em = $em; } protected function getSecretKey($api_key) { return 'sldkfjlksdjflksdjflksdjflsjf'; } protected function validateSignature($req, $hdate_string, $secret_key, $sig) { // get needed params for generation $method = $req->getRealMethod(); $uri = $req->getRequestUri(); $elements = [$method, $uri, $hdate_string, $secret_key]; $sig_source = implode('|', $elements); error_log($sig_source); // generate signature $raw_sig = hash_hmac('sha1', $sig_source, $secret_key, true); $enc_sig = base64_encode($raw_sig); error_log($enc_sig); if ($enc_sig != trim($sig)) throw new AccessDeniedHttpException('Invalid signature.'); } public function onKernelController(FilterControllerEvent $event) { $controller = $event->getController(); // not a controller class? (docs said to handle) if (!is_array($controller)) return; // not an api controller if (!($controller[0] instanceof APIController)) return; $req = $event->getRequest(); // check date from headers $headers = $req->headers->all(); $hdate_string = $req->headers->get(self::HEADER_DATE); if ($hdate_string == null) throw new AccessDeniedHttpException('No date specified.'); $hdate = DateTime::createFromFormat(self::DATE_FORMAT, $hdate_string); if ($hdate == null) throw new AccessDeniedHttpException('Invalid date specified.'); // get number of seconds difference $date_now = new DateTime(); $date_diff = abs($date_now->getTimestamp() - $hdate->getTimestamp()); // time difference is too much if ($date_diff > self::TIME_LIMIT) throw new AccessDeniedHttpException('Clock synchronization error.'); // api key header $api_key = $req->headers->get(self::HEADER_API_KEY); if ($api_key == null) throw new AccessDeniedHttpException('No api key sent.'); // check valid api key $secret_key = $this->getSecretKey($api_key); // signature header $sig = $req->headers->get(self::HEADER_SIGNATURE); if ($sig == null) throw new AccessDeniedHttpException('No signature sent.'); // check valid signature $this->validateSignature($req, $hdate_string, $secret_key, $sig); return; } public static function getSubscribedEvents() { return [ KernelEvents::CONTROLLER => 'onKernelController', ]; } }