API接口-优化/创建保存jwt

2026-03-30 15:19:22 +08:00
parent 2d561f81b5
commit c2ce8085c2
5 changed files with 69 additions and 3 deletions
--- a/app/api/controller/v1/Playx.php
+++ b/app/api/controller/v1/Playx.php
@@ -14,6 +14,7 @@ use app\common\model\MallPlayxDailyPush;
 use app\common\model\MallPlayxSession;
 use app\common\model\MallPlayxOrder;
 use app\common\model\MallPlayxUserAsset;
+use app\common\library\PlayxInboundJwt;
 use support\think\Db;
 use Webman\Http\Request;
 use support\Response;
@@ -156,6 +157,14 @@ class Playx extends Api
            return $response;
        }

+        $partnerJwtSecret = strval(config('playx.partner_jwt_secret', ''));
+        if ($partnerJwtSecret !== '') {
+            $authHeader = strval($request->header('authorization', ''));
+            if (!PlayxInboundJwt::verifyBearer($authHeader, $partnerJwtSecret)) {
+                return $this->error(__('Invalid or missing JWT'), null, 0, ['statusCode' => 401]);
+            }
+        }
+
        $body = $request->post();
        if (empty($body)) {
            $raw = $request->rawBody();
--- a/app/common/library/PlayxInboundJwt.php
+++ b/app/common/library/PlayxInboundJwt.php
@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+
+namespace app\common\library;
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use Firebase\JWT\ExpiredException;
+use Firebase\JWT\SignatureInvalidException;
+
+/**
+ * PlayX / 合作方回调：校验 Authorization: Bearer JWT（HS256）
+ */
+class PlayxInboundJwt
+{
+    public const ALG = 'HS256';
+
+    /**
+     * 从 Authorization 头解析 Bearer token 并校验签名与有效期
+     */
+    public static function verifyBearer(string $authorizationHeader, string $secret): bool
+    {
+        if ($secret === '') {
+            return false;
+        }
+        $token = self::extractBearer($authorizationHeader);
+        if ($token === '') {
+            return false;
+        }
+        try {
+            JWT::decode($token, new Key($secret, self::ALG));
+
+            return true;
+        } catch (ExpiredException|SignatureInvalidException|\Throwable) {
+            return false;
+        }
+    }
+
+    public static function extractBearer(string $authorizationHeader): string
+    {
+        if (preg_match('/Bearer\s+(\S+)/i', $authorizationHeader, $m)) {
+            return $m[1];
+        }
+
+        return '';
+    }
+}