Updated authentication.

2023-05-21 17:55:10 +00:00 · 2023-05-21 17:55:10 +00:00 · 956b132aff
parent e74e6b1711
commit 956b132aff
1 changed files with 11 additions and 13 deletions
--- a/src/Auth/MisuzuAuth.php
+++ b/src/Auth/MisuzuAuth.php
@ -16,17 +16,11 @@ class MisuzuAuth implements IAuth {
    public function getName(): string { return 'Misuzu'; }

    public function verifyToken(string $token): int {
-        $packed = str_pad(Serialiser::uriBase64()->deserialise($token, true), 37, "\x00");
-        $unpacked = unpack('Cversion/Nuser/H64token', $packed);
+        if(!empty($token)) {
+            $method = 'Misuzu';
+            $signature = sprintf('verify#%s#%s#%s', $method, $token, $_SERVER['REMOTE_ADDR']);
+            $signature = hash_hmac('sha256', $signature, $this->secretKey);

-        if(isset($unpacked['version']) && $unpacked['version'] === 1
-            && isset($unpacked['user']) && $unpacked['user'] > 0) {
-            $loginRequest = [
-                'user_id' => $unpacked['user'],
-                'token' => 'SESS:' . $token,
-                'ip' => $_SERVER['REMOTE_ADDR'],
-            ];
-            $loginSignature = hash_hmac('sha256', implode('#', $loginRequest), $this->secretKey);
            $login = curl_init($this->endPoint);
            curl_setopt_array($login, [
                CURLOPT_AUTOREFERER => false,
@ -34,7 +28,11 @@ class MisuzuAuth implements IAuth {
                CURLOPT_FOLLOWLOCATION => true,
                CURLOPT_HEADER => false,
                CURLOPT_POST => true,
-                CURLOPT_POSTFIELDS => json_encode($loginRequest),
+                CURLOPT_POSTFIELDS => http_build_query([
+                    'method' => $method,
+                    'token' => $token,
+                    'ipaddr' => $_SERVER['REMOTE_ADDR'],
+                ], '', '&', PHP_QUERY_RFC3986),
                CURLOPT_RETURNTRANSFER => true,
                CURLOPT_TCP_FASTOPEN => true,
                CURLOPT_CONNECTTIMEOUT => 2,
@ -43,8 +41,8 @@ class MisuzuAuth implements IAuth {
                CURLOPT_TIMEOUT => 5,
                CURLOPT_USERAGENT => 'Flashii EEPROM',
                CURLOPT_HTTPHEADER => [
-                    'Content-Type: application/json',
-                    'X-SharpChat-Signature: ' . $loginSignature,
+                    'Content-Type: application/x-www-form-urlencoded',
+                    'X-SharpChat-Signature: ' . $signature,
                ],
            ]);
            $userInfo = json_decode(curl_exec($login));