public function checkSecurity($authToken = true, $userToken = false, $mustBeOfficial = false)
{
if ($authToken) {
if (empty($this->authToken)) {
return $this->replyError('Missing authToken');
}
$tokenClass = new AuthToken();
try {
$app = $tokenClass->validate($this->authToken);
} catch (Exception $e) {
return $this->replyError('Invalid authToken');
}
$this->app = $app;
if ($mustBeOfficial && !$this->app->isOfficial()) {
return $this->replyError('Permission denied');
}
}
if ($userToken) {
if (empty($this->authToken)) {
return $this->replyError('Missing userToken');
}
$token = new UserToken();
$tokenData = $token->get($this->userToken);
if (!$tokenData || $tokenData->app != $this->app->id) {
return $this->replyError('Invalid userToken');
}
$userClass = new User();
$user = $userClass->get($tokenData->uid);
$this->user = $user;
}
return true;
}
