From 22617a902522c9369133e33522ea666c876b3468 Mon Sep 17 00:00:00 2001 From: Sevan Nerse Date: Thu, 29 Jul 2021 13:19:58 +0300 Subject: [PATCH] makes possible right validation for temporary signed routes --- app/Http/Middleware/ValidateSignature.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/Http/Middleware/ValidateSignature.php b/app/Http/Middleware/ValidateSignature.php index 080379fc0..4eda54db5 100644 --- a/app/Http/Middleware/ValidateSignature.php +++ b/app/Http/Middleware/ValidateSignature.php @@ -38,7 +38,7 @@ class ValidateSignature public function hasValidSignature(Request $request, $absolute = true) { return $this->hasCorrectSignature($request, $absolute) - && $this->signatureHasNotExpired($request); + && $this->signatureHasNotExpired($request); } /** @@ -50,10 +50,12 @@ class ValidateSignature */ public function hasCorrectSignature(Request $request, $absolute = true) { - $url = $absolute ? $request->url() : '/'.$request->path(); + $url = $absolute ? $request->url() : '/' . $request->path(); $original = rtrim($url . '?' . Arr::query( Arr::only($request->query(), ['company_id']) + ) . Arr::query( + Arr::only($request->query(), ['expires']) ), '?'); $signature = hash_hmac('sha256', $original, call_user_func(function () { @@ -73,6 +75,6 @@ class ValidateSignature { $expires = $request->query('expires'); - return ! ($expires && Carbon::now()->getTimestamp() > $expires); + return !($expires && Carbon::now()->getTimestamp() > $expires); } }