我有下面的课程,但是我想改善该课程的基础架构,这样我就不必根据API文档使用登录详细信息进行身份验证,但是我对如何以这种方式进行攻击感到困惑感觉这可以在两个或三个函数中完成。
API文档-提取令牌:
$curl = curl_init();
$curl_post_data = array(
'grant_type' => 'authorization_code',
'client_id' => [client_id],
'client_secret' => [client_secret],
'redirect_uri' => [redirect_uri],
'code' => [code],
);
curl_setopt($curl, CURLOPT_URL, "https://hotels.cloudbeds.com/api/v1.1/access_token");
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
curl_exec($curl);
curl_close($curl);
API文档-刷新令牌:
$curl = curl_init();
$curl_post_data = array(
'grant_type' => 'refresh_token',
'client_id' => [client_id],
'client_secret' => [client_secret],
'redirect_uri' => [redirect_uri],
'refresh_token' => [refresh_token],
);
curl_setopt($curl, CURLOPT_URL, "http://hotels.cloudbeds.com/api/v1.1/access_token");
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
curl_exec($curl);
curl_close($curl);
API类:
class Hotels_CloudBeds {
protected $_ch = null;
protected $_chHeaders = array();
protected $_displayHeaders = true;
protected $_followLocation = true;
protected $_code = true;
public $access_token = '';
/**
* @var array fields: email, password, client_id, client_secret, redirect_uri
*/
protected $_credentials = null;
/**
* @var string full path with file name
*/
protected $_cookiePath = null;
public function __construct($credentials, $cookiePath = null) {
$this->_credentials = $credentials;
if ($cookiePath !== null) {
$this->_cookiePath = $cookiePath;
} else {
$this->_cookiePath = dirname(__FILE__) . 'cookie.txt';
}
$this->_ch = curl_init();
$this->init();
}
public function __destruct() {
curl_close($this->_ch);
}
public function curl($url, $postData = array()) {
$isPOST = !empty($postData);
curl_setopt($this->_ch, CURLOPT_URL, $url);
curl_setopt($this->_ch, CURLOPT_HEADER, $this->_displayHeaders);
curl_setopt($this->_ch, CURLOPT_FOLLOWLOCATION, $this->_followLocation);
curl_setopt($this->_ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($this->_ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($this->_ch, CURLOPT_COOKIEJAR, $this->_cookiePath);
curl_setopt($this->_ch, CURLOPT_COOKIEFILE, $this->_cookiePath);
if (!empty($this->_chHeaders)) {
curl_setopt($this->_ch, CURLOPT_HTTPHEADER, $this->_chHeaders);
}
curl_setopt($this->_ch, CURLOPT_POST, $isPOST);
if ($isPOST) {
curl_setopt($this->_ch, CURLOPT_POSTFIELDS, http_build_query($postData));
}
$response = curl_exec($this->_ch);
return $response;
}
public function setCurlHeader($header) {
$this->_chHeaders[] = $header;
return $this;
}
public function setCurlAccessToken($token) {
$this->access_token = $token;
$this->_chHeaders['access_token'] = sprintf('Authorization: Bearer %s', $token);
return $this;
}
public function removeCurlHeaders() {
$this->_chHeaders = array();
return $this;
}
public function displayHeaders($flag) {
$this->_displayHeaders = $flag;
return $this;
}
public function followLocation($flag) {
$this->_followLocation = $flag;
return $this;
}
private function init() {
//get code
$url = 'https://hotels.cloudbeds.com/api/v1.1/oauth?client_id=%s&redirect_uri=%s&response_type=code';
$response = $this->curl(sprintf($url, $this->_credentials['client_id'], $this->_credentials['redirect_uri']));
//check on exists cookie
if (strpos($response, 'https://hotels.cloudbeds.com/api/v1.1/signin') !== false) {
$POST = array(
'email' => $this->_credentials['email'],
'password' => $this->_credentials['password'],
);
$url = 'https://hotels.cloudbeds.com/api/v1.1/signin';
$response = $this->curl($url, $POST);
}
$this->followLocation(false);
$POST = array(
'authorization' => 'approve',
);
$url = 'https://hotels.cloudbeds.com/api/v1.1/authorize';
$response = $this->curl($url, $POST);
$this->followLocation(true);
$this->displayHeaders(false);
if (preg_match('/\?code=([^\s&]+)/i', $response, $code)) {
$this->_code = $code[1];
$url = 'https://hotels.cloudbeds.com/api/v1.1/access_token';
$POST = array(
'grant_type' => 'authorization_code',
'client_id' => $this->_credentials['client_id'],
'client_secret' => $this->_credentials['client_secret'],
'redirect_uri' => $this->_credentials['redirect_uri'],
'code' => $this->_code,
);
$response = $this->curl($url, $POST);
$json = json_decode($response);
$this->setCurlAccessToken($json->access_token);
} else {
exit('No code!');
}
}
public function getCode() {
return $this->_code;
}
}