优化验证token接口-临时验证
This commit is contained in:
@@ -469,11 +469,91 @@ class Playx extends Api
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 联调:合作方 JWT payload 的 base64url 解码(不验签),仅用于 dev_verify_token_exact 命中后的 session 字段。
|
||||
*
|
||||
* @return array{sub?: string, user_fullname?: string, exp?: int}|null
|
||||
*/
|
||||
private function parsePartnerJwtPayloadForDev(string $jwt): ?array
|
||||
{
|
||||
$parts = explode('.', $jwt);
|
||||
if (count($parts) < 2) {
|
||||
return null;
|
||||
}
|
||||
$payload = $parts[1];
|
||||
$b64 = strtr($payload, '-_', '+/');
|
||||
$pad = strlen($b64) % 4;
|
||||
if ($pad > 0) {
|
||||
$b64 .= str_repeat('=', 4 - $pad);
|
||||
}
|
||||
$raw = base64_decode($b64, true);
|
||||
if ($raw === false || $raw === '') {
|
||||
return null;
|
||||
}
|
||||
$decoded = json_decode($raw, true);
|
||||
if (!is_array($decoded)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $decoded;
|
||||
}
|
||||
|
||||
/**
|
||||
* 本地校验 temLogin 等写入的商城 token(类型 muser),写入 mall_session
|
||||
*/
|
||||
private function verifyTokenLocal(string $token): Response
|
||||
{
|
||||
$devExact = strval(config('playx.dev_verify_token_exact', ''));
|
||||
if ($devExact !== '' && hash_equals($devExact, $token)) {
|
||||
$payload = $this->parsePartnerJwtPayloadForDev($token);
|
||||
if ($payload === null) {
|
||||
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
|
||||
}
|
||||
if (isset($payload['exp'])) {
|
||||
$exp = intval($payload['exp']);
|
||||
if ($exp > 0 && $exp <= time()) {
|
||||
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
|
||||
}
|
||||
}
|
||||
|
||||
$overrideUserId = strval(config('playx.dev_verify_session_user_id', ''));
|
||||
$playxUserId = $overrideUserId;
|
||||
if ($playxUserId === '' && isset($payload['sub']) && is_string($payload['sub'])) {
|
||||
$playxUserId = $payload['sub'];
|
||||
}
|
||||
if ($playxUserId === '') {
|
||||
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
|
||||
}
|
||||
|
||||
$overrideUsername = strval(config('playx.dev_verify_session_username', ''));
|
||||
$username = $overrideUsername;
|
||||
if ($username === '') {
|
||||
if (isset($payload['user_fullname']) && is_string($payload['user_fullname']) && $payload['user_fullname'] !== '') {
|
||||
$username = $payload['user_fullname'];
|
||||
} elseif (isset($payload['sub']) && is_string($payload['sub'])) {
|
||||
$username = $payload['sub'];
|
||||
}
|
||||
}
|
||||
|
||||
$expireAt = time() + intval(config('playx.session_expire_seconds', 3600));
|
||||
$sessionId = bin2hex(random_bytes(16));
|
||||
MallSession::create([
|
||||
'session_id' => $sessionId,
|
||||
'user_id' => $playxUserId,
|
||||
'username' => $username,
|
||||
'expire_time' => $expireAt,
|
||||
'create_time' => time(),
|
||||
'update_time' => time(),
|
||||
]);
|
||||
|
||||
return $this->success('', [
|
||||
'session_id' => $sessionId,
|
||||
'user_id' => $playxUserId,
|
||||
'username' => $username,
|
||||
'token_expire_at' => date('c', $expireAt),
|
||||
]);
|
||||
}
|
||||
|
||||
$tokenData = Token::get($token);
|
||||
if (empty($tokenData) || (isset($tokenData['expire_time']) && intval($tokenData['expire_time']) <= time())) {
|
||||
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
|
||||
|
||||
Reference in New Issue
Block a user