From 5c71376713c83d941857784b74ba18e25a8e4c89 Mon Sep 17 00:00:00 2001 From: zhenhui <1276357500@qq.com> Date: Fri, 20 Mar 2026 10:55:43 +0800 Subject: [PATCH] =?UTF-8?q?API=E6=8E=A5=E5=8F=A3-authtoken?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/api/controller/v1/Auth.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/app/api/controller/v1/Auth.php b/app/api/controller/v1/Auth.php index 208fa21..6eb5f8e 100644 --- a/app/api/controller/v1/Auth.php +++ b/app/api/controller/v1/Auth.php @@ -27,8 +27,8 @@ class Auth extends Api protected int $timeTolerance = 300; /** - * 获取鉴权 Token - * 参数:signature(签名)、secret(密钥)、agent_id(代理)、time(时间戳) + * 获取鉴权 Token(GET 请求) + * 参数仅从 Query 读取:signature、secret、agent_id、time * 返回:authtoken;失败返回 code=0 及失败信息 */ public function authToken(Request $request): Response @@ -38,13 +38,13 @@ class Auth extends Api return $response; } - $signature = $request->post('signature', $request->get('signature', '')); - $secret = $request->post('secret', $request->get('secret', '')); - $agentId = $request->post('agent_id', $request->get('agent_id', '')); - $time = $request->post('time', $request->get('time', '')); + $signature = $request->get('signature', ''); + $secret = $request->get('secret', ''); + $agentId = $request->get('agent_id', ''); + $time = $request->get('time', ''); if ($signature === '' || $secret === '' || $agentId === '' || $time === '') { - return $this->error(__('Parameter %s can not be empty', ['signature/secret/agent_id/time'])); + return $this->error(__('Parameter signature/secret/agent_id/time can not be empty')); } $timestamp = (int) $time; @@ -76,7 +76,7 @@ class Auth extends Api return $this->error(__('Invalid agent or secret')); } - $expectedSignature = hash_hmac('sha256', $agentId . $time, $channel->secret); + $expectedSignature = strtoupper(md5($agentId . $secret . $time)); if (!hash_equals($expectedSignature, $signature)) { return $this->error(__('Invalid signature')); }