/** * Functions to validate request. * * @param array &$request Element array * @param bool $sig Flag to specify force authentication * @param bool $useronly Flag to check user only * * @return bool response **/ protected function validate() { $api_key = $this->input('api_key'); if (!$api_key) { return ['A402' => trans('Api Key not found')]; } $secret = $this->getSecret($api_key); if ($secret === false) { return ['A404' => trans('Your api account got suspended')]; } if ($secret['signature']) { $signature = $this->input('signature'); if (!$signature) { return ['A403' => trans('Api Signature not found')]; } } if ($secret['signature'] && !$secret['api_secret']) { return ['A405' => trans('Api secret not found')]; } $secret['api_key'] = $api_key; if ($secret['allowed_ip']) { $ipaddr = ip(); $allowed = explode(',', $secret['allowed_ip']); $allowed = array_map('trim', $allowed); if (!in_array($ipaddr, $allowed)) { $result = Utility::ipMatch($allowed); if (!$result) { return ['A406' => trans('Request is not allowed from this ip :0', [$ipaddr])]; } } } if ($secret['header']) { if (env($secret['header']['custom_key']) != $secret['header']['custom_value']) { return ['A407' => trans('Header misconfigured')]; } } if ($secret['protocol']) { if (env('HTTPS') && env('HTTPS') == 'off' || env('SERVER_PORT') != 443) { return ['A407A' => trans('Protocol not allowed')]; } } return ['status' => 'OK', 'data' => $secret]; }