1.重新设置Token验证接口
This commit is contained in:
@@ -411,56 +411,85 @@ class Playx extends Api
|
||||
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
|
||||
}
|
||||
|
||||
$baseUrl = config('playx.angpow_import.base_url', '');
|
||||
$verifyUrl = config('playx.api.token_verify_url', '/api/v1/auth/verify-token');
|
||||
$verifyPath = ltrim(strval($verifyUrl), '/');
|
||||
if ($verifyPath === '') {
|
||||
return $this->error(__('PlayX API not configured'));
|
||||
}
|
||||
if ($baseUrl === '') {
|
||||
return $this->error(__('PlayX API not configured'));
|
||||
$baseUrl = strval(config('playx.angpow_import.base_url', ''));
|
||||
$verifyUrlRaw = strval(config('playx.api.token_verify_url', '/api/v1/auth/verify-token'));
|
||||
$verifyUrlTrimmed = trim($verifyUrlRaw);
|
||||
$isAbsoluteVerifyUrl = str_starts_with($verifyUrlTrimmed, 'http://')
|
||||
|| str_starts_with($verifyUrlTrimmed, 'https://');
|
||||
|
||||
if ($isAbsoluteVerifyUrl) {
|
||||
$targetVerifyUrl = $verifyUrlTrimmed;
|
||||
} else {
|
||||
$verifyPath = ltrim($verifyUrlTrimmed, '/');
|
||||
if ($verifyPath === '') {
|
||||
return $this->error(__('PlayX API not configured'));
|
||||
}
|
||||
if ($baseUrl === '') {
|
||||
return $this->error(__('PlayX API not configured'));
|
||||
}
|
||||
$targetVerifyUrl = rtrim($baseUrl, '/') . '/' . $verifyPath;
|
||||
}
|
||||
|
||||
try {
|
||||
$merchantCode = strval(config('playx.angpow_import.merchant_code', ''));
|
||||
$authKey = strval(config('playx.angpow_import.auth_key', ''));
|
||||
if ($merchantCode === '' || $authKey === '') {
|
||||
return $this->error(__('PlayX API not configured'));
|
||||
}
|
||||
|
||||
$requestId = 'mall_' . uniqid();
|
||||
$requestDate = strval(time());
|
||||
$signatureInput = 'merchant_code=' . $merchantCode
|
||||
. '&request_date=' . $requestDate
|
||||
. '&request_id=' . $requestId
|
||||
. '&token=' . $token;
|
||||
$signature = $this->buildPlayxTokenVerifySignature($signatureInput, $authKey);
|
||||
if ($signature === null) {
|
||||
return $this->error(__('Invalid signature'), null, 0, ['statusCode' => 500]);
|
||||
}
|
||||
|
||||
$client = new \GuzzleHttp\Client([
|
||||
'base_uri' => rtrim($baseUrl, '/') . '/',
|
||||
'timeout' => 10,
|
||||
$clientOptions = [
|
||||
'timeout' => 10,
|
||||
'http_errors' => false,
|
||||
]);
|
||||
$headers = [
|
||||
'Content-Type' => 'application/json',
|
||||
'X-Request-Signature' => $signature,
|
||||
'X-Signature' => $signature,
|
||||
'X-Request-Date' => $requestDate,
|
||||
'X-Request-ID' => $requestId,
|
||||
];
|
||||
$payload = [
|
||||
'merchant_code' => $merchantCode,
|
||||
'request_date' => $requestDate,
|
||||
'request_id' => $requestId,
|
||||
'token' => $token,
|
||||
];
|
||||
$res = $client->post($verifyPath, [
|
||||
'headers' => $headers,
|
||||
'json' => $payload,
|
||||
]);
|
||||
if (!$isAbsoluteVerifyUrl) {
|
||||
$clientOptions['base_uri'] = rtrim($baseUrl, '/') . '/';
|
||||
}
|
||||
$client = new \GuzzleHttp\Client($clientOptions);
|
||||
|
||||
if ($isAbsoluteVerifyUrl) {
|
||||
$headers = [
|
||||
'Content-Type' => 'application/json',
|
||||
];
|
||||
$payload = [
|
||||
'request_id' => $requestId,
|
||||
'token' => $token,
|
||||
];
|
||||
$res = $client->post($targetVerifyUrl, [
|
||||
'headers' => $headers,
|
||||
'json' => $payload,
|
||||
]);
|
||||
} else {
|
||||
$merchantCode = strval(config('playx.angpow_import.merchant_code', ''));
|
||||
$authKey = strval(config('playx.angpow_import.auth_key', ''));
|
||||
if ($merchantCode === '' || $authKey === '') {
|
||||
return $this->error(__('PlayX API not configured'));
|
||||
}
|
||||
|
||||
$requestDate = strval(time());
|
||||
$signatureInput = 'merchant_code=' . $merchantCode
|
||||
. '&request_date=' . $requestDate
|
||||
. '&request_id=' . $requestId
|
||||
. '&token=' . $token;
|
||||
$signature = $this->buildPlayxTokenVerifySignature($signatureInput, $authKey);
|
||||
if ($signature === null) {
|
||||
return $this->error(__('Invalid signature'), null, 0, ['statusCode' => 500]);
|
||||
}
|
||||
|
||||
$headers = [
|
||||
'Content-Type' => 'application/json',
|
||||
'X-Request-Signature' => $signature,
|
||||
'X-Signature' => $signature,
|
||||
'X-Request-Date' => $requestDate,
|
||||
'X-Request-ID' => $requestId,
|
||||
];
|
||||
$payload = [
|
||||
'merchant_code' => $merchantCode,
|
||||
'request_date' => $requestDate,
|
||||
'request_id' => $requestId,
|
||||
'token' => $token,
|
||||
];
|
||||
$verifyPath = ltrim($verifyUrlTrimmed, '/');
|
||||
$res = $client->post($verifyPath, [
|
||||
'headers' => $headers,
|
||||
'json' => $payload,
|
||||
]);
|
||||
}
|
||||
$data = json_decode(strval($res->getBody()), true);
|
||||
$code = $res->getStatusCode();
|
||||
if ($code !== 200 || empty($data['user_id'])) {
|
||||
@@ -477,6 +506,9 @@ class Playx extends Api
|
||||
$remoteMsg = mb_substr($bodyText, 0, 300);
|
||||
}
|
||||
}
|
||||
if ($remoteMsg === '' || str_contains(strtolower($remoteMsg), '<html')) {
|
||||
$remoteMsg = 'PlayX verify-token failed: HTTP ' . strval($code) . ' at ' . $targetVerifyUrl;
|
||||
}
|
||||
$msg = $remoteMsg !== '' ? $remoteMsg : __('Token expiration');
|
||||
|
||||
return $this->error($msg, null, 0, ['statusCode' => 401]);
|
||||
|
||||
Reference in New Issue
Block a user