Exemplo n.º 1
0
 private function checkApiAccess(Request $request)
 {
     $key = $request->headers->get('authorization');
     if (null !== $key) {
         $key = substr($key, 6);
     }
     $apiAccount = ApiQuery::create()->findOneByApiKey($key);
     if (null === $apiAccount) {
         throw new UnauthorizedHttpException('Token');
     }
     $secureKey = pack('H*', $apiAccount->getSecureKey());
     $sign = hash_hmac('sha1', $request->getContent(), $secureKey);
     if ($sign != $request->query->get('sign')) {
         throw new PreconditionFailedHttpException('wrong body request signature');
     }
     return $apiAccount;
 }