commit
15dab75bd1
|
|
@ -14,7 +14,6 @@
|
|||
return [
|
||||
'middleware' => [
|
||||
app\api\http\middleware\InitMiddleware::class, // 初始化
|
||||
app\api\http\middleware\VerifySignMiddleware::class, // 签名验证
|
||||
app\api\http\middleware\LoginMiddleware::class, // 登录验证
|
||||
],
|
||||
];
|
||||
|
|
|
|||
|
|
@ -1,41 +0,0 @@
|
|||
<?php
|
||||
declare (strict_types=1);
|
||||
|
||||
namespace app\api\http\middleware;
|
||||
|
||||
use app\api\service\ApiSignService;
|
||||
use app\common\model\systems\System;
|
||||
use app\common\service\JsonService;
|
||||
|
||||
class VerifySignMiddleware
|
||||
{
|
||||
public function handle($request, \Closure $next)
|
||||
{
|
||||
// //获取header参数
|
||||
// $appid = $request->header('appid');
|
||||
// $url = $request->header('url');
|
||||
// $timestamp = $request->header('timestamp');
|
||||
// $sign = $request->header('sign');
|
||||
// //验证参数
|
||||
// if(empty($appid) || empty($url) || empty($timestamp) || empty($sign)){
|
||||
// return JsonService::fail('缺少请求头参数', [], 0);
|
||||
// }
|
||||
// //获取子系统信息
|
||||
// $system = System::field('app_id,app_key,url,status')->where('app_id',$appid)->where('url',$url)->findOrEmpty();
|
||||
// if($system->isEmpty()){
|
||||
// return JsonService::fail('应用ID无效', [], 0);
|
||||
// }
|
||||
// if($url != $system['url']){
|
||||
// return JsonService::fail('请求来源异常', [], 0);
|
||||
// }
|
||||
// if($system['status'] != 0){
|
||||
// return JsonService::fail('应用已被禁用或注销', [], 0);
|
||||
// }
|
||||
// //验证签名
|
||||
// $checkSign = ApiSignService::verifySign(['appid'=>$appid,'url'=>$url,'timestamp'=>$timestamp,'sign'=>$sign],$system['app_key']);
|
||||
// if($checkSign['code'] == 0){
|
||||
// return JsonService::fail($checkSign['msg'],[],0);
|
||||
// }
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,44 +0,0 @@
|
|||
<?php
|
||||
namespace app\api\service;
|
||||
|
||||
class ApiSignService
|
||||
{
|
||||
//创建sign
|
||||
public static function makeSign($data,$appKey): string
|
||||
{
|
||||
ksort($data);
|
||||
$string = self::toUrlParams($data);
|
||||
$string = $string . "&key=" . $appKey;
|
||||
$string = md5($string);
|
||||
return strtolower($string);
|
||||
}
|
||||
|
||||
//检验sign是否正确
|
||||
public static function verifySign($data,$appKey): array
|
||||
{
|
||||
// 验证请求, 2分钟失效
|
||||
if (time() - intval($data['timestamp'] / 1000) > 120) {
|
||||
return ['code' => 0, 'msg' => '签名已失效'];
|
||||
}
|
||||
//比对签名
|
||||
$clientSign = $data['sign'];
|
||||
$serverSign = self::makeSign($data,$appKey);
|
||||
if ($clientSign == $serverSign) {
|
||||
return ['code' => 1, 'msg' => '验证通过'];
|
||||
} else {
|
||||
return ['code' => 0, 'msg' => '签名校验失败'];
|
||||
}
|
||||
}
|
||||
|
||||
//生成url字符串
|
||||
private static function toUrlParams($values): string
|
||||
{
|
||||
$buff = "";
|
||||
foreach ($values as $k => $v) {
|
||||
if ($k != "sign" && !is_array($v)) {
|
||||
$buff .= $k . "=" . $v . "&";
|
||||
}
|
||||
}
|
||||
return trim($buff, "&");
|
||||
}
|
||||
}
|
||||
|
|
@ -354,3 +354,19 @@ function curl_get($url){
|
|||
curl_close($ch);
|
||||
return json_decode($output,true);
|
||||
}
|
||||
|
||||
function makeSign($data,$appSecret): string
|
||||
{
|
||||
ksort($data);
|
||||
$string = "";
|
||||
foreach ($data as $k => $v) {
|
||||
if ($k == "sign" || is_array($v)) {
|
||||
continue;
|
||||
}
|
||||
$string .= $k . "=" . $v . "&";
|
||||
}
|
||||
$string = trim($string, "&");
|
||||
$string = $string . "&key=" . $appSecret;
|
||||
$string = md5(md5($string));
|
||||
return strtolower($string);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue