You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
122 lines
3.2 KiB
122 lines
3.2 KiB
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Middleware\Auth;
|
|
|
|
use App\Model\v3\User;
|
|
use App\TaskWorker\SSDBTask;
|
|
use Hashids\Hashids;
|
|
use Hyperf\HttpServer\Contract\RequestInterface as HttpRequest;
|
|
use Hyperf\HttpServer\Contract\ResponseInterface as HttpResponse;
|
|
use Hyperf\Utils\ApplicationContext;
|
|
use Psr\Container\ContainerInterface;
|
|
use Psr\Http\Message\ResponseInterface;
|
|
use Psr\Http\Server\MiddlewareInterface;
|
|
use Psr\Http\Message\ServerRequestInterface;
|
|
use Psr\Http\Server\RequestHandlerInterface;
|
|
|
|
class ApiMiddleware implements MiddlewareInterface
|
|
{
|
|
/**
|
|
* @var ContainerInterface
|
|
*/
|
|
protected $container;
|
|
|
|
/**
|
|
* @var HttpResponse
|
|
*/
|
|
protected $response;
|
|
|
|
/**
|
|
* @var HttpRequest
|
|
*/
|
|
protected $request;
|
|
|
|
public function __construct(ContainerInterface $container, HttpResponse $response, HttpRequest $request)
|
|
{
|
|
$this->container = $container;
|
|
$this->response = $response;
|
|
$this->request = $request;
|
|
}
|
|
|
|
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
|
{
|
|
// 签名校验
|
|
|
|
# 获取参数
|
|
$params = $this->request->all();
|
|
|
|
# 必须参数,签名、时间戳、随机数
|
|
if (!(
|
|
isset($params['sign'])
|
|
&&isset($params['timestamp'])
|
|
&&isset($params['rand'])
|
|
) && env('APP_ENV') == 'prod') {
|
|
|
|
$content = [
|
|
"status" => 'ok',
|
|
"code" => 9001,
|
|
"result" => [],
|
|
"message" => '接口验签失败:缺少参数'
|
|
];
|
|
|
|
return $this->response->json($content);
|
|
}
|
|
|
|
if (!$this->checkSign($params)) {
|
|
|
|
$content = [
|
|
"status" => 'ok',
|
|
"code" => 9002,
|
|
"result" => [],
|
|
"message" => '接口验签失败:签名错误或已失效'
|
|
];
|
|
|
|
return $this->response->json($content);
|
|
}
|
|
|
|
$this->request->user = null;
|
|
$userToken = $params['user_token'] ?? '';
|
|
|
|
if ($userToken) {
|
|
$ssdb = ApplicationContext::getContainer()->get(SSDBTask::class);
|
|
$exists = $ssdb->exec('exists', $userToken);
|
|
if ($exists) {
|
|
$hashIds = ApplicationContext::getContainer()->get(Hashids::class);
|
|
$user = $hashIds->decode($userToken);
|
|
$this->request->user = User::query()->find($user[0]);
|
|
}
|
|
}
|
|
|
|
return $handler->handle($request);
|
|
}
|
|
|
|
private function checkSign($params)
|
|
{
|
|
if (env('APP_ENV') != 'prod') {
|
|
return true;
|
|
}
|
|
$sign = $params['sign'];
|
|
unset($params['sign']);
|
|
$timestamp = $params['timestamp'];
|
|
|
|
if (empty($sign) || ($timestamp+config('auth.api.sign.expire_time')) < time()) {
|
|
return false;
|
|
}
|
|
|
|
return $sign == $this->signature($params);
|
|
}
|
|
|
|
private function signature($params)
|
|
{
|
|
ksort($params);
|
|
|
|
$http_query = [];
|
|
foreach ($params as $key => $value) {
|
|
$http_query[] = $key.'='.$value;
|
|
}
|
|
|
|
return sha1(md5(implode('&', $http_query)).config('auth.api.sign.secret_key'));
|
|
}
|
|
}
|