test/ApiAdmin
1
0
Fork 0
mirror of https://gitee.com/apiadmin/ApiAdmin.git synced 2024-11-29 18:47:35 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

modified 完善中间件

Browse Source
This commit is contained in:
zhaoxiang 2020-10-13 01:06:32 +08:00
parent a4baba4f18
commit 24073bcc84
3 changed files with 88 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
app/controller/api/BuildToken.php Normal file
View File

@ -0,0 +1,84 @@
<?php
/**
*
* @since 2017-10-26
* @author zhaoxiang <zhaoxiang051405@gmail.com>
*/
namespace app\controller\api;
use app\model\AdminApp;
use app\util\ReturnCode;
use app\util\Strs;
class BuildToken extends Base {
/**
* 构建AccessToken
* @return \think\Response
* @throws \think\db\exception\DataNotFoundException
* @throws \think\db\exception\DbException
* @throws \think\db\exception\ModelNotFoundException
* @author zhaoxiang <zhaoxiang051405@gmail.com>
*/
public function getAccessToken() {
$param = $this->request->param();
$appInfo = (new AdminApp())->where(['app_id' => $param['app_id'], 'app_status' => 1])->find();
if (empty($appInfo)) {
return $this->buildFailed(ReturnCode::INVALID, '应用ID非法');
}
$signature = $param['signature'];
unset($param['signature']);
$sign = $this->getAuthToken($appInfo['app_secret'], $param);
$this->debug($sign);
if ($sign !== $signature) {
return $this->buildFailed(ReturnCode::INVALID, '身份令牌验证失败');
}
$expires = config('apiadmin.ACCESS_TOKEN_TIME_OUT');
$accessToken = cache('AccessToken:' . $param['device_id']);
if ($accessToken) {
cache('AccessToken:' . $accessToken, null);
cache('AccessToken:' . $param['device_id'], null);
}
$accessToken = $this->buildAccessToken($appInfo['app_id'], $appInfo['app_secret']);
$appInfo['device_id'] = $param['device_id'];
cache('AccessToken:' . $accessToken, $appInfo, $expires);
cache('AccessToken:' . $param['device_id'], $accessToken, $expires);
$return['access_token'] = $accessToken;
$return['expires_in'] = $expires;
return $this->buildSuccess($return);
}
/**
* 根据AppSecret和数据生成相对应的身份认证秘钥
* @param $appSecret
* @param $data
* @return string
*/
private function getAuthToken($appSecret, $data) {
if (empty($data)) {
return '';
} else {
unset($data['APP_CONF_DETAIL'], $data['API_CONF_DETAIL']);
$preArr = array_merge($data, ['app_secret' => $appSecret]);
ksort($preArr);
$preStr = http_build_query($preArr);
return md5($preStr);
}
}
/**
* 计算出唯一的身份令牌
* @param $appId
* @param $appSecret
* @return string
*/
private function buildAccessToken($appId, $appSecret) {
$preStr = $appSecret . $appId . time() . Strs::keyGen();
return md5($preStr);
}
}

6
app/middleware/ApiAuth.php
View File

@ -50,11 +50,11 @@ class ApiAuth {
}
}
$accessToken = $request->header('access-token', '');
$accessToken = $request->header('Access-Token', '');
if (!$accessToken) {
return json([
'code' => ReturnCode::AUTH_ERROR,
'msg' => '缺少必要参数access-token',
'msg' => '缺少必要参数Access-Token',
'data' => []
])->header($header);
}
@ -66,7 +66,7 @@ class ApiAuth {
if ($appInfo === false) {
return json([
'code' => ReturnCode::ACCESS_TOKEN_TIMEOUT,
'msg' => 'access-token已过期',
'msg' => 'Access-Token已过期',
'data' => []
])->header($header);
}

2
app/middleware/ApiLog.php
View File

@ -22,7 +22,7 @@ class ApiLog {
ApiLogTool::setApiInfo($request->API_CONF_DETAIL);
ApiLogTool::setAppInfo($request->APP_CONF_DETAIL);
ApiLogTool::setRequest($requestInfo);
ApiLogTool::setResponse($response->getData(), isset($response->getData()['code']) ? $response->getData()['code'] : 'null');
ApiLogTool::setResponse($response->getData(), isset($response->getData()['code']) ? strval($response->getData()['code']) : 'null');
ApiLogTool::setHeader($request->header());
ApiLogTool::save();