/** * This is the authenticate method where we check the X-Hash header from the client against * a hash that we will recreate here on the server. If the 2 match, it's a pass. * * @param String $public_key * @return boolean If success or not */ public function authenticate($public_key) { //get request and X-Hash HTTP header $request = $this->app->request(); $contentHash = $request->headers('X-Hash'); $oUser = new User(); $user = $oUser->getUserByPublicKey($public_key); //get private key for hashing $private_key = $oUser->getPrivateKey($user['LoginID']); //get HTTP request body for hashing $requestBody = $request->getBody(); //hash the body and clientside timestamp and our private key from the user $hash = hash_hmac('sha256', $requestBody, $private_key); //if they match, the request is valid. if (md5($contentHash) === md5($hash)) { Log::write("authenticated for " . strtoupper($request->getMethod()) . "/" . $request->getPath(), $user['username']); return TRUE; } else { Log::write("Hashes do not match.", $user['username']); Log::write("Clienthash: " . $contentHash, $user['username']); Log::write("Serverhash: " . $hash, $user['username']); return FALSE; } }
use lib\RequestHelper as R; use lib\LogHelper as Log; // API Versioning $app->group('/v1', function () use($app) { /** * GET route to export whole database to JSON * */ $app->get('/database/export', function () use($app) { //create empty user $oUser = new User(); //request header $request = $app->request(); $public_key = $request->headers('X-PublicKey'); //get User array from sent public key $user = $oUser->getUserByPublicKey($public_key); $userdb = $oUser->setDefaultDatabase($user['LoginID']); //get access level string of user $access_level = $oUser->getAccessLevel($user['LoginID']); //create new instance with the user specific database $tempTool = new DbExport($userdb); //read relevant table names with the user specific access level $export = $tempTool->readRelevantTables($access_level); $app->contentType('application/json;charset=utf-8'); echo json_encode($export); }); /** * GET route to export database meta information to JSON * */ $app->get('/database/scheme', function () use($app) {
/** * Read the user belonging to the incoming request and get his/her defaultDB. * * @return String $userdb */ public static function readUsernameFromRequest() { $app = \Slim\Slim::getInstance(); $oUser = new User(); $request = $app->request(); $public_key = $request->headers('X-PublicKey'); //get User array from sent public key $user = $oUser->getUserByPublicKey($public_key); $username = $user['username']; if ($username != NULL) { return $username; } else { return false; } }