API Token

API:

获取token

1:定义 ID 和Secret

比较地址栏中input(get.ID)和input(get.token) 。如果匹配，那么生成$token = md5(time() . mt_rand(111111,999999));

放在cache里面 cache（token,id,时间）

[if !supportLists]2. [endif]比较token

地址栏中获取$token=input(get.token),然后判断 cache($token)是不是等于id,是的话，那就合法。

然后该干嘛就干嘛。

---

代码不想分享，非要看的话，硬着头皮，透过删除线看吧~

---

<?php

namespace app\api\controller;

use think\Controller;

use think\Db;

use think\Request;

use app\org\controller\CorpTool;

/**

*对外接口控制器

*错误码列表

* 3001 account_id or account_secret缺失

 */

class Api extends Controller{

//属性声明

    private $account_id = 'ssc93048865';

    private $account_secret = 'ssceeRsTyrCG';

    /**

*获取access_token

     */

    public function gettoken(){

//提取请求身份参数

        $account_id = input('post.account_id',false);

        $account_secret = input('post.account_secret',false);

        if(!$account_id || !$account_secret){

            return json([

                'errcode' => 1001,

                'errmsg' => 'account_id or account_secret missing'

            ]);

        }

//验证account_id合法性

        if($account_id != $this->account_id){

            return json([

                'errcode' => 1002,

                'errmsg' => 'account_id is not exists'

            ]);

        }

//验证account_secret合法性

        if($account_secret != $this->account_secret){

            return json([

                'errcode' => 1003,

                'errmsg' => 'account_secret is invalid'

            ]);

        }

//生成access_token

        $token = md5(time() . mt_rand(111111,999999));

        cache($token,$account_id,3600);

        cache($account_id,$token,3600);

        return json([

            'errcode' => 0,

            'errmsg' => 'success',

            'access_token' => $token,

            'expires_in' => 3600

        ]);

    }

    public function doSomething{

//提取请求身份参数

        $access_token = input('get.access_token',false);

        if(!$access_token){

            return json([

                'errcode' =>2001,

                'errmsg' => 'access_token missing'

            ]);

        }

        $msg = json_encode(input('post.'));

        file_put_contents('./callback.log', $msg);

//验证参数是否正确

        if($account_id=cache($access_token)){

//验证token是否正确

            if(cache($account_id)!=$access_token){

                return json([

                    'errcode' => 2004,

                    'errmsg' => 'access_token invalid or expired'

                ]);

            };

//获取请求参数

            $pin = input('post.pin',false);

            $state = input('post.state',false);

            if($pin===false || $state===false){

                return json([

                    'errcode' => 2002,

                    'errmsg' => 'required params missing'

                ]);

            }

            file_put_contents('./callback_success.log', $msg);

           //HERE IS YOUR CODE

//执行返回

            return json([

                'errcode' => 0,

                'errmsg' => 'ok'

            ]);

        }else{

            file_put_contents('./callback_error.log', $msg);

            return json([

                'errcode' => 4002,

                'errmsg' => 'access_token is invalid'

            ]);

        }

    }

}