private function checkApiAccess(Request $request)
{
$key = $request->headers->get('authorization');
if (null !== $key) {
$key = substr($key, 6);
}
$apiAccount = ApiQuery::create()->findOneByApiKey($key);
if (null === $apiAccount) {
throw new UnauthorizedHttpException('Token');
}
$secureKey = pack('H*', $apiAccount->getSecureKey());
$sign = hash_hmac('sha1', $request->getContent(), $secureKey);
if ($sign != $request->query->get('sign')) {
throw new PreconditionFailedHttpException('wrong body request signature');
}
return $apiAccount;
}
