Merge pull request 'dev' (#24) from dev into master

Reviewed-on: #24
2023-11-10 11:20:23 +08:00 · 2023-11-10 11:20:23 +08:00 · 15dab75bd1
parent 528248b225 14a0416c03
commit 15dab75bd1
4 changed files with 16 additions and 86 deletions
--- a/app/api/config/route.php
+++ b/app/api/config/route.php
@ -14,7 +14,6 @@
 return [
    'middleware' => [
        app\api\http\middleware\InitMiddleware::class, // 初始化
        app\api\http\middleware\VerifySignMiddleware::class, // 签名验证
        app\api\http\middleware\LoginMiddleware::class, // 登录验证
    ],
 ];
--- a/app/api/http/middleware/VerifySignMiddleware.php
+++ b/app/api/http/middleware/VerifySignMiddleware.php
@ -1,41 +0,0 @@
 <?php
 declare (strict_types=1);
 namespace app\api\http\middleware;
 use app\api\service\ApiSignService;
 use app\common\model\systems\System;
 use app\common\service\JsonService;
 class VerifySignMiddleware
 {
    public function handle($request, \Closure $next)
    {
 //        //获取header参数
 //        $appid = $request->header('appid');
 //        $url = $request->header('url');
 //        $timestamp = $request->header('timestamp');
 //        $sign = $request->header('sign');
 //        //验证参数
 //        if(empty($appid) || empty($url) || empty($timestamp) || empty($sign)){
 //            return JsonService::fail('缺少请求头参数', [], 0);
 //        }
 //        //获取子系统信息
 //        $system = System::field('app_id,app_key,url,status')->where('app_id',$appid)->where('url',$url)->findOrEmpty();
 //        if($system->isEmpty()){
 //            return JsonService::fail('应用ID无效', [], 0);
 //        }
 //        if($url != $system['url']){
 //            return JsonService::fail('请求来源异常', [], 0);
 //        }
 //        if($system['status'] != 0){
 //            return JsonService::fail('应用已被禁用或注销', [], 0);
 //        }
 //        //验证签名
 //        $checkSign = ApiSignService::verifySign(['appid'=>$appid,'url'=>$url,'timestamp'=>$timestamp,'sign'=>$sign],$system['app_key']);
 //        if($checkSign['code'] == 0){
 //            return JsonService::fail($checkSign['msg'],[],0);
 //        }
        return $next($request);
    }
 }
--- a/app/api/service/ApiSignService.php
+++ b/app/api/service/ApiSignService.php
@ -1,44 +0,0 @@
 <?php
 namespace app\api\service;
 class ApiSignService
 {
    //创建sign
    public static function makeSign($data,$appKey): string
    {
        ksort($data);
        $string = self::toUrlParams($data);
        $string = $string . "&key=" . $appKey;
        $string = md5($string);
        return strtolower($string);
    }
    //检验sign是否正确
    public static function verifySign($data,$appKey): array
    {
        // 验证请求， 2分钟失效
        if (time() - intval($data['timestamp'] / 1000) > 120) {
            return ['code' => 0, 'msg' => '签名已失效'];
        }
        //比对签名
        $clientSign = $data['sign'];
        $serverSign = self::makeSign($data,$appKey);
        if ($clientSign == $serverSign) {
            return ['code' => 1, 'msg' => '验证通过'];
        } else {
            return ['code' => 0, 'msg' => '签名校验失败'];
        }
    }
    //生成url字符串
    private static function toUrlParams($values): string
    {
        $buff = "";
        foreach ($values as $k => $v) {
            if ($k != "sign" && !is_array($v)) {
                $buff .= $k . "=" . $v . "&";
            }
        }
        return trim($buff, "&");
    }
 }
--- a/app/common.php
+++ b/app/common.php
@ -354,3 +354,19 @@ function curl_get($url){
 	curl_close($ch);
 	return json_decode($output,true);
 }
 function makeSign($data,$appSecret): string
 {
 	ksort($data);
 	$string = "";
 	foreach ($data as $k => $v) {
 		if ($k == "sign" || is_array($v)) {
 			continue;
 		}
 		$string .= $k . "=" . $v . "&";
 	}
 	$string = trim($string, "&");
 	$string = $string . "&key=" . $appSecret;
 	$string = md5(md5($string));
 	return strtolower($string);
 }