public function isAuthorized()
{
$result = false;
$db_certificates = GalaxyAPI::database(GalaxyAPIConstants::kDatabaseRedis, GalaxyAPIConstants::kDatabaseCertificates);
$certificate = json_decode($db_certificates->get(GalaxyAPIConstants::kTypeCertificate . ':' . $this->oauth->oauth_consumer_key), true);
if ($certificate) {
$this->application = $certificate['application'];
$this->instance = $certificate['instance'];
$this->description = $certificate['description'];
$this->domain = $certificate['domain'];
$secret = $certificate['secret'];
$base_string = array();
$base_string['oauth_consumer_key'] = $this->oauth->oauth_consumer_key;
$base_string['oauth_nonce'] = $this->oauth->oauth_nonce;
$base_string['oauth_signature_method'] = $this->oauth->oauth_signature_method;
$base_string['oauth_timestamp'] = $this->oauth->oauth_timestamp;
$base_string['oauth_token'] = '';
$base_string['oauth_version'] = $this->oauth->oauth_version;
if (count($_REQUEST)) {
// with arrays in the request we might need to iterate over this to ensure
// the proper sort order
$this->sortRequestParams($_REQUEST);
$base_string = array_merge($base_string, $_REQUEST);
ksort($base_string);
}
// we will be sending arrays in this, and http_build_query() builds the right thing for recursive arrays
// but it encodes it wrong for our needs, which is why we are decoding it, and then rawurlencoding it afterwards
$params = urldecode(http_build_query($base_string));
$string = rawurlencode(strtoupper($_SERVER['REQUEST_METHOD']) . "&http://" . $_SERVER['SERVER_NAME'] . '/' . GalaxyAPI::endpoint() . "&" . $params);
$signature = base64_encode(hash_hmac('sha1', $string, $secret, true));
// the inbound signature
$sig1 = base64_decode(urldecode($this->oauth->oauth_signature));
// the rebuilt signature
$sig2 = base64_decode($signature);
$result = rawurlencode($sig1) == rawurlencode($sig2);
}
return $result;
}
private function requestWithAuthorizationOAuth()
{
//print_r($_POST);
$authorization = new GalaxyAuthorizationOAuth($this->headers['Authorization']);
if ($authorization->isAuthorized()) {
// load the application command context:
$api = null;
$response = null;
// GalaxyResponse
// At this point we know the user has a valid application
// if they are attempting to access a channel, we need to confirm the channel
// permissions, if they are accessing the root of their application, they are good
// to go at this point.
$context = $this->context_for_realm($authorization->realm);
$context->origin = $authorization->application;
$context->origin_description = $authorization->description;
$context->origin_domain = $authorization->domain;
if ($context) {
$api = $this->commandLibraryForType($authorization->instance);
// format: command_method e.g., channels_get, topics_post, topics_delete
$method = GalaxyAPI::methodForEndpoint(GalaxyAPI::endpoint());
if (!$api) {
GalaxyResponse::unauthorized();
}
// accessing the application
if (!$context->channel) {
if ($context->application == $authorization->application) {
if (method_exists($api, $method)) {
$response = $api->{$method}($context);
} else {
GalaxyResponse::unauthorized();
}
echo $response;
} else {
GalaxyResponse::unauthorized();
}
} else {
$has_permission = false;
$db_certificates = GalaxyAPI::database(GalaxyAPIConstants::kDatabaseRedis, GalaxyAPIConstants::kDatabaseCertificates);
$permissions = json_decode($db_certificates->get(GalaxyAPIConstants::kTypeCertificate . ':' . $authorization->oauth_consumer_key . ':' . $context->channel));
$verb = strtolower($_SERVER['REQUEST_METHOD']);
switch ($verb) {
case 'get':
$has_permission = $permissions & GalaxyAPIConstants::kPermissionRead ? true : false;
break;
case 'post':
case 'put':
$has_permission = $permissions & GalaxyAPIConstants::kPermissionWrite ? true : false;
break;
case 'delete':
$has_permission = $permissions & GalaxyAPIConstants::kPermissionDelete ? true : false;
break;
}
if ($has_permission && method_exists($api, $method)) {
$log = new GalaxyLog();
$log->setEndpoint(GalaxyAPI::endpoint());
$log->setContext($context);
$log->setMethod($verb);
$log->write();
$response = $api->{$method}($context);
} else {
echo GalaxyResponse::unauthorized();
}
echo $response;
}
} else {
echo GalaxyResponse::unauthorized();
}
} else {
echo "*****";
echo GalaxyResponse::unauthorized();
}
}
