mirror of
https://github.com/openvk/openvk
synced 2025-02-08 16:01:00 +03:00
Alexander Minkin
6ec54a379d
* feat(lint): add php-cs-fixer for linting Removing previous CODE_STYLE as it was not enforced anyway and using PER-CS 2.0. This is not the reformatting commit. * style: format code according to PER-CS 2.0 with php-cs-fixer * ci(actions): add lint action Resolves #1132.
49 lines
1.5 KiB
PHP
49 lines
1.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace openvk\VKAPI\Handlers;
|
|
|
|
use openvk\Web\Models\Repositories\Applications;
|
|
|
|
final class Pay extends VKAPIRequestHandler
|
|
{
|
|
public function getIdByMarketingId(string $marketing_id): int
|
|
{
|
|
[$hexId, $signature] = explode("_", $marketing_id);
|
|
try {
|
|
$key = CHANDLER_ROOT_CONF["security"]["secret"];
|
|
if (sodium_memcmp(base64_decode($signature), hash_hmac("sha512/224", $hexId, $key, true)) == -1) {
|
|
$this->fail(4, "Invalid marketing id");
|
|
}
|
|
} catch (\SodiumException $e) {
|
|
$this->fail(4, "Invalid marketing id");
|
|
}
|
|
|
|
return hexdec($hexId);
|
|
}
|
|
|
|
public function verifyOrder(int $app_id, float $amount, string $signature): bool
|
|
{
|
|
$this->requireUser();
|
|
|
|
$app = (new Applications())->get($app_id);
|
|
if (!$app) {
|
|
$this->fail(26, "No app found with this id");
|
|
} elseif ($app->getOwner()->getId() != $this->getUser()->getId()) {
|
|
$this->fail(15, "Access error");
|
|
}
|
|
|
|
[$time, $signature] = explode(",", $signature);
|
|
try {
|
|
$key = CHANDLER_ROOT_CONF["security"]["secret"];
|
|
if (sodium_memcmp($signature, hash_hmac("whirlpool", "$app_id:$amount:$time", $key)) == -1) {
|
|
$this->fail(4, "Invalid order");
|
|
}
|
|
} catch (\SodiumException $e) {
|
|
$this->fail(4, "Invalid order");
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|