|
@@ -199,9 +199,16 @@ XML;
|
|
|
$body = $request->getContent();
|
|
$body = $request->getContent();
|
|
|
$bodyDecoded = json_decode($body, true, 8);
|
|
$bodyDecoded = json_decode($body, true, 8);
|
|
|
$signature = $request->header('signature');
|
|
$signature = $request->header('signature');
|
|
|
|
|
+ $date = $request->header('date');
|
|
|
if(!$signature) {
|
|
if(!$signature) {
|
|
|
abort(400, 'Missing signature header');
|
|
abort(400, 'Missing signature header');
|
|
|
}
|
|
}
|
|
|
|
|
+ if(!$date) {
|
|
|
|
|
+ abort(400, 'Missing date header');
|
|
|
|
|
+ }
|
|
|
|
|
+ if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1))) {
|
|
|
|
|
+ abort(400, 'Invalid date');
|
|
|
|
|
+ }
|
|
|
$signatureData = HttpSignature::parseSignatureHeader($signature);
|
|
$signatureData = HttpSignature::parseSignatureHeader($signature);
|
|
|
$keyId = Helpers::validateUrl($signatureData['keyId']);
|
|
$keyId = Helpers::validateUrl($signatureData['keyId']);
|
|
|
$id = Helpers::validateUrl($bodyDecoded['id']);
|
|
$id = Helpers::validateUrl($bodyDecoded['id']);
|
Daniel Supernault