cloud_bbb/lib/Middleware/HookMiddleware.php

70 lines
1.5 KiB
PHP
Raw Normal View History

<?php
namespace OCA\BigBlueButton\Middleware;
use OCA\BigBlueButton\Controller\HookController;
use OCA\BigBlueButton\NoPermissionException;
use OCA\BigBlueButton\NotFoundException;
use OCA\BigBlueButton\Crypto;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http;
use OCP\AppFramework\Middleware;
use OCP\IRequest;
class HookMiddleware extends Middleware {
/** @var IRequest */
private $request;
/** @var Crypto */
private $crypto;
public function __construct(IRequest $request, Crypto $crypto) {
$this->request = $request;
$this->crypto = $crypto;
}
public function beforeController($controller, $methodName) {
if (!($controller instanceof HookController)) {
return;
}
$token = $this->request->getParam('token');
if ($token === null) {
throw new NotFoundException();
}
$mac = $this->request->getParam('mac');
if ($mac === null) {
throw new NoPermissionException();
}
if (!$this->crypto->verifyHMAC($token, $mac)) {
throw new NoPermissionException();
}
$controller->setToken($token);
if ($controller->isValidToken()) {
return;
}
throw new NotFoundException();
}
public function afterException($controller, $methodName, \Exception $exception) {
if (!($controller instanceof HookController)) {
throw $exception;
}
if ($exception instanceof NotFoundException) {
return new JSONResponse(null, Http::STATUS_NOT_FOUND);
}
if ($exception instanceof NoPermissionException) {
return new JSONResponse(null, Http::STATUS_FORBIDDEN);
}
throw $exception;
}
}