diff --git a/src/Socialbox/Abstracts/Method.php b/src/Socialbox/Abstracts/Method.php index beac6a0..39d9012 100644 --- a/src/Socialbox/Abstracts/Method.php +++ b/src/Socialbox/Abstracts/Method.php @@ -1,26 +1,21 @@ getMessage(), 400, $e); - } - - $clientRequest = new ClientRequestOld($headers, self::getRpcRequests(), self::getRequestHash()); - - // Verify the session & request signature - if($clientRequest->getSessionUuid() !== null) - { - // If no signature is provided, it must be required if the client is providing a Session UUID - if($clientRequest->getSignature() === null) - { - throw new RpcException(sprintf('Unauthorized request, signature required for session based requests'), 401); - } - - try - { - $session = SessionManager::getSession($clientRequest->getSessionUuid()); - } - catch(StandardException $e) - { - throw new RpcException($e->getMessage(), 400); - } - catch(DatabaseOperationException $e) - { - throw new RpcException('Failed to verify session', 500, $e); - } - - try - { - if(!Cryptography::verifyContent($clientRequest->getHash(), $clientRequest->getSignature(), $session->getPublicKey())) - { - throw new RpcException('Request signature check failed', 400); - } - } - catch(RpcException $e) - { - throw $e; - } - catch(Exception $e) - { - throw new RpcException('Request signature check failed (Cryptography Error): ' . $e->getMessage(), 400, $e); - } - } - - return $clientRequest; - } - - /** - * Returns the request hash by hashing the request body using SHA256 - * - * @return string Returns the request hash in SHA256 representation - */ - private static function getRequestHash(): string - { - return hash('sha1', file_get_contents('php://input')); - } - - /** - * Handles a POST request, returning an array of RpcRequest objects - * expects a JSON encoded body with either a single RpcRequest object or an array of RpcRequest objects - * - * @return RpcRequest[] The parsed RpcRequest objects - * @throws RpcException Thrown if the request is invalid - */ - private static function getRpcRequests(): array - { - try - { - // Decode the request body - $body = Utilities::jsonDecode(file_get_contents('php://input')); - } - catch(InvalidArgumentException $e) - { - throw new RpcException("Invalid JSON in request body: " . $e->getMessage(), 400, $e); - } - - if(isset($body['method'])) - { - // If it only contains a method, we assume it's a single request - return [self::parseRequest($body)]; - } - - // Otherwise, we assume it's an array of requests - return array_map(fn($request) => self::parseRequest($request), $body); - } - - /** - * Parses the raw request data into an RpcRequest object - * - * @param array $data The raw request data - * @return RpcRequest The parsed RpcRequest object - * @throws RpcException If the request is invalid - */ - private static function parseRequest(array $data): RpcRequest - { - if(!isset($data['method'])) - { - throw new RpcException("Missing 'method' key in request", 400); - } - - if(isset($data['id'])) - { - if(!is_string($data['id'])) - { - throw new RpcException("Invalid 'id' key in request: Expected string", 400); - } - - if(strlen($data['id']) === 0) - { - throw new RpcException("Invalid 'id' key in request: Expected non-empty string", 400); - } - - if(strlen($data['id']) > 8) - { - throw new RpcException("Invalid 'id' key in request: Expected string of length <= 8", 400); - } - } - - if(isset($data['parameters'])) - { - if(!is_array($data['parameters'])) - { - throw new RpcException("Invalid 'parameters' key in request: Expected array", 400); - } - } - - return new RpcRequest($data['method'], $data['id'] ?? null, $data['parameters'] ?? null); - } -} \ No newline at end of file diff --git a/src/Socialbox/Classes/StandardMethods/Ping.php b/src/Socialbox/Classes/StandardMethods/Ping.php index 93724a9..4fe2094 100644 --- a/src/Socialbox/Classes/StandardMethods/Ping.php +++ b/src/Socialbox/Classes/StandardMethods/Ping.php @@ -5,7 +5,6 @@ use Socialbox\Abstracts\Method; use Socialbox\Interfaces\SerializableInterface; use Socialbox\Objects\ClientRequest; - use Socialbox\Objects\ClientRequestOld; use Socialbox\Objects\RpcRequest; class Ping extends Method diff --git a/src/Socialbox/Classes/StandardMethods/VerificationAnswerImageCaptcha.php b/src/Socialbox/Classes/StandardMethods/VerificationAnswerImageCaptcha.php index d5234c4..790dee9 100644 --- a/src/Socialbox/Classes/StandardMethods/VerificationAnswerImageCaptcha.php +++ b/src/Socialbox/Classes/StandardMethods/VerificationAnswerImageCaptcha.php @@ -3,17 +3,14 @@ namespace Socialbox\Classes\StandardMethods; use Socialbox\Abstracts\Method; - use Socialbox\Enums\Flags\PeerFlags; use Socialbox\Enums\Flags\SessionFlags; use Socialbox\Enums\StandardError; use Socialbox\Exceptions\DatabaseOperationException; use Socialbox\Exceptions\StandardException; use Socialbox\Interfaces\SerializableInterface; use Socialbox\Managers\CaptchaManager; - use Socialbox\Managers\RegisteredPeerManager; use Socialbox\Managers\SessionManager; use Socialbox\Objects\ClientRequest; - use Socialbox\Objects\ClientRequestOld; use Socialbox\Objects\RpcRequest; class VerificationAnswerImageCaptcha extends Method diff --git a/src/Socialbox/Objects/ClientRequestOld.php b/src/Socialbox/Objects/ClientRequestOld.php deleted file mode 100644 index 036a26b..0000000 --- a/src/Socialbox/Objects/ClientRequestOld.php +++ /dev/null @@ -1,162 +0,0 @@ -headers = $headers; - $this->requests = $requests; - $this->requestHash = $requestHash; - } - - /** - * @return array - */ - public function getHeaders(): array - { - return $this->headers; - } - - /** - * @return RpcRequest[] - */ - public function getRequests(): array - { - return $this->requests; - } - - public function getHash(): string - { - return $this->requestHash; - } - - public function getClientName(): string - { - return $this->headers[StandardHeaders::CLIENT_NAME->value]; - } - - public function getClientVersion(): string - { - return $this->headers[StandardHeaders::CLIENT_VERSION->value]; - } - - public function getSessionUuid(): ?string - { - if(!isset($this->headers[StandardHeaders::SESSION_UUID->value])) - { - return null; - } - - return $this->headers[StandardHeaders::SESSION_UUID->value]; - } - - public function getFromPeer(): ?PeerAddress - { - if(!isset($this->headers[StandardHeaders::FROM_PEER->value])) - { - return null; - } - - return PeerAddress::fromAddress($this->headers[StandardHeaders::FROM_PEER->value]); - } - - public function getSignature(): ?string - { - if(!isset($this->headers[StandardHeaders::SIGNATURE->value])) - { - return null; - } - - return $this->headers[StandardHeaders::SIGNATURE->value]; - } - - public function validateSession(): void - { - if($this->getSessionUuid() == null) - { - throw new StandardException(StandardError::SESSION_REQUIRED->getMessage(), StandardError::SESSION_REQUIRED); - } - - $session = SessionManager::getSession($this->getSessionUuid()); - - switch($session->getState()) - { - case SessionState::AWAITING_DHE: - throw new StandardException(StandardError::SESSION_DHE_REQUIRED->getMessage(), StandardError::SESSION_DHE_REQUIRED); - - case SessionState::EXPIRED: - throw new StandardException(StandardError::SESSION_EXPIRED->getMessage(), StandardError::SESSION_EXPIRED); - } - } - - /** - * @return bool - * @throws DatabaseOperationException - */ - public function verifySignature(): bool - { - $signature = $this->getSignature(); - $sessionUuid = $this->getSessionUuid(); - - if($signature == null || $sessionUuid == null) - { - return false; - } - - try - { - $session = SessionManager::getSession($sessionUuid); - } - catch(StandardException $e) - { - if($e->getStandardError() == StandardError::SESSION_NOT_FOUND) - { - return false; - } - - throw new RuntimeException($e); - } - - try - { - return Cryptography::verifyContent($this->getHash(), $signature, $session->getPublicKey()); - } - catch(CryptographyException $e) - { - return false; - } - } - } \ No newline at end of file