banquise/pelican-panel-mirror
3
0
Fork 1
mirror of https://github.com/pelican-dev/panel.git synced 2025-05-29 13:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

closes #30

Browse Source
This commit is contained in:
Dane Everitt 2016-01-22 21:53:11 -05:00
parent be48fbd418
commit aac498808c
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/Http/Middleware/APISecretToken.php
View File

@ -46,6 +46,10 @@ class APISecretToken extends Authorization
protected $permissionAllowed = false; protected $permissionAllowed = false;
protected $method = '';
protected $url = '';
public function __construct() public function __construct()
{ {
// //
@ -102,7 +106,9 @@ class APISecretToken extends Authorization
throw new HttpException('There was an error while attempting to check your secret key.'); throw new HttpException('There was an error while attempting to check your secret key.');
} }
if($this->_generateHMAC($request->fullUrl(), $request->getContent(), $decrypted) !== base64_decode($hashed)) { $this->method = strtoupper($request->method());
$this->url = urldecode($request->fullUrl());
if($this->_generateHMAC($request->getContent(), $decrypted) !== base64_decode($hashed)) {
throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.'); throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.');
} }
@ -110,9 +116,9 @@ class APISecretToken extends Authorization
} }
protected function _generateHMAC($url, $body, $key) protected function _generateHMAC($body, $key)
{ {
$data = urldecode($url) . '.' . $body; $data = $this->method . '.' . $this->url . '.' . $body;
return hash_hmac($this->algo, $data, $key, true); return hash_hmac($this->algo, $data, $key, true);
} }