mirror of
https://github.com/lkddi/nexusphp.git
synced 2026-04-14 12:30:49 +08:00
ammds approve
This commit is contained in:
xiaomlove
@@ -103,8 +103,7 @@ class Test extends Command
|
||||
*/
|
||||
public function handle()
|
||||
{
|
||||
$with = ["ss" => function($query) {$query->orWhere("mode", 0);}];
|
||||
$r = SearchBox::query()->with($with)->find(4);
|
||||
$r = microtime();
|
||||
// $r = SearchBox::query()->find(4)->ss()->orWhere("mode", 0)->get();
|
||||
dd($r);
|
||||
}
|
||||
|
||||
@@ -106,6 +106,26 @@ class AuthenticateController extends Controller
|
||||
}
|
||||
}
|
||||
|
||||
public function ammdsApprove(Request $request)
|
||||
{
|
||||
try {
|
||||
$request->validate([
|
||||
'uid' => 'required|integer',
|
||||
'timestamp' => 'required|integer',
|
||||
'nonce' => 'required|string',
|
||||
'signature' => 'required|string',
|
||||
]);
|
||||
$user = $this->repository->ammdsApprove($request);
|
||||
$resource = new UserResource($user);
|
||||
return $this->success($resource);
|
||||
} catch (\Exception $exception) {
|
||||
$msg = $exception->getMessage();
|
||||
$params = $request->all();
|
||||
do_log(sprintf("ammdsApprove fail: %s, params: %s", $msg, nexus_json_encode($params)));
|
||||
return $this->fail($params, $msg);
|
||||
}
|
||||
}
|
||||
|
||||
public function addToken(Request $request)
|
||||
{
|
||||
try {
|
||||
|
||||
@@ -5,6 +5,8 @@ use App\Http\Resources\UserResource;
|
||||
use App\Models\User;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Encryption\Encrypter;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Validation\UnauthorizedException;
|
||||
|
||||
@@ -72,4 +74,31 @@ class AuthenticateRepository extends BaseRepository
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function ammdsApprove(Request $request)
|
||||
{
|
||||
$now = Carbon::now();
|
||||
if (abs($now->getTimestampMs() - $request->timestamp) > 300 * 1000) {
|
||||
throw new \InvalidArgumentException("expired.");
|
||||
}
|
||||
$cacheKey = sprintf("ammdsApprove:%s", $request->nonce);
|
||||
if (Cache::has($cacheKey)) {
|
||||
throw new \InvalidArgumentException("duplicate.");
|
||||
}
|
||||
Cache::put($cacheKey, 1, 600);
|
||||
$user = User::query()->findOrFail($request->uid, User::$commonFields);
|
||||
$user->checkIsNormal();
|
||||
$passkeyHash = hash('sha256', $user->passkey);
|
||||
$dataToSign = sprintf("%s%s%s%s", $user->id, $passkeyHash, $request->timestamp, $request->nonce);
|
||||
$signatureKey = env('AMMDS_SECRET');
|
||||
$serverSignature = hash_hmac('sha256', $dataToSign, $signatureKey);
|
||||
if (!hash_equals($serverSignature, $request->signature)) {
|
||||
do_log(sprintf(
|
||||
"uid: %s, passkey_hash: %s, timestamp: %s, nonce: %s, dataToSign: %s, signatureKey: %s, serverSignature: %s, requestSignature: %s, !hash_equals",
|
||||
$user->id, $passkeyHash, $request->timestamp, $request->nonce, $dataToSign, $signatureKey, $serverSignature, $request->signature
|
||||
));
|
||||
throw new \InvalidArgumentException("Invalid signature.");
|
||||
}
|
||||
return $user;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user