Iidestiny\Flysystem\Oss\Plugins\Verify

Complexity

Total Complexity

9

Size/Duplication

Total Lines	67
Duplicated Lines	0 %

Test Coverage

Coverage

0%

Importance

Changes	1
Bugs	0	Features	0

2 Methods

Rating	Name	Duplication	Size	Complexity
B	handle()	0	54	8
A	getMethod()	0	3	1

<?php

namespace Iidestiny\Flysystem\Oss\Plugins;


use League\Flysystem\Plugin\AbstractPlugin;
use Exception;

class Verify extends AbstractPlugin
{
    public function getMethod()
    {
        return 'verify';
    }

    /**
     * 验签
     *
     * @return false|string
     * @throws Exception
     */
    public function handle()
    {
        // oss 前面header、公钥 header
        $authorizationBase64 = "";
        $pubKeyUrlBase64     = "";

        if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
            $authorizationBase64 = $_SERVER['HTTP_AUTHORIZATION'];
        }

        if (isset($_SERVER['HTTP_X_OSS_PUB_KEY_URL'])) {
            $pubKeyUrlBase64 = $_SERVER['HTTP_X_OSS_PUB_KEY_URL'];
        }

        // 验证失败
        if ($authorizationBase64 == '' || $pubKeyUrlBase64 == '') {
            throw new Exception('403 Forbidden', 403);
        }

        // 获取OSS的签名
        $authorization = base64_decode($authorizationBase64);
        // 获取公钥
        $pubKeyUrl = base64_decode($pubKeyUrlBase64);
        // 请求验证
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $pubKeyUrl);

It seems like $ch can also be of type false; however, parameter $ch of curl_setopt() does only seem to accept resource, maybe add an additional type check?

        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        $pubKey = curl_exec($ch);

It seems like $ch can also be of type false; however, parameter $ch of curl_exec() does only seem to accept resource, maybe add an additional type check?

        if ($pubKey == "") {
            throw new Exception('403 Forbidden', 403);
        }

        // 获取回调 body
        $body = file_get_contents('php://input');
        // 拼接待签名字符串
        $path = $_SERVER['REQUEST_URI'];
        $pos  = strpos($path, '?');
        if ($pos === false) {
            $authStr = urldecode($path) . "\n" . $body;
        } else {
            $authStr = urldecode(substr($path, 0, $pos)) . substr($path, $pos, strlen($path) - $pos) . "\n" . $body;
        }
        // 验证签名
        $ok = openssl_verify($authStr, $authorization, $pubKey, OPENSSL_ALGO_MD5);

        if ($ok !== 1) {
            throw new Exception('403 Forbidden', 403);
        }
        header("Content-Type: application/json");
        $data = ["Status" => "Ok"];

        return json_encode($data);
    }
}