diff --git a/src/Auth/MisuzuAuth.php b/src/Auth/MisuzuAuth.php index a6ff341..01cebcf 100644 --- a/src/Auth/MisuzuAuth.php +++ b/src/Auth/MisuzuAuth.php @@ -16,17 +16,11 @@ class MisuzuAuth implements IAuth { public function getName(): string { return 'Misuzu'; } public function verifyToken(string $token): int { - $packed = str_pad(Serialiser::uriBase64()->deserialise($token, true), 37, "\x00"); - $unpacked = unpack('Cversion/Nuser/H64token', $packed); + if(!empty($token)) { + $method = 'Misuzu'; + $signature = sprintf('verify#%s#%s#%s', $method, $token, $_SERVER['REMOTE_ADDR']); + $signature = hash_hmac('sha256', $signature, $this->secretKey); - if(isset($unpacked['version']) && $unpacked['version'] === 1 - && isset($unpacked['user']) && $unpacked['user'] > 0) { - $loginRequest = [ - 'user_id' => $unpacked['user'], - 'token' => 'SESS:' . $token, - 'ip' => $_SERVER['REMOTE_ADDR'], - ]; - $loginSignature = hash_hmac('sha256', implode('#', $loginRequest), $this->secretKey); $login = curl_init($this->endPoint); curl_setopt_array($login, [ CURLOPT_AUTOREFERER => false, @@ -34,7 +28,11 @@ class MisuzuAuth implements IAuth { CURLOPT_FOLLOWLOCATION => true, CURLOPT_HEADER => false, CURLOPT_POST => true, - CURLOPT_POSTFIELDS => json_encode($loginRequest), + CURLOPT_POSTFIELDS => http_build_query([ + 'method' => $method, + 'token' => $token, + 'ipaddr' => $_SERVER['REMOTE_ADDR'], + ], '', '&', PHP_QUERY_RFC3986), CURLOPT_RETURNTRANSFER => true, CURLOPT_TCP_FASTOPEN => true, CURLOPT_CONNECTTIMEOUT => 2, @@ -43,8 +41,8 @@ class MisuzuAuth implements IAuth { CURLOPT_TIMEOUT => 5, CURLOPT_USERAGENT => 'Flashii EEPROM', CURLOPT_HTTPHEADER => [ - 'Content-Type: application/json', - 'X-SharpChat-Signature: ' . $loginSignature, + 'Content-Type: application/x-www-form-urlencoded', + 'X-SharpChat-Signature: ' . $signature, ], ]); $userInfo = json_decode(curl_exec($login));