hasValidSignature($request)) { return $next($request); } throw new InvalidSignatureException; } /** * Determine if the given request has a valid signature. * * @param \Illuminate\Http\Request $request * @param bool $absolute * @return bool */ public function hasValidSignature(Request $request, $absolute = true) { return $this->hasCorrectSignature($request, $absolute) && $this->signatureHasNotExpired($request); } /** * Determine if the signature from the given request matches the URL. * * @param \Illuminate\Http\Request $request * @param bool $absolute * @return bool */ public function hasCorrectSignature(Request $request, $absolute = true) { $url = $absolute ? $request->url() : '/'.$request->path(); $original = rtrim($url . '?' . Arr::query( Arr::only($request->query(), ['company_id']) ), '?'); $signature = hash_hmac('sha256', $original, call_user_func(function () { return config('app.key'); })); return hash_equals($signature, (string) $request->query('signature', '')); } /** * Determine if the expires timestamp from the given request is not from the past. * * @param \Illuminate\Http\Request $request * @return bool */ public function signatureHasNotExpired(Request $request) { $expires = $request->query('expires'); return ! ($expires && Carbon::now()->getTimestamp() > $expires); } }