API接口-authtoken
This commit is contained in:
@@ -27,8 +27,8 @@ class Auth extends Api
|
||||
protected int $timeTolerance = 300;
|
||||
|
||||
/**
|
||||
* 获取鉴权 Token
|
||||
* 参数:signature(签名)、secret(密钥)、agent_id(代理)、time(时间戳)
|
||||
* 获取鉴权 Token(GET 请求)
|
||||
* 参数仅从 Query 读取:signature、secret、agent_id、time
|
||||
* 返回:authtoken;失败返回 code=0 及失败信息
|
||||
*/
|
||||
public function authToken(Request $request): Response
|
||||
@@ -38,13 +38,13 @@ class Auth extends Api
|
||||
return $response;
|
||||
}
|
||||
|
||||
$signature = $request->post('signature', $request->get('signature', ''));
|
||||
$secret = $request->post('secret', $request->get('secret', ''));
|
||||
$agentId = $request->post('agent_id', $request->get('agent_id', ''));
|
||||
$time = $request->post('time', $request->get('time', ''));
|
||||
$signature = $request->get('signature', '');
|
||||
$secret = $request->get('secret', '');
|
||||
$agentId = $request->get('agent_id', '');
|
||||
$time = $request->get('time', '');
|
||||
|
||||
if ($signature === '' || $secret === '' || $agentId === '' || $time === '') {
|
||||
return $this->error(__('Parameter %s can not be empty', ['signature/secret/agent_id/time']));
|
||||
return $this->error(__('Parameter signature/secret/agent_id/time can not be empty'));
|
||||
}
|
||||
|
||||
$timestamp = (int) $time;
|
||||
@@ -76,7 +76,7 @@ class Auth extends Api
|
||||
return $this->error(__('Invalid agent or secret'));
|
||||
}
|
||||
|
||||
$expectedSignature = hash_hmac('sha256', $agentId . $time, $channel->secret);
|
||||
$expectedSignature = strtoupper(md5($agentId . $secret . $time));
|
||||
if (!hash_equals($expectedSignature, $signature)) {
|
||||
return $this->error(__('Invalid signature'));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user