<?php
namespace App\Subscriber;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\HttpKernel\KernelEvents;
class BettingSignCheckerSubscriber implements EventSubscriberInterface
{
private $secretKey;
public function __construct(string $secretKey)
{
$this->secretKey = $secretKey;
}
public function onKernelRequest(RequestEvent $event)
{
if (!$this->isSupport($event->getRequest())) {
return;
}
if (false === $this->isSignValid($event->getRequest())) {
$response = new JsonResponse([
'code' => 1,
'message' => 'Sign invalid'
], Response::HTTP_BAD_REQUEST);
$event->setResponse($response);
}
}
private function isSupport(Request $request)
{
return substr($request->get('_route'), 0, 11) === 'api_betting'
&& $request->isMethod('POST')
&& $request->headers->has('Authorization')
&& !empty($request->headers->get('Authorization'))
&& substr($request->headers->get('Authorization'), 0, 7) === 'Bearer '
&& "json" === $request->getContentType();
}
private function isSignValid(Request $request)
{
$data = json_decode($request->getContent(), true);
if (json_last_error() !== JSON_ERROR_NONE) {
return false;
}
ksort($data);
$dataSign = md5(json_encode($data) . $this->secretKey);
$requestSign = substr($request->headers->get('Authorization'), 7);
return $dataSign === $requestSign;
}
public static function getSubscribedEvents()
{
return [
KernelEvents::REQUEST => [['onKernelRequest', 2]]
];
}
}