akaunting/app/Http/Middleware/ValidateSignature.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Routing\Exceptions\InvalidSignatureException;
use Illuminate\Support\Arr;
use Illuminate\Support\Carbon;

class ValidateSignature
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return \Illuminate\Http\Response
     *
     * @throws \Illuminate\Routing\Exceptions\InvalidSignatureException
     */
    public function handle($request, Closure $next)
    {
        if ($this->hasValidSignature($request)) {
            return $next($request);
        }

        throw new InvalidSignatureException;
    }

    /**
     * Determine if the given request has a valid signature.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  bool  $absolute
     * @return bool
     */
    public function hasValidSignature(Request $request, $absolute = true)
    {
        return $this->hasCorrectSignature($request, $absolute)
            && $this->signatureHasNotExpired($request);
    }

    /**
     * Determine if the signature from the given request matches the URL.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  bool  $absolute
     * @return bool
     */
    public function hasCorrectSignature(Request $request, $absolute = true)
    {
        $url = $absolute ? $request->url() : '/'.$request->path();

        $original = rtrim($url . '?' . Arr::query(
            Arr::only($request->query(), ['company_id'])
        ), '?');

        $signature = hash_hmac('sha256', $original, call_user_func(function () {
            return config('app.key');
        }));

        return hash_equals($signature, (string) $request->query('signature', ''));
    }

    /**
     * Determine if the expires timestamp from the given request is not from the past.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return bool
     */
    public function signatureHasNotExpired(Request $request)
    {
        $expires = $request->query('expires');

        return ! ($expires && Carbon::now()->getTimestamp() > $expires);
    }
}
v2 first commit 2019-11-16 10:21:14 +03:00			`<?php`

			`namespace App\Http\Middleware;`

			`use Closure;`
			`use Illuminate\Http\Request;`
			`use Illuminate\Routing\Exceptions\InvalidSignatureException;`
			`use Illuminate\Support\Arr;`
			`use Illuminate\Support\Carbon;`

			`class ValidateSignature`
			`{`
			`/**`
			`* Handle an incoming request.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
			`* @return \Illuminate\Http\Response`
			`*`
			`* @throws \Illuminate\Routing\Exceptions\InvalidSignatureException`
			`*/`
			`public function handle($request, Closure $next)`
			`{`
			`if ($this->hasValidSignature($request)) {`
			`return $next($request);`
			`}`

			`throw new InvalidSignatureException;`
			`}`

			`/**`
			`* Determine if the given request has a valid signature.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param bool $absolute`
			`* @return bool`
			`*/`
			`public function hasValidSignature(Request $request, $absolute = true)`
			`{`
			`return $this->hasCorrectSignature($request, $absolute)`
			`&& $this->signatureHasNotExpired($request);`
			`}`

			`/**`
			`* Determine if the signature from the given request matches the URL.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param bool $absolute`
			`* @return bool`
			`*/`
			`public function hasCorrectSignature(Request $request, $absolute = true)`
			`{`
			`$url = $absolute ? $request->url() : '/'.$request->path();`

			`$original = rtrim($url . '?' . Arr::query(`
			`Arr::only($request->query(), ['company_id'])`
			`), '?');`

			`$signature = hash_hmac('sha256', $original, call_user_func(function () {`
			`return config('app.key');`
			`}));`

			`return hash_equals($signature, (string) $request->query('signature', ''));`
			`}`

			`/**`
			`* Determine if the expires timestamp from the given request is not from the past.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @return bool`
			`*/`
			`public function signatureHasNotExpired(Request $request)`
			`{`
			`$expires = $request->query('expires');`

			`return ! ($expires && Carbon::now()->getTimestamp() > $expires);`
			`}`
			`}`