122 lines
3.5 KiB
PHP
122 lines
3.5 KiB
PHP
<?php
|
|
|
|
namespace Catalyst\APIBundle\EventSubscriber;
|
|
|
|
use Catalyst\APIBundle\Controller\APIController;
|
|
|
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
|
use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
|
|
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
|
|
use Symfony\Component\HttpKernel\KernelEvents;
|
|
|
|
use Doctrine\ORM\EntityManagerInterface;
|
|
|
|
use DateTime;
|
|
|
|
class TokenSubscriber implements EventSubscriberInterface
|
|
{
|
|
const HEADER_API_KEY = 'X-Cata-API-Key';
|
|
const HEADER_SIGNATURE = 'X-Cata-Signature';
|
|
const HEADER_DATE = 'X-Cata-Date';
|
|
|
|
const DATE_FORMAT = 'D, d M Y H:i:s T';
|
|
|
|
const QUERY_API_KEY = 'api_key';
|
|
const QUERY_SIGNATURE = 'sig';
|
|
|
|
// 30 minute time limit
|
|
const TIME_LIMIT = 1800;
|
|
|
|
protected $em;
|
|
|
|
public function __construct(EntityManagerInterface $em)
|
|
{
|
|
$this-> em = $em;
|
|
}
|
|
|
|
protected function getSecretKey($api_key)
|
|
{
|
|
return 'sldkfjlksdjflksdjflksdjflsjf';
|
|
}
|
|
|
|
protected function validateSignature($req, $hdate_string, $secret_key, $sig)
|
|
{
|
|
// get needed params for generation
|
|
$method = $req->getRealMethod();
|
|
$uri = $req->getRequestUri();
|
|
|
|
$elements = [$method, $uri, $hdate_string, $secret_key];
|
|
$sig_source = implode('|', $elements);
|
|
|
|
error_log($sig_source);
|
|
|
|
// generate signature
|
|
$raw_sig = hash_hmac('sha1', $sig_source, $secret_key, true);
|
|
$enc_sig = base64_encode($raw_sig);
|
|
|
|
error_log($enc_sig);
|
|
|
|
if ($enc_sig != trim($sig))
|
|
throw new AccessDeniedHttpException('Invalid signature.');
|
|
|
|
}
|
|
|
|
public function onKernelController(FilterControllerEvent $event)
|
|
{
|
|
$controller = $event->getController();
|
|
|
|
// not a controller class? (docs said to handle)
|
|
if (!is_array($controller))
|
|
return;
|
|
|
|
|
|
// not an api controller
|
|
if (!($controller[0] instanceof APIController))
|
|
return;
|
|
|
|
$req = $event->getRequest();
|
|
|
|
// check date from headers
|
|
$headers = $req->headers->all();
|
|
$hdate_string = $req->headers->get(self::HEADER_DATE);
|
|
if ($hdate_string == null)
|
|
throw new AccessDeniedHttpException('No date specified.');
|
|
|
|
$hdate = DateTime::createFromFormat(self::DATE_FORMAT, $hdate_string);
|
|
if ($hdate == null)
|
|
throw new AccessDeniedHttpException('Invalid date specified.');
|
|
|
|
// get number of seconds difference
|
|
$date_now = new DateTime();
|
|
$date_diff = abs($date_now->getTimestamp() - $hdate->getTimestamp());
|
|
|
|
// time difference is too much
|
|
if ($date_diff > self::TIME_LIMIT)
|
|
throw new AccessDeniedHttpException('Clock synchronization error.');
|
|
|
|
// api key header
|
|
$api_key = $req->headers->get(self::HEADER_API_KEY);
|
|
if ($api_key == null)
|
|
throw new AccessDeniedHttpException('No api key sent.');
|
|
|
|
// check valid api key
|
|
$secret_key = $this->getSecretKey($api_key);
|
|
|
|
// signature header
|
|
$sig = $req->headers->get(self::HEADER_SIGNATURE);
|
|
if ($sig == null)
|
|
throw new AccessDeniedHttpException('No signature sent.');
|
|
|
|
// check valid signature
|
|
$this->validateSignature($req, $hdate_string, $secret_key, $sig);
|
|
|
|
return;
|
|
}
|
|
|
|
public static function getSubscribedEvents()
|
|
{
|
|
return [
|
|
KernelEvents::CONTROLLER => 'onKernelController',
|
|
];
|
|
}
|
|
}
|