添加authToken和userToken

server/config/api.php

@@ -3,6 +3,10 @@
  * API 鉴权与用户相关配置
  */
 return [
+    // auth-token 签名密钥（与客户端约定，用于 /api/authToken 的 signature 校验，必填）
+    'auth_token_secret' => env('API_AUTH_TOKEN_SECRET', ''),
+    // auth-token 时间戳允许误差（秒），防重放，默认 300 秒
+    'auth_token_time_tolerance' => (int) env('API_AUTH_TOKEN_TIME_TOLERANCE', 300),
     // auth-token 有效期（秒），默认 24 小时
     'auth_token_exp' => (int) env('API_AUTH_TOKEN_EXP', 86400),
     // user-token 有效期（秒），默认 7 天

server/config/route.php

@@ -13,22 +13,29 @@
  */
 
 use Webman\Route;
-use app\api\middleware\CheckApiAuthMiddleware;
+use app\api\middleware\CheckAuthTokenMiddleware;
+use app\api\middleware\CheckUserTokenMiddleware;
 
-// API 路由：需先调用 /api/authToken 获取 auth-token，请求时携带 header: auth-token 或 Authorization: Bearer <token>
+// 仅需 auth-token 的路由组（authToken 接口在中间件内白名单跳过）
 Route::group('/api', function () {
     Route::any('/authToken', [app\api\controller\AuthTokenController::class, 'index']);
-    Route::post('/user/login', [app\api\controller\UserController::class, 'login']);
-    Route::post('/user/register', [app\api\controller\UserController::class, 'register']);
-    Route::post('/user/logout', [app\api\controller\UserController::class, 'logout']);
-    Route::get('/user/info', [app\api\controller\UserController::class, 'info']);
-    Route::get('/user/balance', [app\api\controller\UserController::class, 'balance']);
-    Route::get('/user/walletRecord', [app\api\controller\UserController::class, 'walletRecord']);
-    Route::get('/user/playGameRecord', [app\api\controller\UserController::class, 'playGameRecord']);
-    Route::post('/game/buyLotteryTickets', [app\api\controller\GameController::class, 'buyLotteryTickets']);
-    Route::get('/game/lotteryPool', [app\api\controller\GameController::class, 'lotteryPool']);
-    Route::post('/game/playStart', [app\api\controller\GameController::class, 'playStart']);
-})->middleware([CheckApiAuthMiddleware::class]);
-
-
+    Route::any('/user/login', [app\api\controller\UserController::class, 'login']);
+    Route::any('/user/register', [app\api\controller\UserController::class, 'register']);
+})->middleware([
+    CheckAuthTokenMiddleware::class,
+]);
 
+// 需 auth-token + user-token 的路由组
+Route::group('/api', function () {
+    Route::any('/user/logout', [app\api\controller\UserController::class, 'logout']);
+    Route::any('/user/info', [app\api\controller\UserController::class, 'info']);
+    Route::any('/user/balance', [app\api\controller\UserController::class, 'balance']);
+    Route::any('/user/walletRecord', [app\api\controller\UserController::class, 'walletRecord']);
+    Route::any('/user/playGameRecord', [app\api\controller\UserController::class, 'playGameRecord']);
+    Route::any('/game/buyLotteryTickets', [app\api\controller\GameController::class, 'buyLotteryTickets']);
+    Route::any('/game/lotteryPool', [app\api\controller\GameController::class, 'lotteryPool']);
+    Route::any('/game/playStart', [app\api\controller\GameController::class, 'playStart']);
+})->middleware([
+    CheckAuthTokenMiddleware::class,
+    CheckUserTokenMiddleware::class,
+]);