Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove unused StandardMethods and improve session logic

Browse source
This commit is contained in:
netkas 2024-12-12 04:33:10 -05:00
parent 86435a3d0b
commit 701acfde35
30 changed files with 1032 additions and 704 deletions
Download patch file Download diff file Expand all files Collapse all files

323
src/Socialbox/Objects/ClientRequest.php
View file

@ -1,142 +1,245 @@
<?php
namespace Socialbox\Objects;
namespace Socialbox\Objects;
use RuntimeException;
use Socialbox\Classes\Cryptography;
use Socialbox\Enums\StandardError;
use Socialbox\Enums\StandardHeaders;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\StandardException;
use Socialbox\Managers\SessionManager;
use InvalidArgumentException;
use Socialbox\Classes\Cryptography;
use Socialbox\Classes\Utilities;
use Socialbox\Enums\SessionState;
use Socialbox\Enums\StandardHeaders;
use Socialbox\Enums\Types\RequestType;
use Socialbox\Exceptions\CryptographyException;
use Socialbox\Exceptions\RequestException;
use Socialbox\Managers\SessionManager;
use Socialbox\Objects\Database\SessionRecord;
class ClientRequest
{
/**
* @var array
*/
private array $headers;
/**
* @var RpcRequest[]
*/
private array $requests;
/**
* @var string
*/
private string $requestHash;
/**
* ClientRequest constructor.
*
* @param array $headers The headers of the request
* @param RpcRequest[] $requests The RPC requests of the client
*/
public function __construct(array $headers, array $requests, string $requestHash)
class ClientRequest
{
$this->headers = $headers;
$this->requests = $requests;
$this->requestHash = $requestHash;
}
private array $headers;
private RequestType $requestType;
private ?string $requestBody;
/**
* @return array
*/
public function getHeaders(): array
{
return $this->headers;
}
private string $clientName;
private string $clientVersion;
private ?string $identifyAs;
private ?string $sessionUuid;
private ?string $signature;
/**
* @return RpcRequest[]
*/
public function getRequests(): array
{
return $this->requests;
}
public function getHash(): string
{
return $this->requestHash;
}
public function getClientName(): string
{
return $this->headers[StandardHeaders::CLIENT_NAME->value];
}
public function getClientVersion(): string
{
return $this->headers[StandardHeaders::CLIENT_VERSION->value];
}
public function getSessionUuid(): ?string
{
if(!isset($this->headers[StandardHeaders::SESSION_UUID->value]))
public function __construct(array $headers, ?string $requestBody)
{
return null;
$this->headers = $headers;
$this->requestBody = $requestBody;
$this->clientName = $headers[StandardHeaders::CLIENT_NAME->value];
$this->clientVersion = $headers[StandardHeaders::CLIENT_VERSION->value];
$this->requestType = RequestType::from($headers[StandardHeaders::REQUEST_TYPE->value]);
$this->identifyAs = $headers[StandardHeaders::IDENTIFY_AS->value] ?? null;
$this->sessionUuid = $headers[StandardHeaders::SESSION_UUID->value] ?? null;
$this->signature = $headers[StandardHeaders::SIGNATURE->value] ?? null;
}
return $this->headers[StandardHeaders::SESSION_UUID->value];
}
public function getFromPeer(): ?PeerAddress
{
if(!isset($this->headers[StandardHeaders::FROM_PEER->value]))
public function getHeaders(): array
{
return null;
return $this->headers;
}
return PeerAddress::fromAddress($this->headers[StandardHeaders::FROM_PEER->value]);
}
public function getSignature(): ?string
{
if(!isset($this->headers[StandardHeaders::SIGNATURE->value]))
public function headerExists(StandardHeaders|string $header): bool
{
return null;
if(is_string($header))
{
return isset($this->headers[$header]);
}
return isset($this->headers[$header->value]);
}
return $this->headers[StandardHeaders::SIGNATURE->value];
}
/**
* @return bool
* @throws DatabaseOperationException
*/
public function verifySignature(): bool
{
$signature = $this->getSignature();
$sessionUuid = $this->getSessionUuid();
if($signature == null || $sessionUuid == null)
public function getHeader(StandardHeaders|string $header): ?string
{
return false;
if(!$this->headerExists($header))
{
return null;
}
if(is_string($header))
{
return $this->headers[$header];
}
return $this->headers[$header->value];
}
try
public function getRequestBody(): ?string
{
$session = SessionManager::getSession($sessionUuid);
return $this->requestBody;
}
catch(StandardException $e)
public function getClientName(): string
{
if($e->getStandardError() == StandardError::SESSION_NOT_FOUND)
return $this->clientName;
}
public function getClientVersion(): string
{
return $this->clientVersion;
}
public function getRequestType(): RequestType
{
return $this->requestType;
}
public function getIdentifyAs(): ?PeerAddress
{
if($this->identifyAs === null)
{
return null;
}
return PeerAddress::fromAddress($this->identifyAs);
}
public function getSessionUuid(): ?string
{
return $this->sessionUuid;
}
public function getSession(): ?SessionRecord
{
if($this->sessionUuid === null)
{
return null;
}
return SessionManager::getSession($this->sessionUuid);
}
public function getSignature(): ?string
{
return $this->signature;
}
private function verifySignature(string $decryptedContent): bool
{
if($this->getSignature() == null || $this->getSessionUuid() == null)
{
return false;
}
throw new RuntimeException($e);
try
{
return Cryptography::verifyContent(hash('sha1', $decryptedContent), $this->getSignature(), $this->getSession()->getPublicKey());
}
catch(CryptographyException)
{
return false;
}
}
try
/**
* Handles a POST request, returning an array of RpcRequest objects
* expects a JSON encoded body with either a single RpcRequest object or an array of RpcRequest objects
*
* @return RpcRequest[] The parsed RpcRequest objects
* @throws RequestException Thrown if the request is invalid
*/
public function getRpcRequests(): array
{
return Cryptography::verifyContent($this->getHash(), $signature, $session->getPublicKey());
if($this->getSessionUuid() === null)
{
throw new RequestException("Session UUID required", 400);
}
// Get the existing session
$session = $this->getSession();
// If we're awaiting a DHE, encryption is not possible at this point
if($session->getState() === SessionState::AWAITING_DHE)
{
throw new RequestException("DHE exchange required", 400);
}
// If the session is not active, we can't serve these requests
if($session->getState() !== SessionState::ACTIVE)
{
throw new RequestException("Session is not active", 400);
}
// Attempt to decrypt the content and verify the signature of the request
try
{
$decrypted = Cryptography::decryptTransport($this->requestBody, $session->getEncryptionKey());
if(!$this->verifySignature($decrypted))
{
throw new RequestException("Invalid request signature", 401);
}
}
catch (CryptographyException $e)
{
throw new RequestException("Failed to decrypt request body", 400, $e);
}
// At this stage, all checks has passed; we can try parsing the RPC request
try
{
// Decode the request body
$body = Utilities::jsonDecode($decrypted);
}
catch(InvalidArgumentException $e)
{
throw new RequestException("Invalid JSON in request body: " . $e->getMessage(), 400, $e);
}
// If the body only contains a method, we assume it's a single request
if(isset($body['method']))
{
return [$this->parseRequest($body)];
}
// Otherwise, we assume it's an array of requests
return array_map(fn($request) => $this->parseRequest($request), $body);
}
catch(CryptographyException $e)
/**
* Parses the raw request data into an RpcRequest object
*
* @param array $data The raw request data
* @return RpcRequest The parsed RpcRequest object
* @throws RequestException If the request is invalid
*/
private function parseRequest(array $data): RpcRequest
{
return false;
if(!isset($data['method']))
{
throw new RequestException("Missing 'method' key in request", 400);
}
if(isset($data['id']))
{
if(!is_string($data['id']))
{
throw new RequestException("Invalid 'id' key in request: Expected string", 400);
}
if(strlen($data['id']) === 0)
{
throw new RequestException("Invalid 'id' key in request: Expected non-empty string", 400);
}
if(strlen($data['id']) > 8)
{
throw new RequestException("Invalid 'id' key in request: Expected string of length <= 8", 400);
}
}
if(isset($data['parameters']))
{
if(!is_array($data['parameters']))
{
throw new RequestException("Invalid 'parameters' key in request: Expected array", 400);
}
}
return new RpcRequest($data['method'], $data['id'] ?? null, $data['parameters'] ?? null);
}
}
}
}