mojiahui/webman-buildadmin-mall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化验证token接口-暂时不验证token有效性

Browse Source
This commit is contained in:
zhenhui
2026-04-23 09:43:10 +08:00
parent 0a1109c109
commit 3b687489a0
2 changed files with 22 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
app/api/controller/v1/Playx.php
View File

@@ -393,7 +393,7 @@ class Playx extends Api
/**
* Token 验证 - POST /api/v1/playx/verify-token
* 配置 playx.verify_token_local_only=true 时仅本地校验 token不请求 PlayX)。
* 配置 playx.verify_token_local_only=true 时:不向 PlayX 请求,且不校验传入 token联调占位)。
*/
public function verifyToken(Request $request): Response
{
@@ -402,15 +402,15 @@ class Playx extends Api
return $response;
}
if (config('playx.verify_token_local_only', false)) {
return $this->verifyTokenLocalOpen();
}
$token = strval($request->post('token', $request->post('session', $request->get('token', ''))));
if ($token === '') {
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
}
if (config('playx.verify_token_local_only', false)) {
return $this->verifyTokenLocal($token);
}
$baseUrl = config('playx.api.base_url', '');
$verifyUrl = config('playx.api.token_verify_url', '/api/v1/auth/verify-token');
if ($baseUrl === '') {
@@ -470,128 +470,32 @@ class Playx extends Api
}
/**
* 联调:合作方 JWT payload 的 base64url 解码(不验签),仅用于 dev_verify_token_exact 命中后的 session 字段
*
* @return array{sub?: string, user_fullname?: string, exp?: int}|null
* 本地联调:不校验 token按配置默认用户签发新 mall_session待 PlayX 远程校验就绪后关闭 verify_token_local_only
*/
private function parsePartnerJwtPayloadForDev(string $jwt): ?array
private function verifyTokenLocalOpen(): Response
{
$parts = explode('.', $jwt);
if (count($parts) < 2) {
return null;
}
$payload = $parts[1];
$b64 = strtr($payload, '-_', '+/');
$pad = strlen($b64) % 4;
if ($pad > 0) {
$b64 .= str_repeat('=', 4 - $pad);
}
$raw = base64_decode($b64, true);
if ($raw === false || $raw === '') {
return null;
}
$decoded = json_decode($raw, true);
if (!is_array($decoded)) {
return null;
}
return $decoded;
}
/**
* 本地校验 temLogin 等写入的商城 token类型 muser写入 mall_session
*/
private function verifyTokenLocal(string $token): Response
{
$devExact = strval(config('playx.dev_verify_token_exact', ''));
if ($devExact !== '' && hash_equals($devExact, $token)) {
$payload = $this->parsePartnerJwtPayloadForDev($token);
if ($payload === null) {
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
}
if (isset($payload['exp'])) {
$exp = intval($payload['exp']);
if ($exp > 0 && $exp <= time()) {
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
}
}
$overrideUserId = strval(config('playx.dev_verify_session_user_id', ''));
$playxUserId = $overrideUserId;
if ($playxUserId === '' && isset($payload['sub']) && is_string($payload['sub'])) {
$playxUserId = $payload['sub'];
}
if ($playxUserId === '') {
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
}
$overrideUsername = strval(config('playx.dev_verify_session_username', ''));
$username = $overrideUsername;
if ($username === '') {
if (isset($payload['user_fullname']) && is_string($payload['user_fullname']) && $payload['user_fullname'] !== '') {
$username = $payload['user_fullname'];
} elseif (isset($payload['sub']) && is_string($payload['sub'])) {
$username = $payload['sub'];
}
}
$expireAt = time() + intval(config('playx.session_expire_seconds', 3600));
$sessionId = bin2hex(random_bytes(16));
MallSession::create([
'session_id' => $sessionId,
'user_id' => $playxUserId,
'username' => $username,
'expire_time' => $expireAt,
'create_time' => time(),
'update_time' => time(),
]);
return $this->success('', [
'session_id' => $sessionId,
'user_id' => $playxUserId,
'username' => $username,
'token_expire_at' => date('c', $expireAt),
]);
}
$tokenData = Token::get($token);
if (empty($tokenData) || (isset($tokenData['expire_time']) && intval($tokenData['expire_time']) <= time())) {
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
}
$tokenType = strval($tokenData['type'] ?? '');
if ($tokenType !== UserAuth::TOKEN_TYPE_MALL_USER) {
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
}
$assetId = intval($tokenData['user_id'] ?? 0);
if ($assetId <= 0) {
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
}
$asset = MallUserAsset::where('id', $assetId)->find();
if (!$asset) {
return $this->error(__('Token expiration'), null, 0, ['statusCode' => 401]);
}
$playxUserId = strval($asset->playx_user_id ?? '');
$playxUserId = strval(config('playx.verify_token_local_default_user_id', 'testmyr'));
$username = strval(config('playx.verify_token_local_default_username', 'yangyang123'));
if ($playxUserId === '') {
$playxUserId = strval($assetId);
return $this->error(__('PlayX API not configured'));
}
$expireAt = time() + intval(config('playx.session_expire_seconds', 3600));
$sessionId = bin2hex(random_bytes(16));
$now = time();
MallSession::create([
'session_id' => $sessionId,
'user_id' => $playxUserId,
'username' => strval($asset->username ?? ''),
'username' => $username,
'expire_time' => $expireAt,
'create_time' => time(),
'update_time' => time(),
'create_time' => $now,
'update_time' => $now,
]);
return $this->success('', [
return $this->success('Success', [
'session_id' => $sessionId,
'user_id' => $playxUserId,
'username' => strval($asset->username ?? ''),
'username' => $username,
'token_expire_at' => date('c', $expireAt),
]);
}