Active purchasing (non-static)
authorChristian Weiske <cweiske@cweiske.de>
Sat, 25 Jan 2020 17:43:58 +0000 (18:43 +0100)
committerChristian Weiske <cweiske@cweiske.de>
Sat, 25 Jan 2020 17:43:58 +0000 (18:43 +0100)
www/.htaccess
www/api/v1/games/purchase.php [new file with mode: 0644]

index 1ba4fcc..1587472 100644 (file)
@@ -20,6 +20,10 @@ RewriteRule ^api/v1/discover/?$ /api/v1/discover-data/discover.json [END]
 RewriteRule ^api/v1/discover/(.+)$ /api/v1/discover-data/$1.json [END]
 
 #purchased games/products
+# active buy requests
+RewriteCond %{REQUEST_METHOD} POST
+RewriteRule ^api/v1/games/(.+)/purchases?$ /api/v1/games/purchase.php [END]
+
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^api/v1/games/(.+)/purchases?$ /api/v1/games/purchases-empty.json [END]
 
diff --git a/www/api/v1/games/purchase.php b/www/api/v1/games/purchase.php
new file mode 100644 (file)
index 0000000..38e58d2
--- /dev/null
@@ -0,0 +1,54 @@
+<?php
+if (!isset($_POST['blob'])) {
+    echo "blob key missing in POST data\n";
+    exit(1);
+}
+$innerJson = base64_decode($_POST['blob']);
+
+$inner = json_decode($innerJson);
+if ($inner === null) {
+    echo "Error decoding inner JSON data\n";
+    exit(1);
+}
+$buyRequest = json_decode(base64_decode($inner->blob));
+if ($buyRequest === null) {
+    echo "Error decoding encrypted inner JSON data\n";
+    exit(1);
+}
+if (!isset($buyRequest->uuid)) {
+    echo "uuid key missing in JSON data\n";
+    exit(1);
+}
+if (!isset($buyRequest->identifier)) {
+    echo "identifier key missing in JSON data\n";
+    exit(1);
+}
+
+ini_set('html_errors', false);
+
+$productFiles = glob(
+    __DIR__ . '/../developers/*/products/'
+    . $buyRequest->identifier . '.json'
+);
+if (!count($productFiles)) {
+    echo "Cannot find product file for product identifier\n";
+    exit(1);
+}
+$product = json_decode(file_get_contents($productFiles[0]))->products[0];
+if ($product === null) {
+    echo "could not find product in purchases file\n";
+    exit(1);
+}
+
+$payload = $product;
+$payload->uuid = $buyRequest->uuid;
+
+$enc = [
+    'key'  => base64_encode('0123456789abcdef'),
+    'iv'   => 't3jir1LHpICunvhlM76edQ==',//random bytes
+    'blob' => base64_encode(
+        json_encode($payload, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)
+    ),
+];
+echo json_encode($enc, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . "\n";
+?>