mirror of
https://github.com/openvk/openvk
synced 2024-12-27 11:01:28 +03:00
42 lines
No EOL
1.4 KiB
PHP
42 lines
No EOL
1.4 KiB
PHP
<?php declare(strict_types=1);
|
|
namespace openvk\VKAPI\Handlers;
|
|
use openvk\Web\Models\Repositories\Applications;
|
|
|
|
final class Pay extends VKAPIRequestHandler
|
|
{
|
|
function getIdByMarketingId(string $marketing_id): int
|
|
{
|
|
[$hexId, $signature] = explode("_", $marketing_id);
|
|
try {
|
|
$key = CHANDLER_ROOT_CONF["security"]["secret"];
|
|
if(sodium_memcmp(base64_decode($signature), hash_hmac("sha512/224", $hexId, $key, true)) == -1)
|
|
$this->fail(4, "Invalid marketing id");
|
|
} catch (\SodiumException $e) {
|
|
$this->fail(4, "Invalid marketing id");
|
|
}
|
|
|
|
return hexdec($hexId);
|
|
}
|
|
|
|
function verifyOrder(int $app_id, float $amount, string $signature): bool
|
|
{
|
|
$this->requireUser();
|
|
|
|
$app = (new Applications())->get($app_id);
|
|
if(!$app)
|
|
$this->fail(26, "No app found with this id");
|
|
else if($app->getOwner()->getId() != $this->getUser()->getId())
|
|
$this->fail(15, "Access error");
|
|
|
|
[$time, $signature] = explode(",", $signature);
|
|
try {
|
|
$key = CHANDLER_ROOT_CONF["security"]["secret"];
|
|
if(sodium_memcmp($signature, hash_hmac("whirlpool", "$app_id:$amount:$time", $key)) == -1)
|
|
$this->fail(4, "Invalid order");
|
|
} catch (\SodiumException $e) {
|
|
$this->fail(4, "Invalid order");
|
|
}
|
|
|
|
return true;
|
|
}
|
|
} |