mojiahui/webman-buildadmin-mall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化每日推送接口/api/v1/playx/daily-push

Browse Source
This commit is contained in:
zhenhui
2026-03-30 16:19:14 +08:00
parent ae7d7940d9
commit 6c402d4221
6 changed files with 24 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.env-example
View File

@@ -27,7 +27,7 @@ PLAYX_UNLOCK_RATIO=0.1
# Daily Push 签名校验密钥HMAC建议从部署系统注入避免写入代码/仓库)
PLAYX_DAILY_PUSH_SECRET=
# 合作方回调 JWT 验签密钥HS256与对端私发密钥一致与上一项可同时配置则两种均需通过
PLAYX_PARTNER_JWT_SECRET=5590a339502b133f4d0c545c3cdad159a4827dfccb3f51bb110c56f9b96568ca
PLAYX_PARTNER_JWT_SECRET=
# Agent authtoken/api/v1/authTokenJWT 签名密钥;留空则使用下方 buildadmin.token.key
AGENT_AUTH_JWT_SECRET=
# token 会话缓存过期时间(秒)

17
app/api/controller/v1/Playx.php
View File

@@ -14,7 +14,6 @@ use app\common\model\MallPlayxDailyPush;
use app\common\model\MallPlayxSession;
use app\common\model\MallPlayxOrder;
use app\common\model\MallPlayxUserAsset;
use app\common\library\PlayxInboundJwt;
use support\think\Db;
use Webman\Http\Request;
use support\Response;
@@ -157,14 +156,6 @@ class Playx extends Api
return $response;
}
$partnerJwtSecret = strval(config('playx.partner_jwt_secret', ''));
if ($partnerJwtSecret !== '') {
$authHeader = strval($request->header('authorization', ''));
if (!PlayxInboundJwt::verifyBearer($authHeader, $partnerJwtSecret)) {
return $this->error(__('Invalid or missing JWT'), null, 0, ['statusCode' => 401]);
}
}
$body = $request->post();
if (empty($body)) {
$raw = $request->rawBody();
@@ -179,12 +170,12 @@ class Playx extends Api
$ts = $request->header('X-Timestamp', '');
$rid = $request->header('X-Request-Id', '');
if ($sig === '' || $ts === '' || $rid === '') {
return $this->error(__('Invalid signature'), null, 0, ['statusCode' => 401]);
return $this->error(__('Daily push signature missing or incomplete'), null, 0, ['statusCode' => 401]);
}
$canonical = $ts . "\n" . $rid . "\nPOST\n/api/v1/playx/daily-push\n" . hash('sha256', json_encode($body));
$expected = hash_hmac('sha256', $canonical, $secret);
if (!hash_equals($expected, $sig)) {
return $this->error(__('Invalid signature'), null, 0, ['statusCode' => 401]);
return $this->error(__('Daily push signature verification failed'), null, 0, ['statusCode' => 401]);
}
}
@@ -259,7 +250,7 @@ class Playx extends Api
$asset = $this->ensureAssetForPlayx($playxUserId, $username);
if (!$asset) {
throw new \RuntimeException(__('Failed to map playx user to mall user'));
throw new \RuntimeException(__('Failed to ensure PlayX user asset'));
}
if ($asset->today_limit_date !== $date) {
@@ -345,7 +336,7 @@ class Playx extends Api
$asset = $this->ensureAssetForPlayx($playxUserId, strval($body['username'] ?? ''));
if (!$asset) {
throw new \RuntimeException(__('Failed to map playx user to mall user'));
throw new \RuntimeException(__('Failed to ensure PlayX user asset'));
}
if ($asset->today_limit_date !== $date) {

5
app/api/lang/en.php
View File

@@ -35,6 +35,11 @@ return [
'Ok' => 'OK',
'Failed to map playx user to mall user' => 'Failed to map PlayX user to mall user',
'Missing required fields: request_id, date, user_id' => 'Missing required fields: request_id, date, user_id',
'Missing required fields: report_date, member' => 'Missing required fields: report_date, member',
'Missing required fields: member_id' => 'Missing required fields: member_id',
'Daily push signature missing or incomplete' => 'Daily push signature missing or incomplete',
'Daily push signature verification failed' => 'Daily push signature verification failed',
'Failed to ensure PlayX user asset' => 'Failed to ensure PlayX user asset',
'claim_request_id and user_id/session_id required' => 'claim_request_id and user_id/session_id/token are required',
'User asset not found' => 'User asset not found',
'No points to claim or limit reached' => 'No points to claim or daily limit reached',

5
app/api/lang/zh-cn.php
View File

@@ -67,6 +67,11 @@ return [
'Ok' => '成功',
'Failed to map playx user to mall user' => '无法将 PlayX 用户关联到商城用户',
'Missing required fields: request_id, date, user_id' => '缺少必填字段request_id、date、user_id',
'Missing required fields: report_date, member' => '缺少必填字段report_date、member',
'Missing required fields: member_id' => '缺少必填字段member_id',
'Daily push signature missing or incomplete' => '签名缺失或不完整',
'Daily push signature verification failed' => '签名校验失败',
'Failed to ensure PlayX user asset' => '创建/映射用户资产失败',
'claim_request_id and user_id/session_id required' => '缺少 claim_request_id或未提供有效的 user_id/session_id/token',
'User asset not found' => '未找到用户资产',
'No points to claim or limit reached' => '暂无可领取积分或已达今日上限',

2
app/common/middleware/AllowCrossDomain.php
View File

@@ -30,7 +30,7 @@ class AllowCrossDomain implements MiddlewareInterface
'Access-Control-Allow-Credentials' => 'true',
'Access-Control-Max-Age' => '1800',
'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
'Access-Control-Allow-Headers' => 'Content-Type, Authorization, batoken, ba-user-token, think-lang, server',
'Access-Control-Allow-Headers' => 'Content-Type, Authorization, batoken, ba-user-token, think-lang, lang, server',
];
$origin = $request->header('origin');
if (is_array($origin)) {

10
docs/PlayX-接口文档.md
View File

@@ -15,8 +15,11 @@
* 方法:`POST`
* 路径:`/api/v1/playx/daily-push`
#### Header签名校验:可选)
`playx.daily_push_secret` 配置非空时,需要携带:
#### Header多语言,可选)
- `lang`: `zh`/`zh-cn` 返回中文(默认);`en` 返回英文
#### Header签名校验HMAC 必填)
`playx.daily_push_secret` 配置非空时需要携带HMAC
- `X-Request-Id`:请求 ID
- `X-Timestamp`:时间戳
- `X-Signature`签名HMAC_SHA256
@@ -26,6 +29,9 @@
- `expected = hash_hmac('sha256', canonical, daily_push_secret)`
- 校验:`hash_equals(expected, X-Signature)`
说明:
- 本项目对接方案为 **仅启用 HMAC**,不使用 `Authorization` 头做校验。
#### Body
| 字段 | 类型 | 必填 | 说明 |
|------|------|------|------|