-
Notifications
You must be signed in to change notification settings - Fork 4.8k
/
api.php
90 lines (74 loc) · 2.02 KB
/
api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php
namespace Opencart\Catalog\Controller\Startup;
/**
* Class Api
*
* @package Opencart\Catalog\Controller\Startup
*/
class Api extends \Opencart\System\Engine\Controller {
/**
* @return \Opencart\System\Engine\Action|null
*/
public function index(): ?\Opencart\System\Engine\Action {
if (isset($this->request->get['route'])) {
$route = (string)$this->request->get['route'];
} else {
$route = '';
}
if (substr($route, 0, 4) == 'api/') {
$status = true;
$required = [
'route',
'username',
'store_id',
'language',
'time',
'signature'
];
foreach ($required as $key) {
if (!isset($this->request->get[$key])) {
$status = false;
}
}
if ($status) {
$this->load->model('user/api');
$api_info = $this->model_user_api->getApiByUsername((string)$this->request->get['username']);
if ($api_info) {
// Check if IP is allowed
$ip_data = [];
$results = $this->model_account_api->getIps($api_info['api_id']);
foreach ($results as $result) {
$ip_data[] = trim($result['ip']);
}
if (!in_array($this->request->server['REMOTE_ADDR'], $ip_data)) {
$status = false;
}
} else {
$status = false;
}
$time = $this->request->get['time'];
$time_start = time() - 450;
$time_end = time() + 450;
if ($time < $time_start && $time > $time_end) {
$status = false;
}
}
if ($status) {
$string = (string)$route . "\n";
$string .= $api_info['username'] . "\n";
$string .= (string)$this->request->server['HTTP_HOST'] . "\n";
$string .= (int)$this->request->get['store_id'] . "\n";
$string .= (string)$this->request->get['language'] . "\n";
$string .= json_encode($this->reqest->post) . "\n";
$string .= $time . "\n";
if ($this->request->get['signature'] != base64_encode(hash_hmac('sha1', $string, $api_info['key'], 1))) {
$status = false;
}
}
if (!$status) {
return new \Opencart\System\Engine\Action('error/permission');
}
}
return null;
}
}