blax-software
/
laravel-websockets
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wip

This commit is contained in:
Marcel Pociot 2018-11-24 15:36:13 +01:00
parent cf3c87ee61
commit 2b24f064be
2 changed files with 19 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/LaravelEcho/Http/Controllers/EchoController.php
View File

@ -42,6 +42,7 @@ abstract class EchoController implements HttpServerInterface
$laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest)); $laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));
$this->verifyAppId($laravelRequest->appId); $this->verifyAppId($laravelRequest->appId);
$this->verifySignature($laravelRequest);
$response = $this($laravelRequest); $response = $this($laravelRequest);
@ -80,5 +81,23 @@ abstract class EchoController implements HttpServerInterface
throw new HttpException(401, "Unknown app id `{$appId}` provided."); throw new HttpException(401, "Unknown app id `{$appId}` provided.");
} }
protected function verifySignature(Request $request)
{
$bodyMd5 = md5($request->getContent());
$signature =
"{$request->getMethod()}\n/{$request->path()}\n".
"auth_key={$request->get('auth_key')}".
"&auth_timestamp={$request->get('auth_timestamp')}".
"&auth_version={$request->get('auth_version')}".
"&body_md5={$bodyMd5}";
$authSignature = hash_hmac('sha256', $signature, Client::findByAppId($request->get('appId'))->appSecret);
if ($authSignature !== $request->get('auth_signature')) {
throw new HttpException(401, 'Invalid auth signature provided.');
}
}
abstract public function __invoke(Request $request); abstract public function __invoke(Request $request);
} }

20
src/LaravelEcho/Http/Controllers/TriggerEvent.php
View File

@ -2,9 +2,7 @@
namespace BeyondCode\LaravelWebSockets\LaravelEcho\Http\Controllers; namespace BeyondCode\LaravelWebSockets\LaravelEcho\Http\Controllers;
use BeyondCode\LaravelWebSockets\ClientProviders\Client;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\HttpException;
class TriggerEvent extends EchoController class TriggerEvent extends EchoController
{ {
@ -24,22 +22,4 @@ class TriggerEvent extends EchoController
return $request->json()->all(); return $request->json()->all();
} }
protected function verifySignature(Request $request)
{
$bodyMd5 = md5($request->getContent());
$signature =
"POST\n/apps/{$request->get('appId')}/events\n".
"auth_key={$request->get('auth_key')}".
"&auth_timestamp={$request->get('auth_timestamp')}".
"&auth_version={$request->get('auth_version')}".
"&body_md5={$bodyMd5}";
$authSignature = hash_hmac('sha256', $signature, Client::findByAppId($request->get('appId'))->appSecret);
if ($authSignature !== $request->get('auth_signature')) {
throw new HttpException(401, 'Invalid auth signature provided.');
}
}
} }