shihaam/akaunting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

makes possible right validation for temporary signed routes

Browse Source
This commit is contained in:
Sevan Nerse 2021-07-29 13:19:58 +03:00
parent ad2eb04dc9
commit 22617a9025
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Middleware/ValidateSignature.php
View File

@ -50,10 +50,12 @@ class ValidateSignature
*/
public function hasCorrectSignature(Request $request, $absolute = true)
{
$url = $absolute ? $request->url() : '/'.$request->path();
$url = $absolute ? $request->url() : '/' . $request->path();
$original = rtrim($url . '?' . Arr::query(
Arr::only($request->query(), ['company_id'])
) . Arr::query(
Arr::only($request->query(), ['expires'])
), '?');
$signature = hash_hmac('sha256', $original, call_user_func(function () {
@ -73,6 +75,6 @@ class ValidateSignature
{
$expires = $request->query('expires');
return ! ($expires && Carbon::now()->getTimestamp() > $expires);
return !($expires && Carbon::now()->getTimestamp() > $expires);
}
}