67 lines
No EOL
1.6 KiB
PHP
67 lines
No EOL
1.6 KiB
PHP
<?php
|
|
|
|
$secret_key = 'CHANGE-THIS';
|
|
$present_file = 'present.json';
|
|
|
|
// check for POST request
|
|
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
|
|
error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
|
|
http_response_code(405);
|
|
exit();
|
|
}
|
|
|
|
// get content type
|
|
$content_type = isset($_SERVER['CONTENT_TYPE']) ? strtolower(trim($_SERVER['CONTENT_TYPE'])) : '';
|
|
|
|
if ($content_type != 'application/json') {
|
|
error_log('FAILED - not application/json - '. $content_type);
|
|
http_response_code(400);
|
|
exit();
|
|
}
|
|
|
|
// get payload
|
|
$payload = trim(file_get_contents("php://input"));
|
|
|
|
if (empty($payload)) {
|
|
error_log('FAILED - no payload');
|
|
http_response_code(400);
|
|
exit();
|
|
}
|
|
|
|
// get header signature
|
|
$header_signature = isset($_SERVER['HTTP_X_HMAC_HASH']) ? $_SERVER['HTTP_X_HMAC_HASH'] : '';
|
|
if (empty($header_signature)) {
|
|
error_log('FAILED - header signature missing');
|
|
http_response_code(401);
|
|
exit();
|
|
}
|
|
|
|
// calculate payload signature
|
|
$payload_signature = hash_hmac('sha256', $payload, $secret_key, false);
|
|
|
|
// check payload signature against header signature
|
|
if ($header_signature !== $payload_signature) {
|
|
error_log('FAILED - payload signature');
|
|
http_response_code(401);
|
|
exit();
|
|
}
|
|
|
|
// convert json to array
|
|
$decoded = json_decode($payload, true);
|
|
|
|
// check for json decode errors
|
|
if (json_last_error() !== JSON_ERROR_NONE) {
|
|
error_log('FAILED - json decode - '. json_last_error());
|
|
http_response_code(400);
|
|
exit();
|
|
}
|
|
|
|
// success, do something
|
|
http_response_code(200);
|
|
|
|
$present = array(
|
|
"timestamp" => time(),
|
|
"identities" => $decoded
|
|
);
|
|
|
|
file_put_contents($present_file, json_encode($present)); |