/**
* Create basic salt for internal encryption
* Should not be ran if already created.
*/
private function buildInternalKey()
{
if (self::g('salt')) {
throw new LogicException("Do not run after initialization.");
}
self::s('salt', Encryption::enc(Encryption::genGarbage(8) . str_shuffle(Site::getKey('session')) . sha1(str_shuffle(self::g('client'))), $this->client));
}
if (!($jdata = json_decode($data, true))) {
throw new RuntimeException("Unable to parse input.");
}
if (empty($jdata["credentials"])) {
throw new RuntimeException("Received credentials are missing.");
}
// Read credentials
$cred_obj = explode(" ", base64_decode($jdata['credentials']));
if (count($cred_obj) < 2) {
throw new RuntimeException("Received credentials are malformed.");
}
// This is where you normally handle the call, i.e.. $res = Api::handleRequest($jdata);
// Username and passphrase successfully read.
$username = $cred_obj[0];
$passphrase = $cred_obj[1];
// Set asymmetric key to be used in future communication
$session = Session::getInstance();
$session->set(Session::TRANSPORT_KEY, Encryption::genGarbage(Session::KEYSIZE));
// Clear login key
$session->set(Captcha::KEY_LOGIN, null);
// Let's say that everything went well and Citizen $username was loaded successfully.
$res = array("id" => 123, "username" => $username, Session::STORAGE_KEY => base64_encode(Session::getStorageKey()), Session::TRANSPORT_KEY => base64_encode($session->get(Session::TRANSPORT_KEY)));
// This is where you normally pass $res (Api::handleRequest()) to whatever renderer is available.
/* Output */
$output = json_encode(array("result" => $res));
die(Encryption::enc($output, $key));
} catch (Exception $e) {
$output = json_encode(array("error" => array("code" => 1, "message" => $e->getMessage())));
trigger_error($e->getMessage());
die(Encryption::enc($output, $key));
}
