MrUnknownDE/panel
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/panel.git synced 2026-04-14 04:13:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

encrypt API keys

Browse Source
This commit is contained in:
Dane Everitt
2016-01-16 20:11:31 -05:00
parent 3e595ca856
commit 317698a84a
3 changed files with 45 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/Http/Middleware/APISecretToken.php
View File

@@ -2,6 +2,8 @@
namespace Pterodactyl\Http\Middleware;
use Crypt;
use Pterodactyl\Models\APIKey;
use Pterodactyl\Models\APIPermission;
@@ -12,6 +14,7 @@ use Dingo\Api\Auth\Provider\Authorization;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; // 400
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; // 401
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; // 403
use Symfony\Component\HttpKernel\Exception\HttpException; //500
class APISecretToken extends Authorization
{
@@ -63,7 +66,13 @@ class APISecretToken extends Authorization
}
}
if($this->_generateHMAC($request->fullUrl(), $request->getContent(), $key->secret) !== base64_decode($hashed)) {
try {
$decrypted = Crypt::decrypt($key->secret);
} catch (\Illuminate\Contracts\Encryption\DecryptException $ex) {
throw new HttpException('There was an error while attempting to check your secret key.');
}
if($this->_generateHMAC($request->fullUrl(), $request->getContent(), $decrypted) !== base64_decode($hashed)) {
throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.');
}