Updated authentication.

This commit is contained in:
flash 2023-05-21 16:47:37 +00:00
parent 1536f3048d
commit 70a63db6d5

View file

@ -2,41 +2,36 @@
final class SockChatAuth { final class SockChatAuth {
public static function attempt(string $endPoint, string $secret, string $cookie): object { public static function attempt(string $endPoint, string $secret, string $cookie): object {
if(!empty($cookie)) { if(!empty($cookie)) {
$decoded = str_pad(base64_decode(str_pad(strtr($cookie, '-_', '+/'), strlen($cookie) % 4, '=', STR_PAD_RIGHT)), 37, "\0"); $method = 'Misuzu';
$unpacked = unpack('Cversion/Nuser/H*token', $decoded); $signature = sprintf('verify#%s#%s#%s', $method, $cookie, $_SERVER['REMOTE_ADDR']);
$signature = hash_hmac('sha256', $signature, $secret);
if(isset($unpacked['version']) && $unpacked['version'] === 1 $login = curl_init($endPoint);
&& isset($unpacked['user']) && $unpacked['user'] > 0) { curl_setopt_array($login, [
$loginRequest = [ CURLOPT_AUTOREFERER => false,
'user_id' => $unpacked['user'], CURLOPT_FAILONERROR => false,
'token' => 'SESS:' . $cookie, CURLOPT_FOLLOWLOCATION => true,
'ip' => $_SERVER['REMOTE_ADDR'], CURLOPT_HEADER => false,
]; CURLOPT_POST => true,
$loginSignature = hash_hmac('sha256', implode('#', $loginRequest), $secret); CURLOPT_POSTFIELDS => http_build_query([
'method' => $method,
$login = curl_init($endPoint); 'token' => $cookie,
curl_setopt_array($login, [ 'ipaddr' => $_SERVER['REMOTE_ADDR'],
CURLOPT_AUTOREFERER => false, ], '', '&', PHP_QUERY_RFC3986),
CURLOPT_FAILONERROR => false, CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true, CURLOPT_TCP_FASTOPEN => true,
CURLOPT_HEADER => false, CURLOPT_CONNECTTIMEOUT => 2,
CURLOPT_POST => true, CURLOPT_MAXREDIRS => 2,
CURLOPT_POSTFIELDS => json_encode($loginRequest), CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 5,
CURLOPT_TCP_FASTOPEN => true, CURLOPT_USERAGENT => 'AJAX Chat',
CURLOPT_CONNECTTIMEOUT => 2, CURLOPT_HTTPHEADER => [
CURLOPT_MAXREDIRS => 2, 'Content-Type: application/x-www-form-urlencoded',
CURLOPT_PROTOCOLS => CURLPROTO_HTTPS, 'X-SharpChat-Signature: ' . $signature,
CURLOPT_TIMEOUT => 5, ],
CURLOPT_USERAGENT => 'AJAX Chat', ]);
CURLOPT_HTTPHEADER => [ $userInfo = json_decode(curl_exec($login));
'Content-Type: application/json', curl_close($login);
'X-SharpChat-Signature: ' . $loginSignature,
],
]);
$userInfo = json_decode(curl_exec($login));
curl_close($login);
}
} }
if(empty($userInfo->success)) { if(empty($userInfo->success)) {