diff --git a/src/Payutc/Dispatcher/Json.php b/src/Payutc/Dispatcher/Json.php index c3101e6..3ba6a6b 100644 --- a/src/Payutc/Dispatcher/Json.php +++ b/src/Payutc/Dispatcher/Json.php @@ -34,6 +34,17 @@ class Json { + public function checkMethodAllowed($service, $method) + { + $app = \Slim\Slim::getInstance(); + if ($app->request->isPost()) { + return; + } + else if ($app->request->isGet()) { + \Payutc\Mapping\Services::checkGetAuthorized($service, $method); + } + } + public function handleService($service, $method) { $app = \Slim\Slim::getInstance(); @@ -44,7 +55,8 @@ public function handleService($service, $method) { if (!array_key_exists($service, $_SESSION['services'])) $_SESSION['services'][$service] = \Payutc\Mapping\Services::get($service); $obj = $_SESSION['services'][$service]; - $a = \Payutc\Utils::call_user_func_named(array($obj, $method), $_REQUEST); + $this->checkMethodAllowed($service, $method); + $a = \Payutc\Utils::call_user_func_named(array($obj, $method), $app->request->params()); echo json_encode($a); } diff --git a/src/Payutc/Mapping/Services.php b/src/Payutc/Mapping/Services.php index c8c1cb9..eb49723 100644 --- a/src/Payutc/Mapping/Services.php +++ b/src/Payutc/Mapping/Services.php @@ -15,7 +15,13 @@ class Services { 'MYACCOUNT', 'TRANSFER', 'WEBSALE', - 'WEBSALECONFIRM' + 'WEBSALECONFIRM', + ); + + protected static $servicesGET = array( + 'PAYLINE' => array( + 'notification', + ), ); public static function get($name) { @@ -30,6 +36,14 @@ public static function checkExist($name) { } } + public static function checkGetAuthorized($service, $method) + { + static::checkExist($service); + if (!isset(static::$servicesGET[$service]) || !in_array($method, static::$servicesGET[$service])) { + throw new \Payutc\Exception\ServiceMethodForbidden("Can't access $service::$method with GET"); + } + } + public static function getServices() { return static::$services; } diff --git a/src/Payutc/WebApp.php b/src/Payutc/WebApp.php index 391a66c..64adbe4 100644 --- a/src/Payutc/WebApp.php +++ b/src/Payutc/WebApp.php @@ -6,6 +6,7 @@ use \Payutc\Log; class WebApp { + public static function createApplication($config) { Config::initFromArray($config); @@ -13,7 +14,7 @@ public static function createApplication($config) $app = new \Slim\Slim(\Payutc\Config::get('slim_config')); // JSON route - $app->post('/:service/:method', function($service, $method) use ($app) { + $app->map('/:service/:method', function($service, $method) use ($app) { $dispatcher = new \Payutc\Dispatcher\Json(); // JSON Error handler diff --git a/tests/utils.php b/tests/utils.php index 02119a2..dce47e3 100644 --- a/tests/utils.php +++ b/tests/utils.php @@ -18,13 +18,15 @@ function filepathSeed($fixture) function httpSend($service, $meth, &$cookies='', $params=array()) { - $url = "http://localhost:" . PAYUTC_TEST_SERVER_PORT . "/$service/$meth?"; + $url = "http://localhost:" . PAYUTC_TEST_SERVER_PORT . "/$service/$meth"; + $payload = ""; foreach ($params as $k=>$v) { - $url .= $k."=".urlencode($v)."&"; + $payload .= $k."=".urlencode($v)."&"; } - $r = Request::get($url) + $payload = rtrim($payload, "&"); + $r = Request::post($url) ->addHeader('Cookie', $cookies) - ->sendsJson() + ->body($payload) ->parseWith(function($body) { return json_decode($body, true); }) ->send();