data_center/app/api/http/middleware/VerifySignMiddleware.php

41 lines
1.4 KiB
PHP
Raw Normal View History

2023-09-18 09:11:13 +08:00
<?php
declare (strict_types=1);
namespace app\api\http\middleware;
use app\api\service\ApiSignService;
use app\common\model\systems\System;
use app\common\service\JsonService;
class VerifySignMiddleware
{
public function handle($request, \Closure $next)
{
//获取header参数
$appid = $request->header('appid');
$url = $request->header('url');
$timestamp = $request->header('timestamp');
$sign = $request->header('sign');
//验证参数
if(empty($appid) || empty($url) || empty($timestamp) || empty($sign)){
return JsonService::fail('缺少请求头参数', [], 0);
}
//获取子系统信息
2023-09-18 17:51:25 +08:00
$system = System::field('app_id,app_key,url,status')->where('app_id',$appid)->where('url',$url)->findOrEmpty();
2023-09-18 09:11:13 +08:00
if($system->isEmpty()){
return JsonService::fail('应用ID无效', [], 0);
}
2023-09-18 17:51:25 +08:00
if($url != $system['url']){
2023-09-18 09:11:13 +08:00
return JsonService::fail('请求来源异常', [], 0);
}
2023-09-18 17:51:25 +08:00
if($system['status'] != 0){
2023-09-18 09:11:13 +08:00
return JsonService::fail('应用已被禁用或注销', [], 0);
}
//验证签名
2023-09-18 17:51:25 +08:00
$checkSign = ApiSignService::verifySign(['appid'=>$appid,'url'=>$url,'timestamp'=>$timestamp,'sign'=>$sign],$system['app_key']);
2023-09-18 09:11:13 +08:00
if($checkSign['code'] == 0){
return JsonService::fail($checkSign['msg'],[],0);
}
return $next($request);
}
}