public function isAuthorized() { $result = false; $db_certificates = GalaxyAPI::database(GalaxyAPIConstants::kDatabaseRedis, GalaxyAPIConstants::kDatabaseCertificates); $certificate = json_decode($db_certificates->get(GalaxyAPIConstants::kTypeCertificate . ':' . $this->oauth->oauth_consumer_key), true); if ($certificate) { $this->application = $certificate['application']; $this->instance = $certificate['instance']; $this->description = $certificate['description']; $this->domain = $certificate['domain']; $secret = $certificate['secret']; $base_string = array(); $base_string['oauth_consumer_key'] = $this->oauth->oauth_consumer_key; $base_string['oauth_nonce'] = $this->oauth->oauth_nonce; $base_string['oauth_signature_method'] = $this->oauth->oauth_signature_method; $base_string['oauth_timestamp'] = $this->oauth->oauth_timestamp; $base_string['oauth_token'] = ''; $base_string['oauth_version'] = $this->oauth->oauth_version; if (count($_REQUEST)) { // with arrays in the request we might need to iterate over this to ensure // the proper sort order $this->sortRequestParams($_REQUEST); $base_string = array_merge($base_string, $_REQUEST); ksort($base_string); } // we will be sending arrays in this, and http_build_query() builds the right thing for recursive arrays // but it encodes it wrong for our needs, which is why we are decoding it, and then rawurlencoding it afterwards $params = urldecode(http_build_query($base_string)); $string = rawurlencode(strtoupper($_SERVER['REQUEST_METHOD']) . "&http://" . $_SERVER['SERVER_NAME'] . '/' . GalaxyAPI::endpoint() . "&" . $params); $signature = base64_encode(hash_hmac('sha1', $string, $secret, true)); // the inbound signature $sig1 = base64_decode(urldecode($this->oauth->oauth_signature)); // the rebuilt signature $sig2 = base64_decode($signature); $result = rawurlencode($sig1) == rawurlencode($sig2); } return $result; }
private function requestWithAuthorizationOAuth() { //print_r($_POST); $authorization = new GalaxyAuthorizationOAuth($this->headers['Authorization']); if ($authorization->isAuthorized()) { // load the application command context: $api = null; $response = null; // GalaxyResponse // At this point we know the user has a valid application // if they are attempting to access a channel, we need to confirm the channel // permissions, if they are accessing the root of their application, they are good // to go at this point. $context = $this->context_for_realm($authorization->realm); $context->origin = $authorization->application; $context->origin_description = $authorization->description; $context->origin_domain = $authorization->domain; if ($context) { $api = $this->commandLibraryForType($authorization->instance); // format: command_method e.g., channels_get, topics_post, topics_delete $method = GalaxyAPI::methodForEndpoint(GalaxyAPI::endpoint()); if (!$api) { GalaxyResponse::unauthorized(); } // accessing the application if (!$context->channel) { if ($context->application == $authorization->application) { if (method_exists($api, $method)) { $response = $api->{$method}($context); } else { GalaxyResponse::unauthorized(); } echo $response; } else { GalaxyResponse::unauthorized(); } } else { $has_permission = false; $db_certificates = GalaxyAPI::database(GalaxyAPIConstants::kDatabaseRedis, GalaxyAPIConstants::kDatabaseCertificates); $permissions = json_decode($db_certificates->get(GalaxyAPIConstants::kTypeCertificate . ':' . $authorization->oauth_consumer_key . ':' . $context->channel)); $verb = strtolower($_SERVER['REQUEST_METHOD']); switch ($verb) { case 'get': $has_permission = $permissions & GalaxyAPIConstants::kPermissionRead ? true : false; break; case 'post': case 'put': $has_permission = $permissions & GalaxyAPIConstants::kPermissionWrite ? true : false; break; case 'delete': $has_permission = $permissions & GalaxyAPIConstants::kPermissionDelete ? true : false; break; } if ($has_permission && method_exists($api, $method)) { $log = new GalaxyLog(); $log->setEndpoint(GalaxyAPI::endpoint()); $log->setContext($context); $log->setMethod($verb); $log->write(); $response = $api->{$method}($context); } else { echo GalaxyResponse::unauthorized(); } echo $response; } } else { echo GalaxyResponse::unauthorized(); } } else { echo "*****"; echo GalaxyResponse::unauthorized(); } }