mirror of
https://github.com/lkddi/nexusphp.git
synced 2026-04-03 14:10:57 +08:00
ammds approve
This commit is contained in:
xiaomlove
@@ -83,6 +83,7 @@ UID_STARTS=10001
|
||||
PHP_PATH=
|
||||
NAS_TOOLS_KEY=
|
||||
IYUU_SECRET=
|
||||
AMMDS_SECRET=
|
||||
|
||||
MEILISEARCH_SCHEME=http
|
||||
MEILISEARCH_HOST=127.0.0.1
|
||||
|
||||
@@ -103,8 +103,7 @@ class Test extends Command
|
||||
*/
|
||||
public function handle()
|
||||
{
|
||||
$with = ["ss" => function($query) {$query->orWhere("mode", 0);}];
|
||||
$r = SearchBox::query()->with($with)->find(4);
|
||||
$r = microtime();
|
||||
// $r = SearchBox::query()->find(4)->ss()->orWhere("mode", 0)->get();
|
||||
dd($r);
|
||||
}
|
||||
|
||||
@@ -106,6 +106,26 @@ class AuthenticateController extends Controller
|
||||
}
|
||||
}
|
||||
|
||||
public function ammdsApprove(Request $request)
|
||||
{
|
||||
try {
|
||||
$request->validate([
|
||||
'uid' => 'required|integer',
|
||||
'timestamp' => 'required|integer',
|
||||
'nonce' => 'required|string',
|
||||
'signature' => 'required|string',
|
||||
]);
|
||||
$user = $this->repository->ammdsApprove($request);
|
||||
$resource = new UserResource($user);
|
||||
return $this->success($resource);
|
||||
} catch (\Exception $exception) {
|
||||
$msg = $exception->getMessage();
|
||||
$params = $request->all();
|
||||
do_log(sprintf("ammdsApprove fail: %s, params: %s", $msg, nexus_json_encode($params)));
|
||||
return $this->fail($params, $msg);
|
||||
}
|
||||
}
|
||||
|
||||
public function addToken(Request $request)
|
||||
{
|
||||
try {
|
||||
|
||||
@@ -5,6 +5,8 @@ use App\Http\Resources\UserResource;
|
||||
use App\Models\User;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Encryption\Encrypter;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Validation\UnauthorizedException;
|
||||
|
||||
@@ -72,4 +74,31 @@ class AuthenticateRepository extends BaseRepository
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function ammdsApprove(Request $request)
|
||||
{
|
||||
$now = Carbon::now();
|
||||
if (abs($now->getTimestampMs() - $request->timestamp) > 300 * 1000) {
|
||||
throw new \InvalidArgumentException("expired.");
|
||||
}
|
||||
$cacheKey = sprintf("ammdsApprove:%s", $request->nonce);
|
||||
if (Cache::has($cacheKey)) {
|
||||
throw new \InvalidArgumentException("duplicate.");
|
||||
}
|
||||
Cache::put($cacheKey, 1, 600);
|
||||
$user = User::query()->findOrFail($request->uid, User::$commonFields);
|
||||
$user->checkIsNormal();
|
||||
$passkeyHash = hash('sha256', $user->passkey);
|
||||
$dataToSign = sprintf("%s%s%s%s", $user->id, $passkeyHash, $request->timestamp, $request->nonce);
|
||||
$signatureKey = env('AMMDS_SECRET');
|
||||
$serverSignature = hash_hmac('sha256', $dataToSign, $signatureKey);
|
||||
if (!hash_equals($serverSignature, $request->signature)) {
|
||||
do_log(sprintf(
|
||||
"uid: %s, passkey_hash: %s, timestamp: %s, nonce: %s, dataToSign: %s, signatureKey: %s, serverSignature: %s, requestSignature: %s, !hash_equals",
|
||||
$user->id, $passkeyHash, $request->timestamp, $request->nonce, $dataToSign, $signatureKey, $serverSignature, $request->signature
|
||||
));
|
||||
throw new \InvalidArgumentException("Invalid signature.");
|
||||
}
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,4 +3,5 @@ use Illuminate\Support\Facades\Route;
|
||||
|
||||
Route::post('nastools/approve', [\App\Http\Controllers\AuthenticateController::class, 'nasToolsApprove']);
|
||||
Route::get('iyuu/approve', [\App\Http\Controllers\AuthenticateController::class, 'iyuuApprove']);
|
||||
Route::post('ammds/approve', [\App\Http\Controllers\AuthenticateController::class, 'ammdsApprove']);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user