mojiahui/webman-buildadmin-mall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化Token验证接口

Browse Source
This commit is contained in:
zhenhui
2026-05-06 10:25:56 +08:00
parent 04680408e6
commit 438580d72c
5 changed files with 17 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
app/api/controller/v1/Playx.php
View File

@@ -443,31 +443,25 @@ class Playx extends Api
$client = new \GuzzleHttp\Client($clientOptions);
if ($isAbsoluteVerifyUrl) {
$merchantCode = strval(config('playx.angpow_import.merchant_code', ''));
$authKey = strval(config('playx.angpow_import.auth_key', ''));
if ($merchantCode === '' || $authKey === '') {
if ($authKey === '') {
return $this->error(__('PlayX API not configured'));
}
// 与 angpow-imports 同源HMAC-SHA1Base64;仅 X-Request-SignatureBody 对齐对端必填 request_date + PlayX 文档 request_id/token
$requestDate = strval(time());
$signatureInput = 'merchant_code=' . $merchantCode
. '&request_date=' . $requestDate
. '&request_id=' . $requestId
. '&token=' . $token;
// PlayX 文档Body 仅 request_id + token。X-Request-Signature 与 angpow-imports 同源算法(HMAC-SHA1Base64、密钥解析同 angpow明文与 Body 字段一致。
$signatureInput = 'request_id=' . $requestId . '&token=' . $token;
$signature = $this->buildPlayxTokenVerifySignature($signatureInput, $authKey);
if ($signature === null) {
return $this->error(__('Invalid signature'), null, 0, ['statusCode' => 500]);
}
$headers = [
'Content-Type' => 'application/json',
'X-Request-Signature' => $signature,
'Content-Type' => 'application/json',
'X-Request-Signature' => $signature,
];
$payload = [
'request_id' => $requestId,
'request_date' => $requestDate,
'token' => $token,
'request_id' => $requestId,
'token' => $token,
];
$res = $client->post($targetVerifyUrl, [
'headers' => $headers,