141 lines
3.9 KiB
PHP
141 lines
3.9 KiB
PHP
<?php
|
|
/**
|
|
* Created by 北京捷讯佳音.
|
|
* User: sam
|
|
* Date: 2019/2/15
|
|
* Time: 11:17
|
|
*/
|
|
|
|
namespace app\api\controller;
|
|
|
|
use Repository\LogRepository;
|
|
use think\Controller;
|
|
|
|
class Base extends Controller
|
|
{
|
|
// 初始化
|
|
public function _initialize()
|
|
{
|
|
LogRepository::requestLog();
|
|
$para = input('param.');
|
|
if (empty($para)) {
|
|
echo json_encode(['code' => 302, 'msg' => '请求失败.']);
|
|
exit;
|
|
}
|
|
$return = $this->_verifySign($para);
|
|
|
|
if (!$return['status']) {
|
|
echo json_encode(['code' => 303, 'msg' => $return['msg']]);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// 获取sign
|
|
public function getSign($data,$msectime,$method)
|
|
{
|
|
$secret = config('api_secret');
|
|
unset($data['ts'],$data['sign']);
|
|
|
|
if($method === 'GET'){
|
|
$str = '';
|
|
ksort($data);
|
|
foreach ($data as $key => $value) {
|
|
$str .= $key.$value;
|
|
}
|
|
}else{
|
|
$str = $data['param'];
|
|
}
|
|
$sign = md5($secret.';'.$str.';'.$msectime);
|
|
|
|
return $sign;
|
|
}
|
|
|
|
public function _verifySign($data)
|
|
{
|
|
if (!config('CHECK_SIGN')) {
|
|
return ['status' => true, 'msg' => '验证通过'];
|
|
}
|
|
|
|
if (!isset($data['sign']) || !isset($data['ts'])) {
|
|
return ['status' => false, 'msg' => '参数不合法'];
|
|
}
|
|
// 验证接口时效
|
|
if (self::getMsectime() - $data['ts'] > 100000) {
|
|
return ['status' => false, 'msg' => '请求失效'];
|
|
}
|
|
|
|
switch ($_SERVER['REQUEST_METHOD']) {
|
|
case 'GET':
|
|
$mySign = $this->getSign($data,$data['ts'],'GET');
|
|
break;
|
|
case 'POST':
|
|
$mySign = $this->getSign($data,$data['ts'],'POST');
|
|
break;
|
|
default:
|
|
return ['status' => false, 'msg' => '请求类型不支持'];
|
|
break;
|
|
}
|
|
|
|
if ($data['sign'] === $mySign) {
|
|
return ['status' => true, 'msg' => '验证通过'];
|
|
}
|
|
|
|
return ['status' => false, 'msg' => '签名错误'];
|
|
|
|
}
|
|
|
|
/**
|
|
* 验证令牌.
|
|
* @param array $param 参数集合
|
|
* @return array
|
|
*/
|
|
private static function _checkAccessTokenIsValid(& $param)
|
|
{
|
|
if (empty($param['access_token'])) {
|
|
return ['code' => 400, 'msg' => 'access_token不能为空.'];
|
|
}
|
|
|
|
// if (empty($param['type'])) {
|
|
// return ['code' => 450, 'msg' => 'type不能为空.'];
|
|
// }
|
|
|
|
if($param['type'] == 'kf') {
|
|
$result = db('users')->field('id,user_name,sex,user_avatar,access_token,expire_time')
|
|
->where(['access_token' => $param['access_token']])
|
|
->find();
|
|
if (empty($result)) {
|
|
return ['code' => 450, 'msg' => 'access_token不存在.'];
|
|
}
|
|
|
|
if ($result['access_token'] != $param['access_token']) {
|
|
return ['code' => 450, 'msg' => 'access_token错误.'];
|
|
}
|
|
|
|
if ($result['expire_time'] < time()) {
|
|
return ['code' => 450, 'msg' => 'access_token已过期.'];
|
|
}
|
|
|
|
$param['user'] = [
|
|
'uid' => "KF".$result['id'],
|
|
'user_name' => $result['user_name'],
|
|
'sex' => $result['sex'],
|
|
'avatar_url' => $result['user_avatar']
|
|
];
|
|
}else{
|
|
$userInfo = $param['access_token'];
|
|
if(is_string($userInfo)){
|
|
$userInfo = json_decode($userInfo,true);
|
|
}
|
|
$param['user'] = $userInfo['user'];
|
|
}
|
|
unset($param['access_token']);
|
|
|
|
return ['code' => 200, 'msg' => '验证成功.'];
|
|
}
|
|
|
|
//获取毫秒级时间戳
|
|
public static function getMsectime(){
|
|
return (float)sprintf('%.0f', microtime(true) * 1000);
|
|
}
|
|
}
|