diff --git a/app/src/Middleware/API.php b/app/src/Middleware/API.php index c44cbdd..5babcd5 100644 --- a/app/src/Middleware/API.php +++ b/app/src/Middleware/API.php @@ -88,7 +88,7 @@ class API $data = $this->externalPaths[$basePath][$subPath]; if (isset($data['validator'])) { $method = [$data['validator'], 'validateToken']; - if ($method($request, $data['token'])) { + if ($method($request, $data)) { return true; } } diff --git a/app/src/Service/Venta/MediosPago/Toku.php b/app/src/Service/Venta/MediosPago/Toku.php index 460c595..8885461 100644 --- a/app/src/Service/Venta/MediosPago/Toku.php +++ b/app/src/Service/Venta/MediosPago/Toku.php @@ -395,16 +395,24 @@ class Toku extends Ideal\Service return $data; } - public static function validateToken(ServerRequestInterface $request, string $token): bool + public static function validateToken(ServerRequestInterface $request, array $tokenConfig): bool { - $tokenHeader = $request->getHeader('token'); - if (is_array($tokenHeader)) { - $tokenHeader = $tokenHeader[0]; + if (!$request->hasHeader('User-Agent') or !str_starts_with($request->getHeaderLine('User-Agent'), 'Toku-Webhooks')) { + return false; } - $json = json_decode($tokenHeader, true); - if ($json !== null) { - $tokenHeader = $json; + if (!$request->hasHeader('X-Datadog-Tags') or !$request->hasHeader('Tracestate')) { + return false; } - return strtolower($tokenHeader['header']) === 'x-api-key' and $tokenHeader['token'] === $token; + if (!$request->hasHeader('Toku-Signature')) { + return false; + } + + $tracestate = explode(';', substr($request->getHeaderLine('Tracestate'), strlen('dd='))); + $ptid = substr(array_find($tracestate, fn($item) => str_starts_with($item, 't.tid:')), strlen('t.tid:')); + $datadogTags = explode(',', $request->getHeaderLine('X-Datadog-Tags')); + $tid = array_find($datadogTags, fn($item) => str_contains($item, 'p.tid=')); + $tid = substr($tid, strpos($tid, 'p.tid=') + strlen('p.tid=')); + + return $tid === $ptid; } }