美文网首页
[PHP高可用后端]②⑥--sign有效时间处理

[PHP高可用后端]②⑥--sign有效时间处理

作者: 子木同 | 来源:发表于2017-11-21 17:21 被阅读18次
image.png

app.php

<?php
/**
 * Created by PhpStorm.
 * User: tong
 * Date: 2017/11/20
 * Time: 11:43
 */
return [
    'password_pre_halt' => '_#sing_ty',//密码加密言
    'aeskey' => 'sgg45747ss223455',//aes密钥,服务端和客户端必须保持一致
    'apptypes'=>[
        'ios',
        'android',
    ],
    'app_sign_time'=>6000,
];

Time.php

<?php
/**
 * Created by PhpStorm.
 * User: tong
 * Date: 2017/11/21
 * Time: 16:00
 */

namespace app\common\lib;


class Time
{
    /**
     * 获取13位的时间戳
     * @return int
     */
    public static function get13TimeStamp()
    {
        //string '0.67408200 1511251699' (length=21)
        //halt(microtime());

        list($t1, $t2) = explode(' ', microtime());
        return $t2 . ceil($t1 * 1000);


    }
}

IAuth.php

<?php
/**
 * Created by PhpStorm.
 * User: tong
 * Date: 2017/11/20
 * Time: 13:56
 */

namespace app\common\lib;

class IAuth
{

    public static function setPassword($data)
    {
        return md5($data . config('app.password_pre_halt'));
    }

    public static function setSign($data = [])
    {
        ksort($data);
        $string = http_build_query($data);
        $string = (new Aes())->encryt($string);
        return $string;
    }

    /**
     * 检查sign是否正常
     * @param string $sign
     * @param $data
     * @return boolean
     */
    public static function checkSignPass($data)
    {
        $str = (new Aes())->decrypt($data['sign']);
        if (empty($str)) {
            return false;
        }
        //diid=xx&app_type=3
        parse_str($str, $arr);

        /**
         * array (size=2)
         * 'did' => string '12345dg' (length=7)
         * 'version' => string '1' (length=1)
         */
        //halt($arr);

        if (!is_array($arr) || empty($arr['did'])
            || $arr['did'] != $data['did']
        ) {
            return false;
        }
        if ((time() - ceil($arr['time'] / 1000)) > config('app.app_sign_time')) {
            return false;
        }
        return true;
    }
}

Common.php

<?php
/**
 * Created by PhpStorm.
 * User: tong
 * Date: 2017/11/21
 * Time: 14:26
 */

namespace app\api\controller;

use app\common\lib\exception\ApiException;
use app\common\lib\IAuth;
use app\common\lib\Time;
use think\Controller;

class Common extends Controller
{
    /**
     * @var string
     */
    public $headers = '';


    protected function _initialize()
    {
        $this->checkRequestAuth();
    }

    public function checkRequestAuth()
    {
        $headers = request()->header();
//        $this->testAes();

        //sign加密需要客户端工程师 解密 服务端工程师
        // 1 headers body 仿照sign 做参数的加解密
        // 2 加密数据步骤客户端服务端工程师共同约定
        // 3


        //基础检验
        if (empty($headers['sign'])) {
            throw new ApiException('sign不存在', 400);
        }
        if (!in_array($headers['app_type'], config('app.apptypes'))) {
            throw new ApiException('app_type不合法', 400);
        }

        if (!IAuth::checkSignPass($headers)) {
            throw new ApiException('授权码sign失败', 401);
        }

        $this->headers = $headers;


    }

    public function testAes()
    {
        $data = [
            'did' => '12345dg',
            'version' => 1,
            'time' => Time::get13TimeStamp(),
        ];

        //col9j6cqegAKiiey3IrXWi5kTf508OkMmPu9zrTihQ8IVnKDb7Rin03dOqY2qLWP
        //echo IAuth::setSign($data);exit;
        //exit;
    }


}
image.png

相关文章

网友评论

      本文标题:[PHP高可用后端]②⑥--sign有效时间处理

      本文链接:https://www.haomeiwen.com/subject/kvjwvxtx.html