wip 2018-11-22 20:36:25 +00:00
wip 2018-11-24 14:23:59 +00:00			`$connection->send(gPsr\str($response));`
wip 2018-11-22 20:36:25 +00:00			`$connection->close();`
			`}`
			`}`

			`public function verifyAppId(string $appId)`
nitpicks 2018-11-21 23:10:47 +00:00			`{`
commit 2018-11-24 00:53:20 +00:00			`if ($client = Client::findByAppId($appId)) {`
			`return;`
wip 2018-11-22 20:36:25 +00:00			`}`
commit 2018-11-24 00:53:20 +00:00
			throw new HttpException(401, "Unknown app id `{$appId}` provided.");
wip 2018-11-20 13:50:37 +00:00			`}`

wip 2018-11-24 14:36:13 +00:00			`protected function verifySignature(Request $request)`
			`{`
			`$bodyMd5 = md5($request->getContent());`

			`$signature =`
			`"{$request->getMethod()}\n/{$request->path()}\n".`
			`"auth_key={$request->get('auth_key')}".`
			`"&auth_timestamp={$request->get('auth_timestamp')}".`
			`"&auth_version={$request->get('auth_version')}".`
			`"&body_md5={$bodyMd5}";`

			`$authSignature = hash_hmac('sha256', $signature, Client::findByAppId($request->get('appId'))->appSecret);`

			`if ($authSignature !== $request->get('auth_signature')) {`
			`throw new HttpException(401, 'Invalid auth signature provided.');`
			`}`
			`}`

wip 2018-11-21 11:13:40 +00:00			`abstract public function __invoke(Request $request);`
wip 2018-11-20 13:50:37 +00:00			`}`