mojiahui/webman-buildadmin-mall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

API接口-authtoken

Browse Source
This commit is contained in:
zhenhui
2026-03-20 10:55:43 +08:00
parent 4f61c9d7fc
commit 5c71376713
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/api/controller/v1/Auth.php
View File

@@ -27,8 +27,8 @@ class Auth extends Api
protected int $timeTolerance = 300; protected int $timeTolerance = 300;
/** /**
* 获取鉴权 Token * 获取鉴权 TokenGET 请求)
* 参数signature(签名)、secret(密钥)、agent_id(代理)、time(时间戳) * 参数仅从 Query 读取signature、secret、agent_id、time
* 返回authtoken失败返回 code=0 及失败信息 * 返回authtoken失败返回 code=0 及失败信息
*/ */
public function authToken(Request $request): Response public function authToken(Request $request): Response
@@ -38,13 +38,13 @@ class Auth extends Api
return $response; return $response;
} }
$signature = $request->post('signature', $request->get('signature', '')); $signature = $request->get('signature', '');
$secret = $request->post('secret', $request->get('secret', '')); $secret = $request->get('secret', '');
$agentId = $request->post('agent_id', $request->get('agent_id', '')); $agentId = $request->get('agent_id', '');
$time = $request->post('time', $request->get('time', '')); $time = $request->get('time', '');
if ($signature === '' || $secret === '' || $agentId === '' || $time === '') { if ($signature === '' || $secret === '' || $agentId === '' || $time === '') {
return $this->error(__('Parameter %s can not be empty', ['signature/secret/agent_id/time'])); return $this->error(__('Parameter signature/secret/agent_id/time can not be empty'));
} }
$timestamp = (int) $time; $timestamp = (int) $time;
@@ -76,7 +76,7 @@ class Auth extends Api
return $this->error(__('Invalid agent or secret')); return $this->error(__('Invalid agent or secret'));
} }
$expectedSignature = hash_hmac('sha256', $agentId . $time, $channel->secret); $expectedSignature = strtoupper(md5($agentId . $secret . $time));
if (!hash_equals($expectedSignature, $signature)) { if (!hash_equals($expectedSignature, $signature)) {
return $this->error(__('Invalid signature')); return $this->error(__('Invalid signature'));
} }