Adjusted authentication code.

This commit is contained in:
flash 2023-05-21 16:50:15 +00:00
parent f513d229fe
commit 1cd3a50415

View file

@ -7,12 +7,9 @@ use Index\Data\IDbConnection;
final class ChatAuth { final class ChatAuth {
public static function attempt(IDbConnection $db, string $endPoint, string $secret, string $cookie): object { public static function attempt(IDbConnection $db, string $endPoint, string $secret, string $cookie): object {
if(!empty($cookie)) { if(!empty($cookie)) {
$params = [ $method = 'Misuzu';
'method' => 'Misuzu', $signature = sprintf('verify#%s#%s#%s', $method, $cookie, $_SERVER['REMOTE_ADDR']);
'token' => $cookie, $signature = hash_hmac('sha256', $signature, $secret);
'ipaddr' => $_SERVER['REMOTE_ADDR'],
];
$loginSignature = hash_hmac('sha256', "verify#{$params['method']}#{$params['token']}#{$params['ipaddr']}", $secret);
$login = curl_init($endPoint); $login = curl_init($endPoint);
curl_setopt_array($login, [ curl_setopt_array($login, [
@ -21,16 +18,21 @@ final class ChatAuth {
CURLOPT_FOLLOWLOCATION => true, CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HEADER => false, CURLOPT_HEADER => false,
CURLOPT_POST => true, CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $params, CURLOPT_POSTFIELDS => http_build_query([
'method' => $method,
'token' => $cookie,
'ipaddr' => $_SERVER['REMOTE_ADDR'],
], '', '&', PHP_QUERY_RFC3986),
CURLOPT_RETURNTRANSFER => true, CURLOPT_RETURNTRANSFER => true,
CURLOPT_TCP_FASTOPEN => true, CURLOPT_TCP_FASTOPEN => true,
CURLOPT_CONNECTTIMEOUT => 2, CURLOPT_CONNECTTIMEOUT => 2,
CURLOPT_MAXREDIRS => 2, CURLOPT_MAXREDIRS => 2,
CURLOPT_PROTOCOLS => CURLPROTO_HTTPS, CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
CURLOPT_TIMEOUT => 5, CURLOPT_TIMEOUT => 5,
CURLOPT_USERAGENT => 'mc.flashii.net', CURLOPT_USERAGENT => 'Mince',
CURLOPT_HTTPHEADER => [ CURLOPT_HTTPHEADER => [
'X-SharpChat-Signature: ' . $loginSignature, 'Content-Type: application/x-www-form-urlencoded',
'X-SharpChat-Signature: ' . $signature,
], ],
]); ]);
$userInfo = json_decode(curl_exec($login)); $userInfo = json_decode(curl_exec($login));