API认证打印

我尝试在PHP中验证API。我有一个python的例子，但是我没有得到正确的结果。你能解释一下我做错了什么吗?

python代码

import os
import hmac

def sha256hash(request):
hash = hmac.new(os.environ['SECRET_TOKEN'].encode('utf-8'),
request.data.encode('utf-8'), 
'sha256')
return 'sha256=' + hash.hexdigest()


def secure_compare(a, b):
return hmac.compare_digest(a, b)


print('%r' % secure_compare(request.headers['x-pfy-signature'],
sha256hash(request)))

这是我当前的php代码:

public function onCreated(Request $request) {
$secured_token = $request->header('X-Pfy-Signature');
if(!$this->checkAuth(utf8_encode($request), $secured_token)){
$secured_token = "test";
}
}

protected function checkAuth($data, $hashFromPrintify) {
$private_key = utf8_encode(config('printifywebhook.token'));
$hash = hash_hmac( "sha256" , $data , $private_key);
$hash = "sha256=".md5($hash);
if($hash == $hashFromPrintify) {
return true;
}
return false;
}

Where I made wrong ?

我找到解决办法了

public function handle($request, Closure $next)
{
$signature = $request->header('X-Pfy-Signature');
$payload = $request->getContent();
$secret = config('printifywebhook.token');
$result = $this->hash_is_valid($secret, $payload, $signature);
if(!$result) {
return response()->json(['ACCESS TOKEN NOT VALID']);
}
return $next($request);
}
protected function compute_hash($secret, $payload)
{
$hexHash = hash_hmac('sha256', utf8_encode($payload), utf8_encode($secret));
return $hexHash;
}
protected function hash_is_valid($secret, $payload, $verify)
{
$computed_hash = "sha256=".$this->compute_hash($secret, $payload);
return hash_equals($verify,$computed_hash);
}

相关内容

最新更新

热门标签：