Use new SharpChat authentication format.

2023-02-25 21:01:13 +00:00 · 2023-02-25 21:01:13 +00:00 · cddfe1b904
parent 44447d74ad
commit cddfe1b904
1 changed files with 27 additions and 34 deletions
--- a/src/ChatAuth.php
+++ b/src/ChatAuth.php
@ -7,41 +7,34 @@ use Index\Data\IDbConnection;
 final class ChatAuth {
    public static function attempt(IDbConnection $db, string $endPoint, string $secret, string $cookie): object {
        if(!empty($cookie)) {
-            $decoded = str_pad(base64_decode(str_pad(strtr($cookie, '-_', '+/'), strlen($cookie) % 4, '=', STR_PAD_RIGHT)), 37, "\0");
-            $unpacked = unpack('Cversion/Nuser/H*token', $decoded);
+            $params = [
+                'method' => 'Misuzu',
+                'token' => $cookie,
+                'ipaddr' => $_SERVER['REMOTE_ADDR'],
+            ];
+            $loginSignature = hash_hmac('sha256', "verify#{$params['method']}#{$params['token']}#{$params['ipaddr']}", $secret);

-            if(isset($unpacked['version']) && $unpacked['version'] === 1
-                && isset($unpacked['user']) && $unpacked['user'] > 0) {
-                $loginRequest = [
-                    'user_id' => $unpacked['user'],
-                    'token' => 'SESS:' . $cookie,
-                    'ip' => $_SERVER['REMOTE_ADDR'],
-                ];
-                $loginSignature = hash_hmac('sha256', implode('#', $loginRequest), $secret);
-
-                $login = curl_init($endPoint);
-                curl_setopt_array($login, [
-                    CURLOPT_AUTOREFERER => false,
-                    CURLOPT_FAILONERROR => false,
-                    CURLOPT_FOLLOWLOCATION => true,
-                    CURLOPT_HEADER => false,
-                    CURLOPT_POST => true,
-                    CURLOPT_POSTFIELDS => json_encode($loginRequest),
-                    CURLOPT_RETURNTRANSFER => true,
-                    CURLOPT_TCP_FASTOPEN => true,
-                    CURLOPT_CONNECTTIMEOUT => 2,
-                    CURLOPT_MAXREDIRS => 2,
-                    CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
-                    CURLOPT_TIMEOUT => 5,
-                    CURLOPT_USERAGENT => 'mc.flashii.net',
-                    CURLOPT_HTTPHEADER => [
-                        'Content-Type: application/json',
-                        'X-SharpChat-Signature: ' . $loginSignature,
-                    ],
-                ]);
-                $userInfo = json_decode(curl_exec($login));
-                curl_close($login);
-            }
+            $login = curl_init($endPoint);
+            curl_setopt_array($login, [
+                CURLOPT_AUTOREFERER => false,
+                CURLOPT_FAILONERROR => false,
+                CURLOPT_FOLLOWLOCATION => true,
+                CURLOPT_HEADER => false,
+                CURLOPT_POST => true,
+                CURLOPT_POSTFIELDS => $params,
+                CURLOPT_RETURNTRANSFER => true,
+                CURLOPT_TCP_FASTOPEN => true,
+                CURLOPT_CONNECTTIMEOUT => 2,
+                CURLOPT_MAXREDIRS => 2,
+                CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
+                CURLOPT_TIMEOUT => 5,
+                CURLOPT_USERAGENT => 'mc.flashii.net',
+                CURLOPT_HTTPHEADER => [
+                    'X-SharpChat-Signature: ' . $loginSignature,
+                ],
+            ]);
+            $userInfo = json_decode(curl_exec($login));
+            curl_close($login);
        }

        if(empty($userInfo->success)) {