/** * * Verify integrity of a request (+ authorization) * * */ public final function verifyRequest($keys) { $error = true; $error_message = 'Unauthorized'; $public_key = $this->request->headers->get('x-FLI-Key'); $hmac = $this->request->headers->get('x-FLI-Hmac'); $date = $this->request->headers->get('x-FLI-Date'); if ($this->forceAuthentication) { if ($public_key && $hmac && $this->isValidTimeStamp($date)) { //check if request is too old, no need to continue //args fournis if (abs(time() - $date) > $this->RequestTTL) { $error_message = 'Request too old'; $this->response->headers->set('x-FLI-authorized', '0'); } else { if (isset($keys[$public_key])) { //on a trouvé le script appelant // $url = $this->request->url->get(); $url = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; //nouvelle version de calcul de l'url //on reconstruit le hmac $string = strtoupper($this->rest->getVerb()) . "\n" . $url . "\n" . $date . "\n" . $keys[$public_key]['private_key']; $hashed_string = $this->FLIhash($string); if ($hashed_string == $hmac) { //ok, proceed $error = false; $this->response->headers->set('x-FLI-authorized', '1'); } else { $error_message = 'Authentication failed'; $this->response->headers->set('x-FLI-authorized', '0'); } } } } else { $error_message = 'Missing authentication headers'; $this->response->headers->set('x-FLI-authorized', '0'); //envoi de mail d'erreur aux admins $data = print_r($_SERVER, true); mail('*****@*****.**', "Erreur d'appel API", "Erreur d'authentification lors de l'appel a l'API " . strtolower((new \ReflectionClass($this))->getNamespaceName()) . "<br /><br />\$_SERVER :<br />" . nl2br($data), "MIME-Version: 1.0\r\nContent-type: text/html;\r\nFrom: alertes@flinteractive.fr\r\n", '-f alertes@flinteractive.fr'); } if ($error) { header('HTTP/1.1 401 Unauthorized', true, 401); // send non-cookie headers foreach ($this->response->headers->get() as $label => $value) { header("{$label}: {$value}"); } // send cookies foreach ($this->response->cookies->get() as $name => $cookie) { setcookie($name, $cookie['value'], $cookie['expire'], $cookie['path'], $cookie['domain'], $cookie['secure'], $cookie['httponly']); } // send content echo json_encode($error_message); die; } } else { $this->response->headers->set('x-FLI-authorized', '0'); if ($public_key && $hmac && $this->isValidTimeStamp($date) && isset($keys[$public_key]) && isset($keys[$public_key]['private_key'])) { $url = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; //nouvelle version de calcul de l'url $string = strtoupper($this->rest->getVerb()) . "\n" . $url . "\n" . $date . "\n" . $keys[$public_key]['private_key']; $hashed_string = $this->FLIhash($string); if ($hashed_string == $hmac) { $this->response->headers->set('x-FLI-authorized', '1'); } } } }