dengshizzp/jk8_admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

新增统计,小游戏,系统设置

Browse Source
This commit is contained in:
zhouzp
2026-06-11 13:49:20 +08:00
parent 3120c56620
commit 064ba727e0
11 changed files with 827 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/common/middleware/ApiAuth.php
View File

@@ -15,14 +15,12 @@ namespace app\common\middleware;
use app\common\model\Config;
use Closure;
use think\facade\Cache;
use think\exception\HttpException;
class ApiAuth
{
protected $apps;
public function handle($request, Closure $next)
{
$this->apps = Config::whereIn('name', ['appKey', 'appSecret'])->column('value', 'name');
$this->apps = Config::whereIn('name', ['app_id', 'app_secret'])->where('group', 'basics')->column('value', 'name');
$params = $request->param();
$appKey = $request->header('X-Api-AppKey');
$timestamp = $request->header('X-Api-Timestamp');
@@ -31,29 +29,29 @@ class ApiAuth
// 1. 基础检查
if (!$signature || !$appKey || !$timestamp || !$nonce) {
throw new HttpException(401, '缺少必要的签名参数');
return response('缺少必要的签名参数', 401);
}
// 2. 检查 AppKey 是否合法
if ($this->apps['appKey'] != $appKey) {
throw new HttpException(401, '无效的 AppKey');
if ($this->apps['app_id'] != $appKey) {
return response('无效的 AppKey', 401);
}
// 3. 检查时间戳(防重放攻击,允许 60 秒误差)
if (abs(time() - $timestamp) > 60) {
// throw new HttpException(401, '请求已超时');
return response('请求已超时', 401);
}
// 4. 检查随机字符串
$cacheKey = "api_nonce:" . $nonce;
if (Cache::has($cacheKey)) {
// throw new HttpException(401, '重复请求');
return response('重复请求', 401);
}
Cache::setex($cacheKey, 60, 1);
// 5. 验证签名
if (!$this->checkSignature($params, $timestamp, $nonce, $signature)) {
throw new HttpException(401, '签名验证失败');
return response('签名验证失败', 401);
}
return $next($request);
@@ -61,7 +59,7 @@ class ApiAuth
protected function checkSignature($params, $timestamp, $nonce, $signature)
{
$appSecret = $this->apps['appSecret'];
$appSecret = $this->apps['app_secret'];
unset($params['/']);
ksort($params);
$stringToBeSigned = http_build_query($params) . '&app_secret=' . $appSecret . '&timestamp=' . $timestamp . '&nonce=' . $nonce;