enygma/gist:2697434

## gistfile1.aw
<?php
class Controller_User extends Controller_Rest
{
    protected function validateHash()
    {
        $request = file_get_contents('php://input');
        $requestHeaders = apache_request_headers();

        if (!isset($requestHeaders['X-Auth']) || !isset($requestHeaders['X-Auth-Hash'])) {
            $this->response('fail!',401);
        } else {
            // we have the headers - let's match!
            $user = Model_User::find()->where('public_key',$requestHeaders['X-Auth'])->get_one();

            if ($user !== null) {
                $hash = hash_hmac('sha256',$request,$user->private_key);
                return ($hash == $requestHeaders['X-Auth-Hash']) ? true : false;
            } else {
                return false;
            }
        }
    }

    public function post_index()
    {
        // return the user details here....
    }

    public function router($resource, array $arguments)
    {
        if ($this->validateHash() == false) {
            $resource = 'error';
            $arguments = array('Not Authorized',401);
        }

        parent::router($resource,$arguments);
    }
}

// and the client.....

$privateKey = 'caa68fb2160b428bd1e7d78fcf0ce2d5';
$publicKey  = '01fa456c4e2a2bc13e5c0c4977297fbb';

$data = '{"username":"happyFunBall"}';
$hash = hash_hmac('sha256',$data,$privateKey);

$headers = array(
    'X-Auth: '.$publicKey,
    'X-Auth-Hash: '.$hash
);

$ch = curl_init('http://mysite.localhost:8080/user');

curl_setopt($ch,CURLOPT_HEADER,true);
curl_setopt($ch,CURLOPT_HTTPHEADER,$headers);
curl_setopt($ch,CURLOPT_POSTFIELDS,$data);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);

$result = curl_exec($ch);
curl_close($ch);

print_r($result);
echo "\n\n";

?>
	<?php
	class Controller_User extends Controller_Rest
	{
	protected function validateHash()
	{
	$request = file_get_contents('php://input');
	$requestHeaders = apache_request_headers();

	if (!isset($requestHeaders['X-Auth']) \|\| !isset($requestHeaders['X-Auth-Hash'])) {
	$this->response('fail!',401);
	} else {
	// we have the headers - let's match!
	$user = Model_User::find()->where('public_key',$requestHeaders['X-Auth'])->get_one();

	if ($user !== null) {
	$hash = hash_hmac('sha256',$request,$user->private_key);
	return ($hash == $requestHeaders['X-Auth-Hash']) ? true : false;
	} else {
	return false;
	}
	}
	}

	public function post_index()
	{
	// return the user details here....
	}

	public function router($resource, array $arguments)
	{
	if ($this->validateHash() == false) {
	$resource = 'error';
	$arguments = array('Not Authorized',401);
	}

	parent::router($resource,$arguments);
	}
	}

	// and the client.....

	$privateKey = 'caa68fb2160b428bd1e7d78fcf0ce2d5';
	$publicKey = '01fa456c4e2a2bc13e5c0c4977297fbb';

	$data = '{"username":"happyFunBall"}';
	$hash = hash_hmac('sha256',$data,$privateKey);

	$headers = array(
	'X-Auth: '.$publicKey,
	'X-Auth-Hash: '.$hash
	);

	$ch = curl_init('http://mysite.localhost:8080/user');

	curl_setopt($ch,CURLOPT_HEADER,true);
	curl_setopt($ch,CURLOPT_HTTPHEADER,$headers);
	curl_setopt($ch,CURLOPT_POSTFIELDS,$data);
	curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);

	$result = curl_exec($ch);
	curl_close($ch);

	print_r($result);
	echo "\n\n";

	?>