mirror of
https://gitee.com/koogua/course-tencent-cloud.git
synced 2025-06-26 04:21:27 +08:00
134 lines
3.0 KiB
PHP
134 lines
3.0 KiB
PHP
<?php
|
|
|
|
namespace App\Validators;
|
|
|
|
use App\Caches\App as AppCache;
|
|
use App\Exceptions\BadRequest as BadRequestException;
|
|
use App\Models\App as AppModel;
|
|
|
|
class ApiSecurity extends Validator
|
|
{
|
|
|
|
public function check()
|
|
{
|
|
$query = $this->request->getQuery();
|
|
|
|
if (isset($query['_url'])) {
|
|
unset($query['_url']);
|
|
}
|
|
|
|
$extra = [
|
|
'_timestamp' => $this->checkTimestamp(),
|
|
'_nonce' => $this->checkNonce(),
|
|
];
|
|
|
|
$appKey = $this->checkAppKey();
|
|
|
|
$app = $this->getApp($appKey);
|
|
|
|
if (!$app || $app->published == 0) {
|
|
throw new BadRequestException('api.invalid_app_key');
|
|
}
|
|
|
|
$url = $this->getRequestUrl();
|
|
|
|
if ($this->request->getMethod() == 'POST') {
|
|
$mySignature = $this->httpPostSignature($url, $extra, $app->secret);
|
|
} else {
|
|
$params = array_merge($query, $extra);
|
|
$mySignature = $this->httpGetSignature($url, $params, $app->secret);
|
|
}
|
|
|
|
$signature = $this->request->getHeader('X-Signature');
|
|
|
|
if ($signature != $mySignature) {
|
|
throw new BadRequestException('api.invalid_signature');
|
|
}
|
|
|
|
return $signature;
|
|
}
|
|
|
|
protected function checkTimestamp()
|
|
{
|
|
$timestamp = $this->request->getHeader('X-Timestamp');
|
|
|
|
$timestamp = $timestamp > 0 ? $timestamp : 0;
|
|
|
|
if (abs(time() - $timestamp) > 300) {
|
|
throw new BadRequestException('api.invalid_timestamp');
|
|
}
|
|
|
|
return $timestamp;
|
|
}
|
|
|
|
protected function checkNonce()
|
|
{
|
|
$nonce = $this->request->getHeader('X-Nonce');
|
|
|
|
if (!$nonce) {
|
|
throw new BadRequestException('api.invalid_nonce');
|
|
}
|
|
|
|
return $nonce;
|
|
}
|
|
|
|
protected function checkAppKey()
|
|
{
|
|
$appKey = $this->request->getHeader('X-App-Key');
|
|
|
|
if (!$appKey) {
|
|
throw new BadRequestException('api.invalid_app_key');
|
|
}
|
|
|
|
return $appKey;
|
|
}
|
|
|
|
protected function checkPlatform()
|
|
{
|
|
$platform = $this->request->getHeader('X-Platform');
|
|
|
|
if (!array_key_exists($platform, AppModel::types())) {
|
|
throw new BadRequestException('api.invalid_platform');
|
|
}
|
|
|
|
return $platform;
|
|
}
|
|
|
|
protected function getRequestUrl()
|
|
{
|
|
return sprintf('%s://%s%s',
|
|
$this->request->getScheme(),
|
|
$this->request->getHttpHost(),
|
|
$this->request->getURI()
|
|
);
|
|
}
|
|
|
|
protected function getApp($appKey)
|
|
{
|
|
$cache = new AppCache();
|
|
|
|
return $cache->get($appKey);
|
|
}
|
|
|
|
protected function httpGetSignature($url, $params, $appSecret)
|
|
{
|
|
ksort($params);
|
|
|
|
$query = http_build_query($params);
|
|
|
|
return md5($url . $query . $appSecret);
|
|
}
|
|
|
|
protected function httpPostSignature($url, $params, $appSecret)
|
|
{
|
|
ksort($params);
|
|
|
|
$query = http_build_query($params);
|
|
|
|
$body = $this->request->getRawBody();
|
|
|
|
return md5($url . $query . $body . $appSecret);
|
|
}
|
|
|
|
}
|