shihaam/akaunting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2202 from sevannerse/signed-route-validation

Browse Source 
makes possible right validation for temporary signed routes
This commit is contained in:
Cüneyt Şentürk 2021-07-29 15:59:55 +03:00 committed by GitHub
commit 420089d90a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Http/Middleware/ValidateSignature.php
View File

@ -38,7 +38,7 @@ class ValidateSignature
public function hasValidSignature(Request $request, $absolute = true) public function hasValidSignature(Request $request, $absolute = true)
{ {
return $this->hasCorrectSignature($request, $absolute) return $this->hasCorrectSignature($request, $absolute)
&& $this->signatureHasNotExpired($request); && $this->signatureHasNotExpired($request);
} }
/** /**
@ -50,10 +50,12 @@ class ValidateSignature
*/ */
public function hasCorrectSignature(Request $request, $absolute = true) public function hasCorrectSignature(Request $request, $absolute = true)
{ {
$url = $absolute ? $request->url() : '/'.$request->path(); $url = $absolute ? $request->url() : '/' . $request->path();
$original = rtrim($url . '?' . Arr::query( $original = rtrim($url . '?' . Arr::query(
Arr::only($request->query(), ['company_id']) Arr::only($request->query(), ['company_id'])
) . Arr::query(
Arr::only($request->query(), ['expires'])
), '?'); ), '?');
$signature = hash_hmac('sha256', $original, call_user_func(function () { $signature = hash_hmac('sha256', $original, call_user_func(function () {
@ -73,6 +75,6 @@ class ValidateSignature
{ {
$expires = $request->query('expires'); $expires = $request->query('expires');
return ! ($expires && Carbon::now()->getTimestamp() > $expires); return !($expires && Carbon::now()->getTimestamp() > $expires);
} }
} }