2020-09-22 12:19:48 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace OCA\BigBlueButton\Middleware;
|
|
|
|
|
|
|
|
use OCA\BigBlueButton\Controller\HookController;
|
2020-09-23 12:33:09 +02:00
|
|
|
use OCA\BigBlueButton\Crypto;
|
2020-09-22 12:19:48 +02:00
|
|
|
use OCA\BigBlueButton\NoPermissionException;
|
|
|
|
use OCA\BigBlueButton\NotFoundException;
|
|
|
|
use OCP\AppFramework\Http;
|
2020-09-23 12:33:09 +02:00
|
|
|
use OCP\AppFramework\Http\JSONResponse;
|
2020-09-22 12:19:48 +02:00
|
|
|
use OCP\AppFramework\Middleware;
|
|
|
|
use OCP\IRequest;
|
|
|
|
|
|
|
|
class HookMiddleware extends Middleware {
|
|
|
|
/** @var IRequest */
|
|
|
|
private $request;
|
|
|
|
|
|
|
|
/** @var Crypto */
|
|
|
|
private $crypto;
|
|
|
|
|
|
|
|
public function __construct(IRequest $request, Crypto $crypto) {
|
|
|
|
$this->request = $request;
|
|
|
|
$this->crypto = $crypto;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function beforeController($controller, $methodName) {
|
|
|
|
if (!($controller instanceof HookController)) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
$token = $this->request->getParam('token');
|
|
|
|
if ($token === null) {
|
|
|
|
throw new NotFoundException();
|
|
|
|
}
|
|
|
|
|
|
|
|
$mac = $this->request->getParam('mac');
|
|
|
|
if ($mac === null) {
|
|
|
|
throw new NoPermissionException();
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!$this->crypto->verifyHMAC($token, $mac)) {
|
|
|
|
throw new NoPermissionException();
|
|
|
|
}
|
|
|
|
|
|
|
|
$controller->setToken($token);
|
|
|
|
|
|
|
|
if ($controller->isValidToken()) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
throw new NotFoundException();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function afterException($controller, $methodName, \Exception $exception) {
|
|
|
|
if (!($controller instanceof HookController)) {
|
|
|
|
throw $exception;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($exception instanceof NotFoundException) {
|
|
|
|
return new JSONResponse(null, Http::STATUS_NOT_FOUND);
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($exception instanceof NoPermissionException) {
|
|
|
|
return new JSONResponse(null, Http::STATUS_FORBIDDEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
throw $exception;
|
|
|
|
}
|
|
|
|
}
|