mojiahui/webman-buildadmin-mall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4f61c9d7fcd608c9f1295bed9e3f83789b297089
webman-buildadmin-mall/app/api/controller/v1/Auth.php
zhenhui 4f61c9d7fc API接口-authtoken、redis
2026-03-19 18:07:18 +08:00

97 lines
2.9 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
declare(strict_types=1);
namespace app\api\controller\v1;
use app\common\controller\Api;
use app\common\library\AgentJwt;
use app\common\model\ChannelManage;
use app\admin\model\Admin;
use Webman\Http\Request;
use support\Response;
/**
* API v1 鉴权接口
*/
class Auth extends Api
{
/**
* Agent Token 类型
*/
public const TOKEN_TYPE = 'agent';
/**
* 时间戳有效范围(秒),防止重放攻击
*/
protected int $timeTolerance = 300;
/**
* 获取鉴权 Token
* 参数signature签名、secret密钥、agent_id代理、time时间戳
* 返回authtoken失败返回 code=0 及失败信息
*/
public function authToken(Request $request): Response
{
$response = $this->initializeApi($request);
if ($response !== null) {
return $response;
}
$signature = $request->post('signature', $request->get('signature', ''));
$secret = $request->post('secret', $request->get('secret', ''));
$agentId = $request->post('agent_id', $request->get('agent_id', ''));
$time = $request->post('time', $request->get('time', ''));
if ($signature === '' || $secret === '' || $agentId === '' || $time === '') {
return $this->error(__('Parameter %s can not be empty', ['signature/secret/agent_id/time']));
}
$timestamp = (int) $time;
if ($timestamp <= 0) {
return $this->error(__('Invalid timestamp'));
}
$now = time();
if ($timestamp < $now - $this->timeTolerance || $timestamp > $now + $this->timeTolerance) {
return $this->error(__('Timestamp expired'));
}
$admin = Admin::where('agent_id', $agentId)->find();
if (!$admin) {
return $this->error(__('Agent not found'));
}
$channelId = (int) ($admin->channel_id ?? 0);
if ($channelId <= 0) {
return $this->error(__('Agent not found'));
}
$channel = ChannelManage::where('id', $channelId)->find();
if (!$channel || $channel->secret === '') {
return $this->error(__('Agent not found'));
}
if ($channel->secret !== $secret) {
return $this->error(__('Invalid agent or secret'));
}
$expectedSignature = hash_hmac('sha256', $agentId . $time, $channel->secret);
if (!hash_equals($expectedSignature, $signature)) {
return $this->error(__('Invalid signature'));
}
$expire = (int) config('buildadmin.agent_auth.token_expire', 86400);
$payload = [
'agent_id' => $agentId,
'channel_id' => $channel->id,
'admin_id' => $admin->id,
];
$authtoken = AgentJwt::encode($payload, $expire);
return $this->success('', [
'authtoken' => $authtoken,
]);
}
}
Reference in New Issue View Git Blame Copy Permalink