2

I am developing api with Lumen 6.2.0 which gets GET request with certain parameters and token. When it gets parameters it process it in a certain way and then encode with a secret key which is in my .env file and then compares result with the token which was provided with the request, if comparison result is true then user is authenticated else he is not. So the problem is sometimes env() function returns null. It doesn't happen pretty often, just like 1 request out of 15, but it's still a serious problem for me. I googled a lot but found just few approaches. Firstly I found out that env() function should be only invoked in config file and since Lumen doesn't have a config directory and config files I have created it, but the issue remains the same. The second advice was for Laravel specifically - php artisan config:clear and php artisan config:cache but Lumen doesn't have such commands, although I ran the php artisan cache:clear command to no avail. So here is my code:

.env file

APP_NAME=Example
APP_ENV=local
APP_KEY=ApPkEyHeRe
APP_DEBUG=true
APP_URL=https://example.com
APP_TIMEZONE=UTC

LOG_CHANNEL=stack
LOG_SLACK_WEBHOOK_URL=

DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=dbname
DB_USERNAME=dbuser
DB_PASSWORD=dbpass

CACHE_DRIVER=file
QUEUE_CONNECTION=sync

VK_APP_SECRET=SoMeFaNcYkEy

config/config.php

<?php

return [
    'vk_app_secret' => env('VK_APP_SECRET'),
    'events_per_page' => 16
];

And UsersController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;

class UsersController extends Controller
{
    public function check(Request $request) {
        $query_params = $request->all();
        
        $sign_params = [];
        foreach ($query_params as $name => $value) {
          if (strpos($name, 'vk_') !== 0) {
            continue;
          }
          $sign_params[$name] = $value;
        }
        
        ksort($sign_params);
        $sign_params_query = http_build_query($sign_params);
        $secret = config('config.vk_app_secret');
        $hash_hmac = hash_hmac('sha256', $sign_params_query, $secret, true);
        $base_encode = base64_encode($hash_hmac);
        $trim_chars = strtr($base_encode, '+/', '-_');
        $sign = rtrim($trim_chars, '=');
        $status = $sign === $query_params['sign'];
        
        return json_encode($status);
    }
}

I also logged every line of this algorithm, and noticed an interesting thing, the failing case contains [date] production.INFO: prefix before log's rows, and every successful case [date] local.INFO: So maybe it's affecting env() function somehow? I also don't get it why it sometimes logged as production when I have APP_ENV=local

enter image description here

ivnku
  • 83
  • 8

0 Answers0