all(); $token = $request->header('d-token', ''); if (!$token) Utils::throwError(ErrorConst::NOT_LOGIN); $referer_url = ''; if (isset($params['_url'])) { $referer_url = $params['_url']; unset($params['_url']); } // 先验签(非本地模式需要验签) if (env('CHECK_SIGN') && $params) { $param_sign = getProp($params, 'sign'); $timestamp = getProp($params, 'timestamp'); $check_params = [ 'd-token' => $token, 'nonce_str' => getProp($params, 'nonce_str'), 'timestamp' => $timestamp, ]; if (!getProp($params, 'nonce_str') || !$timestamp) { Log::info('验签失败, 请求参数不正确;传参: '.json_encode($params, 256)); Utils::throwError('1002:数据异常,请求参数不正确'); } if (time() - $timestamp > 300) { Log::info('验签失败, 签名5分钟内有效;传参: '.json_encode($params, 256)); Utils::throwError('1002:数据异常,签名5分钟内有效'); } foreach ($params as $k=>$v) { if (!$v) unset($params[$k]); } ksort($check_params); $str = strtoupper(http_build_query($check_params)); $sign = md5($str.'&key='.env('SIGN_SALT')); if ($param_sign != $sign) { $params['_url'] = $referer_url; $params['sign'] = $param_sign; $params['check_sign'] = $sign; $params['check_str'] = $str.'&key='.env('SIGN_SALT'); Log::info('验签失败, 签名不正确;传参: '.json_encode($params, 256)); Utils::throwError('1002:数据异常,签名不正确'); } } return $next($request); } }