blax-software
/
laravel-websockets
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Attach app on request if possible.

This commit is contained in:
Alex Renoki 2020-12-08 16:52:40 +02:00
parent de7e358550
commit 81ee07f003
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/API/Controller.php
View File

@ -51,6 +51,13 @@ abstract class Controller implements HttpServerInterface
*/ */
protected $channelManager; protected $channelManager;
/**
* The app attached with this request.
*
* @var \BeyondCode\LaravelWebSockets\Apps\App|null
*/
protected $app;
/** /**
* Initialize the request. * Initialize the request.
* *
@ -176,8 +183,7 @@ abstract class Controller implements HttpServerInterface
$laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest)); $laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));
$this $this->ensureValidAppId($laravelRequest->get('appId'))
->ensureValidAppId($laravelRequest->appId)
->ensureValidSignature($laravelRequest); ->ensureValidSignature($laravelRequest);
// Invoke the controller action // Invoke the controller action
@ -220,7 +226,7 @@ abstract class Controller implements HttpServerInterface
*/ */
public function ensureValidAppId($appId) public function ensureValidAppId($appId)
{ {
if (! App::findById($appId)) { if (! $appId || ! $this->app = App::findById($appId)) {
throw new HttpException(401, "Unknown app id `{$appId}` provided."); throw new HttpException(401, "Unknown app id `{$appId}` provided.");
} }
@ -252,9 +258,7 @@ abstract class Controller implements HttpServerInterface
$signature = "{$request->getMethod()}\n/{$request->path()}\n".Pusher::array_implode('=', '&', $params); $signature = "{$request->getMethod()}\n/{$request->path()}\n".Pusher::array_implode('=', '&', $params);
$app = App::findById($request->get('appId')); $authSignature = hash_hmac('sha256', $signature, $this->app->secret);
$authSignature = hash_hmac('sha256', $signature, $app->secret);
if ($authSignature !== $request->get('auth_signature')) { if ($authSignature !== $request->get('auth_signature')) {
throw new HttpException(401, 'Invalid auth signature provided.'); throw new HttpException(401, 'Invalid auth signature provided.');