diff --git a/bot/Bot.php b/bot/Bot.php index b42b944..e7f2ad4 100644 --- a/bot/Bot.php +++ b/bot/Bot.php @@ -15,16 +15,18 @@ class Bot return $masters[array_rand($masters)]; } - public function __construct(array $config = []) + public function __construct(Request $request, array $config = []) { + $this->request = $request; $this->config = $config; } - // TODO - public function isValid(Request $request): bool + public function isRequestValid(): bool { - $this->request = $request; - return $this->config['token'] === $request->getToken(); + return hash_equals( + hash_hmac('sha256', $this->request->nc_random . $this->request->body, $this->config['secret']), + strtolower($this->request->nc_signature) + ); } /** diff --git a/bot/Commands/Help.php b/bot/Commands/Help.php index 605472c..f541912 100644 --- a/bot/Commands/Help.php +++ b/bot/Commands/Help.php @@ -9,18 +9,21 @@ class Help implements Icommands public static function getMessage(Bot $bot, array $data): void { - $message = 'Voici la liste de mes commandes : '."\n"; + $bot->replyPolitely('Voici la liste de mes commandes'); + + $message = '|Nom|Description|Pattern|'."\n"; + $message .= '|---|---|---|'."\n"; foreach ($bot->listCommands() as $command) { $message .= sprintf( - '%s : %s (%s)%s', - $command, + '|%s|%s|`%s`|%s', + end(explode('\\', $command)), call_user_func([$command, 'getDescription']), - call_user_func([$command, 'getPattern']), + str_replace('|', '\|', call_user_func([$command, 'getPattern'])), "\n" ); } - $bot->replyPolitely($message); + $bot->reply($message); } public static function getDescription(): string diff --git a/bot/Request.php b/bot/Request.php index 8838baf..a97339a 100644 --- a/bot/Request.php +++ b/bot/Request.php @@ -2,7 +2,54 @@ namespace Shikiryu\Bot; +use JsonException; + class Request { + public string $nc_signature; + public string $nc_random; + public string $nc_server; + public string $delivery; + public string $event; + public string $signature; + public string $body; + public function __construct() + { + $this->nc_signature = $_SERVER['HTTP_X_NEXTCLOUD_TALK_SIGNATURE'] ?? ''; + $this->nc_random = $_SERVER['HTTP_X_NEXTCLOUD_TALK_RANDOM'] ?? ''; + $this->nc_server = $_SERVER['HTTP_X_NEXTCLOUD_TALK_BACKEND'] ?? ''; + + $this->delivery = $_SERVER['HTTP_X_H1_DELIVERY'] ?? ''; + $this->event = $_SERVER['HTTP_X_H1_EVENT'] ?? ''; + $this->signature = $_SERVER['HTTP_X_H1_SIGNATURE'] ?? ''; + $this->body = file_get_contents('php://input'); + } + + public function getJSONBody(): array + { + try { + return json_decode($this->body, true, 512, JSON_THROW_ON_ERROR); + } catch (JsonException $e) { + return []; + } + } + + public function isMessage(): bool + { + $data = $this->getJSONBody(); + return $data['type'] === 'Create' && + $data['object']['name'] === 'message' && + !empty($data['object']['content']); + } + + public function getMessage(): string + { + try { + $data = $this->getJSONBody(); + return json_decode($data['object']['content'], true, 512, JSON_THROW_ON_ERROR)['message']; + } catch (JsonException $e) { + return ''; + } + } } \ No newline at end of file diff --git a/nextcloud.php b/nextcloud.php index d026ccf..3b65d38 100644 --- a/nextcloud.php +++ b/nextcloud.php @@ -1,24 +1,22 @@ isRequestValid()) { + $bot->reply('I received an invalid request'); + exit; +} // Give the bot something to listen for. foreach ($bot->listCommands() as $command) { @@ -29,22 +27,11 @@ $bot->hears('(hello|hi|bonjour|salut)', function (Bot $bot) { $bot->replyPolitely('Bonjour'); }); -$body = file_get_contents('php://input'); -try { - $data = json_decode($body, true, 512, JSON_THROW_ON_ERROR); -} catch (JsonException $e) { - $data = []; -} - // Only on message, not on event or whatever -if ($data['type'] !== 'Create' || $data['object']['name'] !== 'message') { +if (!$request->isMessage()) { return ; } -try { - $message = json_decode($data['object']['content'], true, 512, JSON_THROW_ON_ERROR)['message']; -} catch (JsonException $e) { - return; -} +$message = $request->getMessage(); $bot->listen($message);