From 73574fbd1482112c622a7d88fae6c3ffcb4d9bfb Mon Sep 17 00:00:00 2001 From: Hillel Coren Date: Wed, 10 Aug 2016 20:48:24 +0300 Subject: [PATCH] Workign on the bot --- app/Http/Controllers/BotController.php | 76 +++++++++++++++++++++++++- resources/lang/en/texts.php | 2 +- 2 files changed, 76 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/BotController.php b/app/Http/Controllers/BotController.php index c53586d9ac9d..e87f2a69be14 100644 --- a/app/Http/Controllers/BotController.php +++ b/app/Http/Controllers/BotController.php @@ -11,6 +11,15 @@ class BotController extends Controller { public function handleMessage($platform) { + $headers = getallheaders(); + $token = isset($headers['Authorization']) ? $headers['Authorization'] : false; + + if (Utils::isNinjaDev()) { + // skip validation for testing + } elseif ( ! $this->validateToken($token)) { + SkypeResponse::message(trans('texts.not_authorized')); + } + $to = '29:1C-OsU7OWBEDOYJhQUsDkYHmycOwOq9QOg5FVTwRX9ts'; //$message = 'new invoice for john for 2 items due tomorrow'; $message = 'invoice acme client for 3 months support, set due date to next thursday and the discount to 10 percent'; @@ -80,7 +89,7 @@ class BotController extends Controller $url = sprintf('%s?id=%s&subscription-key=%s&q=%s', MSBOT_LUIS_URL, $appId, $subKey, $message); $data = file_get_contents($url); $data = json_decode($data); - + return $data; } @@ -112,4 +121,69 @@ class BotController extends Controller var_dump($response); } + private function validateToken($token) + { + if ( ! $token) { + return false; + } + + // https://blogs.msdn.microsoft.com/tsmatsuz/2016/07/12/developing-skype-bot/ + // 0:Invalid, 1:Valid + $token_valid = 0; + + // 1 separate token by dot (.) + $token_arr = explode('.', $token); + $headers_enc = $token_arr[0]; + $claims_enc = $token_arr[1]; + $sig_enc = $token_arr[2]; + + // 2 base 64 url decoding + $headers_arr = json_decode($this->base64_url_decode($headers_enc), TRUE); + $claims_arr = json_decode($this->base64_url_decode($claims_enc), TRUE); + $sig = $this->base64_url_decode($sig_enc); + + // 3 get key list + $keylist = file_get_contents('https://api.aps.skype.com/v1/keys'); + $keylist_arr = json_decode($keylist, TRUE); + foreach($keylist_arr['keys'] as $key => $value) { + + // 4 select one key (which matches) + if($value['kid'] == $headers_arr['kid']) { + + // 5 get public key from key info + $cert_txt = '-----BEGIN CERTIFICATE-----' . "\n" . chunk_split($value['x5c'][0], 64) . '-----END CERTIFICATE-----'; + $cert_obj = openssl_x509_read($cert_txt); + $pkey_obj = openssl_pkey_get_public($cert_obj); + $pkey_arr = openssl_pkey_get_details($pkey_obj); + $pkey_txt = $pkey_arr['key']; + + // 6 verify signature + $token_valid = openssl_verify($headers_enc . '.' . $claims_enc, $sig, $pkey_txt, OPENSSL_ALGO_SHA256); + } + } + + // 7 show result + return ($token_valid == 1); + } + + private function base64_url_decode($arg) { + $res = $arg; + $res = str_replace('-', '+', $res); + $res = str_replace('_', '/', $res); + switch (strlen($res) % 4) { + case 0: + break; + case 2: + $res .= "=="; + break; + case 3: + $res .= "="; + break; + default: + break; + } + $res = base64_decode($res); + return $res; + } + } diff --git a/resources/lang/en/texts.php b/resources/lang/en/texts.php index b90a9e5a650a..b88569670de2 100644 --- a/resources/lang/en/texts.php +++ b/resources/lang/en/texts.php @@ -2059,7 +2059,7 @@ $LANG = array( 'bot_emailed_invoice' => 'Your invoice has been emailed', 'add_to_invoice' => 'Add to invoice', 'add_to_invoice_command' => 'Add 1 :product', - + 'not_authorized' => 'Your are not authorized', ); return $LANG;