Merge pull request 'dev' (#24) from dev into master

Reviewed-on: #24
This commit is contained in:
weiz 2023-11-10 11:20:23 +08:00
commit 15dab75bd1
4 changed files with 16 additions and 86 deletions

View File

@ -14,7 +14,6 @@
return [ return [
'middleware' => [ 'middleware' => [
app\api\http\middleware\InitMiddleware::class, // 初始化 app\api\http\middleware\InitMiddleware::class, // 初始化
app\api\http\middleware\VerifySignMiddleware::class, // 签名验证
app\api\http\middleware\LoginMiddleware::class, // 登录验证 app\api\http\middleware\LoginMiddleware::class, // 登录验证
], ],
]; ];

View File

@ -1,41 +0,0 @@
<?php
declare (strict_types=1);
namespace app\api\http\middleware;
use app\api\service\ApiSignService;
use app\common\model\systems\System;
use app\common\service\JsonService;
class VerifySignMiddleware
{
public function handle($request, \Closure $next)
{
// //获取header参数
// $appid = $request->header('appid');
// $url = $request->header('url');
// $timestamp = $request->header('timestamp');
// $sign = $request->header('sign');
// //验证参数
// if(empty($appid) || empty($url) || empty($timestamp) || empty($sign)){
// return JsonService::fail('缺少请求头参数', [], 0);
// }
// //获取子系统信息
// $system = System::field('app_id,app_key,url,status')->where('app_id',$appid)->where('url',$url)->findOrEmpty();
// if($system->isEmpty()){
// return JsonService::fail('应用ID无效', [], 0);
// }
// if($url != $system['url']){
// return JsonService::fail('请求来源异常', [], 0);
// }
// if($system['status'] != 0){
// return JsonService::fail('应用已被禁用或注销', [], 0);
// }
// //验证签名
// $checkSign = ApiSignService::verifySign(['appid'=>$appid,'url'=>$url,'timestamp'=>$timestamp,'sign'=>$sign],$system['app_key']);
// if($checkSign['code'] == 0){
// return JsonService::fail($checkSign['msg'],[],0);
// }
return $next($request);
}
}

View File

@ -1,44 +0,0 @@
<?php
namespace app\api\service;
class ApiSignService
{
//创建sign
public static function makeSign($data,$appKey): string
{
ksort($data);
$string = self::toUrlParams($data);
$string = $string . "&key=" . $appKey;
$string = md5($string);
return strtolower($string);
}
//检验sign是否正确
public static function verifySign($data,$appKey): array
{
// 验证请求, 2分钟失效
if (time() - intval($data['timestamp'] / 1000) > 120) {
return ['code' => 0, 'msg' => '签名已失效'];
}
//比对签名
$clientSign = $data['sign'];
$serverSign = self::makeSign($data,$appKey);
if ($clientSign == $serverSign) {
return ['code' => 1, 'msg' => '验证通过'];
} else {
return ['code' => 0, 'msg' => '签名校验失败'];
}
}
//生成url字符串
private static function toUrlParams($values): string
{
$buff = "";
foreach ($values as $k => $v) {
if ($k != "sign" && !is_array($v)) {
$buff .= $k . "=" . $v . "&";
}
}
return trim($buff, "&");
}
}

View File

@ -354,3 +354,19 @@ function curl_get($url){
curl_close($ch); curl_close($ch);
return json_decode($output,true); return json_decode($output,true);
} }
function makeSign($data,$appSecret): string
{
ksort($data);
$string = "";
foreach ($data as $k => $v) {
if ($k == "sign" || is_array($v)) {
continue;
}
$string .= $k . "=" . $v . "&";
}
$string = trim($string, "&");
$string = $string . "&key=" . $appSecret;
$string = md5(md5($string));
return strtolower($string);
}