新增接口签名验证

app/middleapi/config/route.php

@@ -0,0 +1,20 @@
+<?php
+// +----------------------------------------------------------------------
+// | likeadmin快速开发前后端分离管理后台（PHP版）
+// +----------------------------------------------------------------------
+// | 欢迎阅读学习系统程序代码，建议反馈是我们前进的动力
+// | 开源版本可自由商用，可去除界面版权logo
+// | gitee下载：https://gitee.com/likeshop_gitee/likeadmin
+// | github下载：https://github.com/likeshop-github/likeadmin
+// | 访问官网：https://www.likeadmin.cn
+// | likeadmin团队 版权所有 拥有最终解释权
+// +----------------------------------------------------------------------
+// | author: likeadminTeam
+// +----------------------------------------------------------------------
+
+return [
+    'middleware' => [
+        // 权限认证
+        app\middleapi\http\middleware\AuthMiddleware::class,
+    ],
+];

app/middleapi/controller/CompanyController.php

@@ -2,23 +2,118 @@
 	
 	namespace app\middleapi\controller;
 	
+	use app\adminapi\logic\auth\AdminLogic;
 	use app\common\controller\BaseLikeAdminController;
+	use app\common\logic\CompanyLogic;
+	use app\common\model\auth\Admin;
+	use app\common\model\Company;
+	use app\common\model\task_scheduling\TaskScheduling;
+	use app\common\model\user\User;
+	use think\facade\Db;
+	use think\response\Json;
 	
 	class CompanyController extends BaseLikeAdminController
 	{
 		//公司列表
-		public function lists() {
+		public function lists(): Json
+		{
+			if(!$this->request->isPost()){
+				return $this->fail('请求方式错误');
+			}
+			$params=$this->request->post(['page_no','page_size','company_name','area_name','street_name','area_manager','company_type','is_contract']);
+			$where = [];
+			if(!empty($params['company_name'])){
+				$where[] = ['company','like','%'.$params['company_name'].'%'];
+			}
+			if(!empty($params['area_name'])){
+				$arr= Db::name('geo_area')->where('area_name','like','%'.$params['area_name'].'%')->column('area_code');
+				if($arr){
+					$where[]=['area','in',$arr];
+				}
+			}
+			if(!empty($params['street_name'])){
+				$arr= Db::name('geo_street')->where('street_name','like','%'.$params['street_name'].'%')->column('street_code');
+				if($arr){
+					$where[]=['street','in',$arr];
+				}
+			}
+			if(!empty($params['area_manager'])){
+				$arr= Admin::where('name','like','%'.$params['area_manager'].'%')->column('id');
+				if($arr){
+					$where[]=['area_manager','in',$arr];
+				}
+			}
+			if(!empty($params['company_type'])){
+				$where[] = ['company_type','=',$params['company_type']];
+			}
+			if(!empty($params['is_contract'])){
+				$where[] = ['is_contract','=',$params['is_contract']];
+			}
+			$pageNo = !empty($params['page_no']) ? $params['page_no'] : 1;
+			$pageSize = !empty($params['page_size']) ? $params['page_size'] : 20;
+			$data = Company::where($where)
+				->field(['is_authentication','id', 'id contract', 'company_name', 'organization_code', 'city', 'area', 'street', 'company_type', 'master_name', 'master_position', 'master_phone', 'master_email', 'area_manager', 'is_contract', 'deposit', 'company_money', 'shareholder_money', 'deposit_time', 'status', 'face_create_status'])
+				->page($pageNo, $pageSize)
+				->order(['id' => 'desc'])
+				->append(['notes'], true)
+				->withAttr('company_type',function($value,$data){
+					return Db::name('dict_data')->where('id',$value)->value('name');
+				})
+				->withAttr('area',function($value,$data){
+					return Db::name('geo_area')->where('area_code',$value)->value('area_name');
+				})
+				->withAttr('street',function($value,$data){
+					return Db::name('geo_street')->where('street_code',$value)->value('street_name');
+				})
+				->withAttr('area_manager',function($value,$data){
+					return Db::name('admin')->where('id',$value)->value('name');
+				})
+				->withAttr('notes',function($value,$data){
+					if ($data['is_authentication'] == 1) {
+						return Db::name('company_authentication_fail_log')->where('company_id',$data['id'])->where('log_type', 2)->order(['id'=>'desc'])->limit(1)->value('fail_reason');
+					} else {
+						return Db::name('company_authentication_fail_log')->where('company_id',$data['id'])->where('log_type', 1)->order(['id'=>'desc'])->limit(1)->value('fail_reason');
+					}
 					
+				})->select()->toArray();
+			$count = Company::where($where)->count();
+			$result = [
+				'lists' => $data,
+				'count' => $count
+			];
+			return $this->success('请求成功',$result);
 		}
 		
 		//公司详情
-		public function detail() {
+		public function detail(): Json
-		
+		{
+			if(!$this->request->isPost()){
+				return $this->fail('请求方式错误');
+			}
+			$params=$this->request->post(['id']);
+			if(empty($params['id'])){
+				return $this->fail('缺少必要参数');
+			}
+			$result = CompanyLogic::detail($params);
+			return $this->data($result);
 		}
 		
 		//公司删除
-		public function delete() {
+		public function delete(): Json
-		
+		{
+			if(!$this->request->isPost()){
+				return $this->fail('请求方式错误');
+			}
+			$params=$this->request->post(['id']);
+			if(empty($params['id'])){
+				return $this->fail('缺少必要参数');
+			}
+			$admin_id = Company::where('id', $params['id'])->value('admin_id');
+			User::where('company_id', $params['id'])->update(['delete_time' => time()]);
+			TaskScheduling::where('company_id', $params['id'])->update(['delete_time' => time()]);
+			AdminLogic::delete(['id' => $admin_id]);
+			CompanyLogic::delete($params);
+			return $this->success('删除成功', [], 1, 1);
 		}
 		
 		//公司认证

app/middleapi/http/middleware/AuthMiddleware.php

@@ -0,0 +1,27 @@
+<?php
+	
+	namespace app\middleapi\http\middleware;
+	
+	use app\middleapi\service\ApiSignService;
+	use app\common\service\JsonService;
+	
+	class AuthMiddleware
+	{
+		public function handle($request, \Closure $next)
+		{
+			//获取header参数
+			$appid = $request->header('appid');
+			$timestamp = $request->header('timestamp');
+			$sign = $request->header('sign');
+			//验证参数
+			if(empty($appid) || empty($timestamp) || empty($sign)){
+				return JsonService::fail('缺少请求头参数', [], 0);
+			}
+			//验证签名
+			$checkSign = ApiSignService::verifySign(['appid'=>$appid,'timestamp'=>$timestamp,'sign'=>$sign],env('app.app_secret'));
+			if($checkSign['code'] == 0){
+				return JsonService::fail($checkSign['msg'],[],0);
+			}
+			return $next($request);
+		}
+	}

app/middleapi/service/ApiSignService.php

@@ -0,0 +1,39 @@
+<?php
+namespace app\middleapi\service;
+
+class ApiSignService
+{
+    //创建sign
+    public static function makeSign($data,$appSecret): string
+    {
+	    ksort($data);
+	    $string = "";
+	    foreach ($data as $k => $v) {
+		    if ($k == "sign" || is_array($v)) {
+			    continue;
+		    }
+		    $string .= $k . "=" . $v . "&";
+	    }
+	    $string = trim($string, "&");
+	    $string = $string . "&key=" . $appSecret;
+	    $string = md5(md5($string));
+	    return strtolower($string);
+    }
+
+    //检验sign是否正确
+    public static function verifySign($data,$appSecret): array
+    {
+        // 验证请求， 2分钟失效
+        if (time() - $data['timestamp'] > 120) {
+            return ['code' => 0, 'msg' => '签名已失效'];
+        }
+        //比对签名
+        $clientSign = $data['sign'];
+        $serverSign = self::makeSign($data,$appSecret);
+        if ($clientSign == $serverSign) {
+            return ['code' => 1, 'msg' => '验证通过'];
+        } else {
+            return ['code' => 0, 'msg' => '签名校验失败'];
+        }
+    }
+}