Validar con headers
This commit is contained in:
Juan Pablo Vial
@ -88,7 +88,7 @@ class API
|
||||
$data = $this->externalPaths[$basePath][$subPath];
|
||||
if (isset($data['validator'])) {
|
||||
$method = [$data['validator'], 'validateToken'];
|
||||
if ($method($request, $data['token'])) {
|
||||
if ($method($request, $data)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@ -395,16 +395,24 @@ class Toku extends Ideal\Service
|
||||
return $data;
|
||||
}
|
||||
|
||||
public static function validateToken(ServerRequestInterface $request, string $token): bool
|
||||
public static function validateToken(ServerRequestInterface $request, array $tokenConfig): bool
|
||||
{
|
||||
$tokenHeader = $request->getHeader('token');
|
||||
if (is_array($tokenHeader)) {
|
||||
$tokenHeader = $tokenHeader[0];
|
||||
if (!$request->hasHeader('User-Agent') or !str_starts_with($request->getHeaderLine('User-Agent'), 'Toku-Webhooks')) {
|
||||
return false;
|
||||
}
|
||||
$json = json_decode($tokenHeader, true);
|
||||
if ($json !== null) {
|
||||
$tokenHeader = $json;
|
||||
if (!$request->hasHeader('X-Datadog-Tags') or !$request->hasHeader('Tracestate')) {
|
||||
return false;
|
||||
}
|
||||
return strtolower($tokenHeader['header']) === 'x-api-key' and $tokenHeader['token'] === $token;
|
||||
if (!$request->hasHeader('Toku-Signature')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$tracestate = explode(';', substr($request->getHeaderLine('Tracestate'), strlen('dd=')));
|
||||
$ptid = substr(array_find($tracestate, fn($item) => str_starts_with($item, 't.tid:')), strlen('t.tid:'));
|
||||
$datadogTags = explode(',', $request->getHeaderLine('X-Datadog-Tags'));
|
||||
$tid = array_find($datadogTags, fn($item) => str_contains($item, 'p.tid='));
|
||||
$tid = substr($tid, strpos($tid, 'p.tid=') + strlen('p.tid='));
|
||||
|
||||
return $tid === $ptid;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user