Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
TooEasy
/
backend-php
3
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: a431b88a56
Atzari Tagi
backend-php
/
middlewares
/
HmacAuthMiddleware.php

HmacAuthMiddleware.php 2.3 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. <?php
    2. 

  2. 

  3. namespace Middlewares;
    4. 

  4. 

  5. use Libs\ResponseLib;
    6. 

  6. use Models\ApiUserModel;
    7. 

  7. use Psr\Http\Message\ServerRequestInterface;
    8. 

  8. use React\Http\Message\Response;
    9. 

  9. 

  10. class HmacAuthMiddleware
    11. 

  11. {
    12. 

  12.     private array $api_Key;
    13. 

  13. 

  14.     public function __construct()
    15. 

  15.     {
    16. 

  16.         // Instancia a model e carrega as chaves API
    17. 

  17.         $apiUserModel = new ApiUserModel();
    18. 

  18.         $this->api_Key = $apiUserModel->getApiKeys();
    19. 

  19.     }
    20. 

  20. 

  21.     public function __invoke(ServerRequestInterface $request, callable $next)
    22. 

  22.     {
    23. 

  23.         // 1. Extrai headers
    24. 

  24.         $signature = $request->getHeaderLine('x-signature');
    25. 

  25.         $apiUser = $request->getHeaderLine('x-user');
    26. 

  26.         $nonce = $request->getHeaderLine('x-nonce');
    27. 

  27. 

  28.         if (empty($signature) || empty($apiUser) || empty($nonce)) {
    29. 

  29.             return ResponseLib::sendFail("Unauthorized: Missing signature or headers", [], "E_VALIDATE")->withStatus(401);
    30. 

  30.         }
    31. 

  31. 

  32.         // 2. Verifica se nonce está dentro do intervalo
    33. 

  33.         $currentTime = time();
    34. 

  34.         if (abs($currentTime - (int) $nonce) > 2) {
    35. 

  35.             return ResponseLib::sendFail("Unauthorized: Invalid or expired nonce", [], "E_VALIDATE")->withStatus(401);
    36. 

  36.         }
    37. 

  37. 

  38.         // 3. Verifica se o usuário é válido
    39. 

  39.         if (!isset($this->api_Key[$apiUser])) {
    40. 

  40.             return ResponseLib::sendFail("Unauthorized: Invalid API User", [], "E_VALIDATE")->withStatus(401);
    41. 

  41.         }
    42. 

  42. 

  43.         $apiKey = $this->api_Key[$apiUser]['user_apikey'];
    44. 

  44.         $apiSecret = $this->api_Key[$apiUser]['user_apisecret'];
    45. 

  45.         $secret = $apiKey . "::" . $apiSecret;
    46. 

  46. 

  47.         // 4. Monta mensagem para HMAC: <jsonBody>::<nonce>
    48. 

  48.         $rawBody = (string) $request->getBody();
    49. 

  49.         $message = $rawBody . "::" . $nonce;
    50. 

  50. 

  51.         // 5. Calcula assinatura esperada
    52. 

  52.         $expectedSignature = hash_hmac('sha256', $message, $secret);
    53. 

  53. 

  54.         // 6. Verifica assinatura
    55. 

  55.         if (!hash_equals($expectedSignature, $signature)) {
    56. 

  56.             return ResponseLib::sendFail("Unauthorized: Signature mismatch", [], "E_VALIDATE")->withStatus(401);
    57. 

  57.         }
    58. 

  58. 

  59.         // 7. Tudo certo, adiciona atributos ao request e segue
    60. 

  60.         $request = $request
    61. 

  61.             ->withAttribute('api_user', $apiUser)
    62. 

  62.             ->withAttribute('api_user_id', $this->api_Key[$apiUser]['user_id']);
    63. 

  63. 

  64.         return $next($request);
    65. 

  65.     }
    66. 

  66. }
    67.