Skip to content
This repository was archived by the owner on Feb 7, 2024. It is now read-only.

Commit abeef42

Browse files
committed
wip
1 parent 07046c1 commit abeef42

File tree

5 files changed

+91
-12
lines changed

5 files changed

+91
-12
lines changed

composer.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@
2929
"illuminate/http": "5.6.*|5.7.*",
3030
"illuminate/routing": "5.6.*|5.7.*",
3131
"illuminate/support": "5.6.*|5.7.*",
32+
"symfony/http-kernel": "~4.0",
3233
"symfony/psr-http-message-bridge": "^1.1"
3334
},
3435
"require-dev": {

src/LaravelEcho/Http/Controllers/EchoController.php

Lines changed: 30 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,17 +2,21 @@
22

33
namespace BeyondCode\LaravelWebSockets\LaravelEcho\Http\Controllers;
44

5+
use Exception;
56
use Illuminate\Http\Request;
7+
use GuzzleHttp\Psr7 as gPsr;
8+
use GuzzleHttp\Psr7\Response;
69
use Ratchet\ConnectionInterface;
710
use Illuminate\Http\JsonResponse;
811
use GuzzleHttp\Psr7\ServerRequest;
912
use Ratchet\Http\HttpServerInterface;
1013
use Psr\Http\Message\RequestInterface;
14+
use Symfony\Component\HttpKernel\Exception\HttpException;
1115
use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
1216

1317
abstract class EchoController implements HttpServerInterface
1418
{
15-
public function onOpen(ConnectionInterface $conn, RequestInterface $request = null)
19+
public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)
1620
{
1721
$queryParameters = [];
1822
parse_str($request->getUri()->getQuery(), $queryParameters);
@@ -25,22 +29,42 @@ public function onOpen(ConnectionInterface $conn, RequestInterface $request = nu
2529
$request->getProtocolVersion()
2630
))->withQueryParams($queryParameters);
2731

28-
$response = $this(Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest)));
2932

30-
$conn->send(JsonResponse::create($response)->send());
31-
$conn->close();
33+
$laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));
34+
35+
// Always verify the app id
36+
$this->verifyAppId($laravelRequest->appId);
37+
38+
$response = $this($laravelRequest);
39+
40+
$connection->send(JsonResponse::create($response)->send());
41+
$connection->close();
3242
}
3343

3444
function onMessage(ConnectionInterface $from, $msg)
3545
{
3646
}
3747

38-
function onClose(ConnectionInterface $conn)
48+
function onClose(ConnectionInterface $connection)
3949
{
4050
}
4151

42-
function onError(ConnectionInterface $conn, \Exception $e)
52+
function onError(ConnectionInterface $connection, Exception $exception)
53+
{
54+
if ($exception instanceof HttpException)
55+
{
56+
$response = new Response($exception->getStatusCode(), $exception->getHeaders(), $exception->getMessage());
57+
58+
$connection->send(gPsr\str($response));
59+
$connection->close();
60+
}
61+
}
62+
63+
public function verifyAppId(string $appId)
4364
{
65+
if ($appId !== config('broadcasting.connections.pusher.app_id')) {
66+
throw new HttpException(401, 'Invalid App ID provided.');
67+
}
4468
}
4569

4670
abstract public function __invoke(Request $request);
Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
<?php
2+
3+
namespace BeyondCode\LaravelWebSockets\LaravelEcho\Http\Controllers;
4+
5+
use BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Channels\ChannelManager;
6+
use BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Exceptions\InvalidSignatureException;
7+
use Illuminate\Http\Request;
8+
use Symfony\Component\HttpKernel\Exception\HttpException;
9+
10+
class FetchChannel extends EchoController
11+
{
12+
/** @var \BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Channels\ChannelManager */
13+
protected $channelManager;
14+
15+
public function __construct(ChannelManager $channelManager)
16+
{
17+
$this->channelManager = $channelManager;
18+
}
19+
20+
public function __invoke(Request $request)
21+
{
22+
$this->verifySignature($request);
23+
24+
foreach ($request->json()->get('channels', []) as $channelId) {
25+
$channel = $this->channelManager->find($request->appId, $channelId);
26+
27+
optional($channel)->broadcast([
28+
'channel' => $channelId,
29+
'event' => $request->json()->get('name'),
30+
'data' => $request->json()->get('data'),
31+
]);
32+
}
33+
34+
return $request->json()->all();
35+
}
36+
37+
protected function verifySignature(Request $request)
38+
{
39+
$bodyMd5 = md5($request->getContent());
40+
41+
$signature =
42+
"POST\n/apps/{$request->appId}/events\n".
43+
"auth_key={$request->auth_key}".
44+
"&auth_timestamp={$request->auth_timestamp}".
45+
"&auth_version={$request->auth_version}".
46+
"&body_md5={$bodyMd5}";
47+
48+
$authSignature = hash_hmac('sha256', $signature, config('broadcasting.connections.pusher.secret'));
49+
50+
if ($authSignature !== $request->get('auth_signature')) {
51+
throw new HttpException(401, 'Invalid authentication signature.');
52+
}
53+
}
54+
}

src/LaravelEcho/Http/Controllers/EventController.php renamed to src/LaravelEcho/Http/Controllers/TriggerEvent.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,11 @@
22

33
namespace BeyondCode\LaravelWebSockets\LaravelEcho\Http\Controllers;
44

5-
use BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Channels\ChannelManager;
6-
use BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Exceptions\InvalidSignatureException;
75
use Illuminate\Http\Request;
6+
use Symfony\Component\HttpKernel\Exception\HttpException;
7+
use BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Channels\ChannelManager;
88

9-
class EventController extends EchoController
9+
class TriggerEvent extends EchoController
1010
{
1111
/** @var \BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Channels\ChannelManager */
1212
protected $channelManager;
@@ -47,7 +47,7 @@ protected function verifySignature(Request $request)
4747
$authSignature = hash_hmac('sha256', $signature, config('broadcasting.connections.pusher.secret'));
4848

4949
if ($authSignature !== $request->get('auth_signature')) {
50-
throw new InvalidSignatureException();
50+
throw new HttpException(401, 'Invalid auth signature provided.');
5151
}
5252
}
5353
}

src/Router.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,10 +71,10 @@ public function echo()
7171
// TODO: fleshen out http API
7272
$this->get('/apps/{appId}/status', LaravelEcho\Http\Controllers\StatusController::class);
7373
$this->get('/apps/{appId}/channels', LaravelEcho\Http\Controllers\StatusController::class);
74-
$this->get('/apps/{appId}/channels/{channelName}', LaravelEcho\Http\Controllers\StatusController::class);
74+
$this->get('/apps/{appId}/channels/{channelName}', LaravelEcho\Http\Controllers\FetchChannel::class);
7575
$this->get('/apps/{appId}/channels/{channelName}/users', LaravelEcho\Http\Controllers\StatusController::class);
7676

77-
$this->post('/apps/{appId}/events', LaravelEcho\Http\Controllers\EventController::class);
77+
$this->post('/apps/{appId}/events', LaravelEcho\Http\Controllers\TriggerEvent::class);
7878
}
7979

8080
/**

0 commit comments

Comments
 (0)