1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 |
- <?php
- declare (strict_types = 1);
- namespace app\middleware;
- use think\facade\Db;
- class CheckAuth
- {
- protected $noCheck=[];
- /**
- * 处理请求
- *
- * @param \think\Request $request
- * @param \Closure $next
- * @return Response|\think\response\Json
- */
- public function handle($request, \Closure $next)
- {
- if($request->isOptions()){
- return json();
- }
- $header =$request->header();
- $param =$request->post();
- if (isset($header['web-auth'])&&$header['web-auth']==1) {
- $data=[
- "origin"=>$header['origin']??"",
- "noce"=>$header['noce']??'',
- "timestamp"=>$header['timestamp']??'',
- "sign"=>$header['sign']??'',
- ];
- $check= \Header::checkHeader($header);
- }else{
- $check =$this->check($header,$param);
- if($check['code']==1){
- return json_show(104,$check['msg']);
- }
- }
-
- return $next($request);
- }
- /**数据接口签名验证
- * @param $data
- * @param $param
- * @return array
- */
- private function check($data,$param){
- //check sign
- if (!isset($data['appid']) || !$data['appid']) {
- return ['code'=>1,'msg'=>'发送的应用参数不存在'];
- }
- $appinf =Db::name("auth")->where(["app_id"=>$data['appid'],"is_del"=>0,"status"=>1])->findOrEmpty();
- if(empty($appinf)){
- return ['code'=>1,'msg'=>'发送的应用参数错误'];
- }
- $mege=["appid"=>$data['appid'],"noce"=>$data['noce']??'',"sign"=>$data['sign']??'',"timestamp"=>$data['timestamp']??''];
- $value =array_merge($mege,$param);
- $Sign= new \Sign($appinf['app_id'],$appinf['app_key']);
- $result =$Sign->verifySign($value);
- return $result;
- }
- }
|