添加authToken和userToken

server/app/api/controller/AuthTokenController.php

@@ -7,23 +7,61 @@ use support\Request;
 use support\Response;
 use Tinywan\Jwt\JwtToken;
 use plugin\saiadmin\basic\OpenController;
+use app\api\util\ReturnCode;
 
 /**
  * API 鉴权 Token 接口
+ * 仅支持 GET，必传参数：signature、secret、device、time，签名规则：signature = md5(device . secret . time)
  * 后续所有 /api 接口调用均需在请求头携带此接口返回的 auth-token
  */
 class AuthTokenController extends OpenController
 {
     /**
      * 获取 auth-token
-     * GET 或 POST /api/authToken
+     * GET /api/authToken
+     * 参数：signature（签名）、secret（密钥）、device（设备标识）、time（时间戳，秒），四者均为必传且非空
      */
     public function index(Request $request): Response
     {
+        if (strtoupper($request->method()) !== 'GET') {
+            return $this->fail('仅支持 GET 请求', ReturnCode::EMPTY_PARAMS);
+        }
+
+        $param = $request->get();
+        $signature = trim((string) ($param['signature'] ?? ''));
+        $secret = trim((string) ($param['secret'] ?? ''));
+        $device = trim((string) ($param['device'] ?? ''));
+        $time = trim((string) ($param['time'] ?? ''));
+
+        if ($signature === '' || $secret === '' || $device === '' || $time === '') {
+            return $this->fail('signature、secret、device、time 均为必传且不能为空', ReturnCode::EMPTY_PARAMS);
+        }
+
+        $serverSecret = trim((string) config('api.auth_token_secret', ''));
+        if ($serverSecret === '') {
+            return $this->fail('服务未配置 API_AUTH_TOKEN_SECRET', ReturnCode::EMPTY_PARAMS);
+        }
+        if ($secret !== $serverSecret) {
+            return $this->fail('密钥错误', ReturnCode::EMPTY_PARAMS);
+        }
+
+        $tolerance = (int) config('api.auth_token_time_tolerance', 300);
+        $now = time();
+        $ts = is_numeric($time) ? (int) $time : 0;
+        if ($ts <= 0 || abs($now - $ts) > $tolerance) {
+            return $this->fail('时间戳无效或已过期', ReturnCode::EMPTY_PARAMS);
+        }
+
+        $sign = $this->getAuthToken($device, $serverSecret, $time);
+        if ($sign !== $signature) {
+            return $this->fail('签名验证失败', ReturnCode::EMPTY_PARAMS);
+        }
+
         $exp = config('api.auth_token_exp', 86400);
         $tokenResult = JwtToken::generateToken([
             'id' => 0,
             'plat' => 'api',
+            'device' => $device,
             'access_exp' => $exp,
         ]);
 
@@ -32,4 +70,17 @@ class AuthTokenController extends OpenController
             'expires_in' => $tokenResult['expires_in'],
         ]);
     }
+
+    /**
+     * 生成签名：signature = md5(device . secret . time)
+     *
+     * @param string $device 设备标识
+     * @param string $secret 密钥（来自配置）
+     * @param string $time 时间戳
+     * @return string
+     */
+    private function getAuthToken(string $device, string $secret, string $time): string
+    {
+        return md5($device . $secret . $time);
+    }
 }