From ae9e2dbb1e74e1937f1fa18190d13532d9ae5622 Mon Sep 17 00:00:00 2001 From: "Barry vd. Heuvel" Date: Sun, 26 Jan 2025 17:09:34 +0100 Subject: [PATCH] Add static var to set DataHasher --- src/DebugBar/DataHasher.php | 40 ++++++++++++++++++++++++++++++++++++ src/DebugBar/DebugBar.php | 38 ++++++++++++++++++++++++++-------- src/DebugBar/OpenHandler.php | 11 ++++++++-- 3 files changed, 78 insertions(+), 11 deletions(-) create mode 100644 src/DebugBar/DataHasher.php diff --git a/src/DebugBar/DataHasher.php b/src/DebugBar/DataHasher.php new file mode 100644 index 0000000..e873640 --- /dev/null +++ b/src/DebugBar/DataHasher.php @@ -0,0 +1,40 @@ +key); + } + + public function verify($data, string $signature) + { + if (is_array($data) && isset($data['signature'])) { + unset ($data['signature']); + } + + return hash_equals($this->sign($data), $signature); + } +} \ No newline at end of file diff --git a/src/DebugBar/DebugBar.php b/src/DebugBar/DebugBar.php index 2c31c0b..42ba2e7 100644 --- a/src/DebugBar/DebugBar.php +++ b/src/DebugBar/DebugBar.php @@ -30,6 +30,8 @@ class DebugBar implements ArrayAccess { public static $useOpenHandlerWhenSendingDataHeaders = false; + public static DataHasher|null $dataHasher; + protected $collectors = array(); protected $data; @@ -470,20 +472,38 @@ class DebugBar implements ArrayAccess return $this->jsRenderer; } - public function setHashKey($key) + + /** + * Returns the default data formater + * + * @return DataHasher + */ + public static function setDataHasher(DataHasher $dataHasher) { - $this->hashKey = $key; + static::$dataHasher = $dataHasher; } - public function getHashSignature($data) + /** + * Check if the data hasher is set + * + * @return bool + */ + public static function hasDataHasher() : bool { - if ($this->hashKey === null) { - throw new DebugBarException('HashKey must be set before running actions'); + return static::$dataHasher !== null; + } + + /** + * Returns the data hasher + * + * @return DataHasher + */ + public static function getDataHasher() : DataHasher + { + if (static::$dataHasher === null) { + throw new DebugBarException('DataHasher is not set'); } - - $data = json_encode($data); - - return hash_hmac('sha256', $data, $this->hashKey); + return static::$dataHasher; } // -------------------------------------------- diff --git a/src/DebugBar/OpenHandler.php b/src/DebugBar/OpenHandler.php index c24513e..5b48d5a 100644 --- a/src/DebugBar/OpenHandler.php +++ b/src/DebugBar/OpenHandler.php @@ -11,6 +11,9 @@ namespace DebugBar; use DebugBar\DataCollector\Actionable; +use DebugBar\DataCollector\DataCollector; +use DebugBar\DataFormatter\DataFormatter; +use DebugBar\DataFormatter\DataFormatterInterface; /** * Handler to list and open saved dataset @@ -129,10 +132,14 @@ class OpenHandler throw new DebugBarException("Missing 'collector' and/or 'action' parameter in 'execute' operation"); } + if (!DebugBar::hasDataHasher()) { + throw new DebugBarException("Not DataHasher is set in DebugBar, which is required for 'execute' operations"); + } + // Get the signature and remove if before checking the payload. $signature = $request['signature']; - unset ($request['signature']); - if (!hash_equals($this->debugBar->getHashSignature($request), $signature)) { + + if (!DebugBar::getDataHasher()->verify($request, $signature)) { throw new DebugBarException("Signature does not match in 'execute' operation"); }