/**
* Functions to validate request.
*
* @param array &$request Element array
* @param bool $sig Flag to specify force authentication
* @param bool $useronly Flag to check user only
*
* @return bool response
**/
protected function validate()
{
$api_key = $this->input('api_key');
if (!$api_key) {
return ['A402' => trans('Api Key not found')];
}
$secret = $this->getSecret($api_key);
if ($secret === false) {
return ['A404' => trans('Your api account got suspended')];
}
if ($secret['signature']) {
$signature = $this->input('signature');
if (!$signature) {
return ['A403' => trans('Api Signature not found')];
}
}
if ($secret['signature'] && !$secret['api_secret']) {
return ['A405' => trans('Api secret not found')];
}
$secret['api_key'] = $api_key;
if ($secret['allowed_ip']) {
$ipaddr = ip();
$allowed = explode(',', $secret['allowed_ip']);
$allowed = array_map('trim', $allowed);
if (!in_array($ipaddr, $allowed)) {
$result = Utility::ipMatch($allowed);
if (!$result) {
return ['A406' => trans('Request is not allowed from this ip :0', [$ipaddr])];
}
}
}
if ($secret['header']) {
if (env($secret['header']['custom_key']) != $secret['header']['custom_value']) {
return ['A407' => trans('Header misconfigured')];
}
}
if ($secret['protocol']) {
if (env('HTTPS') && env('HTTPS') == 'off' || env('SERVER_PORT') != 443) {
return ['A407A' => trans('Protocol not allowed')];
}
}
return ['status' => 'OK', 'data' => $secret];
}
