lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-14 20:40:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

ammds approve

Browse Source
This commit is contained in:
xiaomlove
2025-03-12 23:48:10 +08:00
parent 80a0302e98
commit dd417ae646
5 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
app/Repositories/AuthenticateRepository.php
View File

@@ -5,6 +5,8 @@ use App\Http\Resources\UserResource;
use App\Models\User;
use Carbon\Carbon;
use Illuminate\Encryption\Encrypter;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\DB;
use Illuminate\Validation\UnauthorizedException;
@@ -72,4 +74,31 @@ class AuthenticateRepository extends BaseRepository
}
return true;
}
public function ammdsApprove(Request $request)
{
$now = Carbon::now();
if (abs($now->getTimestampMs() - $request->timestamp) > 300 * 1000) {
throw new \InvalidArgumentException("expired.");
}
$cacheKey = sprintf("ammdsApprove:%s", $request->nonce);
if (Cache::has($cacheKey)) {
throw new \InvalidArgumentException("duplicate.");
}
Cache::put($cacheKey, 1, 600);
$user = User::query()->findOrFail($request->uid, User::$commonFields);
$user->checkIsNormal();
$passkeyHash = hash('sha256', $user->passkey);
$dataToSign = sprintf("%s%s%s%s", $user->id, $passkeyHash, $request->timestamp, $request->nonce);
$signatureKey = env('AMMDS_SECRET');
$serverSignature = hash_hmac('sha256', $dataToSign, $signatureKey);
if (!hash_equals($serverSignature, $request->signature)) {
do_log(sprintf(
"uid: %s, passkey_hash: %s, timestamp: %s, nonce: %s, dataToSign: %s, signatureKey: %s, serverSignature: %s, requestSignature: %s, !hash_equals",
$user->id, $passkeyHash, $request->timestamp, $request->nonce, $dataToSign, $signatureKey, $serverSignature, $request->signature
));
throw new \InvalidArgumentException("Invalid signature.");
}
return $user;
}
}