/** * Checks whether the policy and sig * @param ApiUser $user * @return bool * @throws EApiError */ public function isSignatureMatched($user) { $requestArray = Yii::app()->getController()->getJsonInputAsArray(); if (empty($requestArray)) { throw new EApiError(HHttp::ERROR_BADREQUEST, HHttp::getErrorMessage(HHttp::ERROR_BADREQUEST)); } $signature = ArrayX::pop($requestArray, 'signature'); $expires = ArrayX::pop($requestArray, 'expiration'); if (!$signature || !$expires) { throw new EApiError(HHttp::ERROR_BADREQUEST, HHttp::getErrorMessage(HHttp::ERROR_BADREQUEST)); } // check time if (strtotime($expires) < time()) { throw new EApiError(HHttp::ERROR_INTERNAL_504, HHttp::getErrorMessage(HHttp::ERROR_INTERNAL_504)); } // set back the expiration time to recreate the policy and make a handshake $requestArray['ttd'] = $expires; $requestData = new RequestData($requestArray); $requestData->prepareData($user->api_secret); // use secret to create signature return strcmp($requestData->getSignature(), $signature) === 0; }
/** * Returns the * @return mixed * @throws EApiError */ protected function getUser() { if (null === $this->_user) { $apiKeyName = 'HTTP_' . Yii::app()->params['api.key.name']; if (!isset($_SERVER[$apiKeyName]) || !($apiKey = trim($_SERVER[$apiKeyName])) || !($this->_user = ApiUser::model()->findByAttributes(array('api_key' => $apiKey)))) { throw new EApiError(HHttp::ERROR_UNAUTHORIZED, HHttp::getErrorMessage(HHttp::ERROR_UNAUTHORIZED)); } } Yii::app()->user->setId($this->_user->id); Yii::app()->user->setName($this->_user->{$this->attributeName}); return $this->_user; }