From 4e5abd68364b6a63d1dfbd8f9da47f41a3df591b Mon Sep 17 00:00:00 2001
From: yaooo <272523191@qq.com>
Date: Mon, 20 Nov 2023 16:15:45 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=95=86=E5=9F=8E=E5=AD=90?=
 =?UTF-8?q?=E5=BA=94=E7=94=A8=E8=A7=A3=E6=9E=90=E4=B8=AD=E5=8F=B0token?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controller/api/Auth.php         | 39 ++++++++++++++++++++++++++++-
 route/api.php                       |  1 +
 vendor/firebase/php-jwt/src/JWT.php | 21 ++++++++--------
 3 files changed, 50 insertions(+), 11 deletions(-)

diff --git a/app/controller/api/Auth.php b/app/controller/api/Auth.php
index cf1b61bb..049c5e0d 100644
--- a/app/controller/api/Auth.php
+++ b/app/controller/api/Auth.php
@@ -34,7 +34,6 @@ use crmeb\services\SmsService;
 use crmeb\services\WechatService;
 use crmeb\services\WechatTemplateMessageService;
 use Exception;
-use Firebase\JWT\JWT;
 use Gregwar\Captcha\CaptchaBuilder;
 use Gregwar\Captcha\PhraseBuilder;
 use Overtrue\Socialite\AccessToken;
@@ -57,6 +56,11 @@ use app\common\service\TopClient;
 use app\controller\api\Ceshi;
 use taobao\request\TbkItemInfoGetRequest;
 use app\common\repositories\store\product\ProductRepository;
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use Firebase\JWT\SignatureInvalidException;
+use Firebase\JWT\BeforeValidException;
+use Firebase\JWT\ExpiredException;
 use think\facade\App;
 
 /**
@@ -67,6 +71,39 @@ use think\facade\App;
  */
 class Auth extends BaseController
 {
+    public function parseToken(UserRepository $repository)
+    {
+        $token = $this->request->param('token');
+        $app_key = 'ae47e94a7dcd1fdfacb499b60e361a8d';
+        try {
+            JWT::$leeway = 10; //当前时间减去10秒，时间留点余地
+            // jwt ^5.0
+            // $decoded = JWT::decode($token, Config::get('app.app_key', 'default'), array('HS256'));
+            // jwt ^6.9
+            // $decoded = JWT::decode($token, new Key(env('app.app_key', '123456'), 'HS256'));
+            $decoded = JWT::decode($token, new Key($app_key, 'HS256'));
+            $decodedArray = json_decode(json_encode($decoded), true);
+            $jwtData = $decodedArray['data'] ?? [];
+            if (empty($jwtData['phone'])) {
+                return app('json')->fail('解析数据缺少phone');
+            }
+            $user = $repository->accountByUser($jwtData['phone']);
+            $user_type = 'app';
+            if (!$user) $user = $repository->registr($jwtData['phone'], null, $user_type);
+            $user = $repository->mainUser($user);
+            $tokenInfo = $repository->createToken($user);
+            $repository->loginAfter($user);
+            return app('json')->success($repository->returnToken($user, $tokenInfo));
+        } catch(\Firebase\JWT\SignatureInvalidException $e) {
+            return app('json')->fail('签名错误');
+        } catch(\Firebase\JWT\BeforeValidException $e) {
+            return app('json')->fail('token无效');
+        } catch(\Firebase\JWT\ExpiredException $e) {
+            return app('json')->fail('token已过期');
+        } catch(\Exception $e) {
+            return app('json')->fail('非法请求');
+        }
+    }
     public function caiji()
     {
         $url=$this->request->host();
diff --git a/route/api.php b/route/api.php
index e47ccf46..bd7c118c 100644
--- a/route/api.php
+++ b/route/api.php
@@ -23,6 +23,7 @@ Route::group('api/', function () {
     Route::any('test', 'api.Auth/test');
     Route::any('dotest', 'api.Auth/dotest');
     Route::any('caiji', 'api.Auth/caiji');
+    Route::any('parse/token', 'api.Auth/parseToken');
     Route::any('app/version', 'api.Auth/appVersion');
     Route::post('merchant/syncStatus/:id', 'api.Auth/merchantStatus');
     Route::get('business/agree', 'api.Auth/businessAgree');
diff --git a/vendor/firebase/php-jwt/src/JWT.php b/vendor/firebase/php-jwt/src/JWT.php
index ec1641bc..0ee7712b 100644
--- a/vendor/firebase/php-jwt/src/JWT.php
+++ b/vendor/firebase/php-jwt/src/JWT.php
@@ -138,20 +138,21 @@ class JWT
 
         // Check the nbf if it is defined. This is the time that the
         // token can actually be used. If it's not yet that time, abort.
-        if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) {
-            throw new BeforeValidException(
-                'Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->nbf)
-            );
-        }
+        // 取消时间验证
+        // if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) {
+        //     throw new BeforeValidException(
+        //         'Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->nbf)
+        //     );
+        // }
 
         // Check that this token has been created before 'now'. This prevents
         // using tokens that have been created for later use (and haven't
         // correctly used the nbf claim).
-        if (isset($payload->iat) && $payload->iat > ($timestamp + static::$leeway)) {
-            throw new BeforeValidException(
-                'Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->iat)
-            );
-        }
+        // if (isset($payload->iat) && $payload->iat > ($timestamp + static::$leeway)) {
+        //     throw new BeforeValidException(
+        //         'Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->iat)
+        //     );
+        // }
 
         // Check if this token has expired.
         if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) {