/** * Validates a given API request as being sent from origin via request signature * * @param string $body * * @return void */ private function validateRequest($request) { $token = $request['requestToken']; unset($request['requestToken']); if ($token === OriginAPI::generateSignedRequest(http_build_query($request))) { return; } Output::render404(); }
/** * Handles a response from Origin, generally the last item in the lifecycle of a request * * @param mixed $response * * @return void */ private function handleOriginResponse($response) { /** * Origin didn't have the object */ if ($response === false) { \Output::render404(); } /** * We're good to go, start rendering */ \Output::sendHeader($_SERVER['SERVER_PROTOCOL'] . ' 200 OK'); /** * Origin had the object, and it's now stored on disk, render the stored object */ if ($response === true) { if (isset($_COOKIE['is_redirecting']) === true) { sleep(2); } \setcookie('is_redirecting', 1, time() + 5); \Output::sendHeader('Location: ' . $this->request['path']); $this->isRedirect = true; } if (is_object($response) === true) { /** * It's a streaming object, so we'll render it from here */ \Output::sendHeader($_SERVER['SERVER_PROTOCOL'] . ' 200 OK'); \Output::render(\Output::decodeWireObject($response->object)); } }