API接口-authtoken、redis
This commit is contained in:
96
app/api/controller/v1/Auth.php
Normal file
96
app/api/controller/v1/Auth.php
Normal file
@@ -0,0 +1,96 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace app\api\controller\v1;
|
||||
|
||||
use app\common\controller\Api;
|
||||
use app\common\library\AgentJwt;
|
||||
use app\common\model\ChannelManage;
|
||||
use app\admin\model\Admin;
|
||||
use Webman\Http\Request;
|
||||
use support\Response;
|
||||
|
||||
/**
|
||||
* API v1 鉴权接口
|
||||
*/
|
||||
class Auth extends Api
|
||||
{
|
||||
/**
|
||||
* Agent Token 类型
|
||||
*/
|
||||
public const TOKEN_TYPE = 'agent';
|
||||
|
||||
/**
|
||||
* 时间戳有效范围(秒),防止重放攻击
|
||||
*/
|
||||
protected int $timeTolerance = 300;
|
||||
|
||||
/**
|
||||
* 获取鉴权 Token
|
||||
* 参数:signature(签名)、secret(密钥)、agent_id(代理)、time(时间戳)
|
||||
* 返回:authtoken;失败返回 code=0 及失败信息
|
||||
*/
|
||||
public function authToken(Request $request): Response
|
||||
{
|
||||
$response = $this->initializeApi($request);
|
||||
if ($response !== null) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
$signature = $request->post('signature', $request->get('signature', ''));
|
||||
$secret = $request->post('secret', $request->get('secret', ''));
|
||||
$agentId = $request->post('agent_id', $request->get('agent_id', ''));
|
||||
$time = $request->post('time', $request->get('time', ''));
|
||||
|
||||
if ($signature === '' || $secret === '' || $agentId === '' || $time === '') {
|
||||
return $this->error(__('Parameter %s can not be empty', ['signature/secret/agent_id/time']));
|
||||
}
|
||||
|
||||
$timestamp = (int) $time;
|
||||
if ($timestamp <= 0) {
|
||||
return $this->error(__('Invalid timestamp'));
|
||||
}
|
||||
|
||||
$now = time();
|
||||
if ($timestamp < $now - $this->timeTolerance || $timestamp > $now + $this->timeTolerance) {
|
||||
return $this->error(__('Timestamp expired'));
|
||||
}
|
||||
|
||||
$admin = Admin::where('agent_id', $agentId)->find();
|
||||
if (!$admin) {
|
||||
return $this->error(__('Agent not found'));
|
||||
}
|
||||
|
||||
$channelId = (int) ($admin->channel_id ?? 0);
|
||||
if ($channelId <= 0) {
|
||||
return $this->error(__('Agent not found'));
|
||||
}
|
||||
|
||||
$channel = ChannelManage::where('id', $channelId)->find();
|
||||
if (!$channel || $channel->secret === '') {
|
||||
return $this->error(__('Agent not found'));
|
||||
}
|
||||
|
||||
if ($channel->secret !== $secret) {
|
||||
return $this->error(__('Invalid agent or secret'));
|
||||
}
|
||||
|
||||
$expectedSignature = hash_hmac('sha256', $agentId . $time, $channel->secret);
|
||||
if (!hash_equals($expectedSignature, $signature)) {
|
||||
return $this->error(__('Invalid signature'));
|
||||
}
|
||||
|
||||
$expire = (int) config('buildadmin.agent_auth.token_expire', 86400);
|
||||
$payload = [
|
||||
'agent_id' => $agentId,
|
||||
'channel_id' => $channel->id,
|
||||
'admin_id' => $admin->id,
|
||||
];
|
||||
$authtoken = AgentJwt::encode($payload, $expire);
|
||||
|
||||
return $this->success('', [
|
||||
'authtoken' => $authtoken,
|
||||
]);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user