5 years ago · c7551be4ee
--- a/app/Http/Controllers/QuickApp/Oauth/UsersController.php
+++ b/app/Http/Controllers/QuickApp/Oauth/UsersController.php
@@ -21,6 +21,7 @@ class UsersController extends Controller
 
																      * @apiParam  {String}  device_no 设备号
															
 
																      * @apiParam  {String}  device_info 设备信息json字符串格式
															
 
																      * @apiParam  {Int}     send_order_id send_order_id
															
 
																+     * @apiParam  {Int}     timestamp 时间戳10分钟过期
															
 
																      * @apiParam  {String}  sign 签名(见微信支付签名https://pay.weixin.qq.com/wiki/doc/api/app/app.php?chapter=4_3)
															
 
																      * @apiGroup Login
															
 
																      * @apiName index
															
--- a/app/Http/Middleware/CheckSign.php
+++ b/app/Http/Middleware/CheckSign.php
@@ -2,6 +2,7 @@
 
																 namespace App\Http\Middleware;
															
 
																+use App\Consts\SysConsts;
															
 
																 use Closure;
															
 
																 class CheckSign
															
@@ -16,10 +17,11 @@ class CheckSign
 
																     public function handle($request, Closure $next)
															
 
																     {
															
 
																         $sign = $request->post('sign', '');
															
 
																+        $timestamp = $request->post('timestamp', 0);
															
 
																         $key = 'a!A&AFRWT65Nb3NlklezUiqHyQAA@Z8M';
															
 
																         $params = $request->except('_url');
															
 
																         myLog('test')->info($params);
															
 
																-        if ($sign == _sign($params, $key)) {
															
 
																+        if ($timestamp && time() - $timestamp <= SysConsts::ONE_HOUR_SECONDS * 10 && $sign == _sign($params, $key)) {
															
 
																             return $next($request);
															
 
																         } else {
															
 
																             return response()->error('QAPP_SIGN_ERROR');
															
--- a/public/kyydoc/api_data.js
+++ b/public/kyydoc/api_data.js
@@ -2305,6 +2305,13 @@ define({ "api": [
 
																           },
															
 
																           {
															
 
																             "group": "Parameter",
															
 
																+            "type": "Int",
															
 
																+            "optional": false,
															
 
																+            "field": "timestamp",
															
 
																+            "description": "<p>时间戳10分钟过期</p>"
															
 
																+          },
															
 
																+          {
															
 
																+            "group": "Parameter",
															
 
																             "type": "String",
															
 
																             "optional": false,
															
 
																             "field": "sign",
															
--- a/public/kyydoc/api_data.json
+++ b/public/kyydoc/api_data.json
@@ -2305,6 +2305,13 @@
 
																           },
															
 
																           {
															
 
																             "group": "Parameter",
															
 
																+            "type": "Int",
															
 
																+            "optional": false,
															
 
																+            "field": "timestamp",
															
 
																+            "description": "<p>时间戳10分钟过期</p>"
															
 
																+          },
															
 
																+          {
															
 
																+            "group": "Parameter",
															
 
																             "type": "String",
															
 
																             "optional": false,
															
 
																             "field": "sign",
															
--- a/public/kyydoc/api_project.js
+++ b/public/kyydoc/api_project.js
@@ -17,7 +17,7 @@ define({
 
																   "apidoc": "0.3.0",
															
 
																   "generator": {
															
 
																     "name": "apidoc",
															
 
																-    "time": "2019-11-05T06:54:25.239Z",
															
 
																+    "time": "2019-11-05T07:08:17.558Z",
															
 
																     "url": "http://apidocjs.com",
															
 
																     "version": "0.17.7"
															
 
																   }
															
--- a/public/kyydoc/api_project.json
+++ b/public/kyydoc/api_project.json
@@ -17,7 +17,7 @@
 
																   "apidoc": "0.3.0",
															
 
																   "generator": {
															
 
																     "name": "apidoc",
															
 
																-    "time": "2019-11-05T06:54:25.239Z",
															
 
																+    "time": "2019-11-05T07:08:17.558Z",
															
 
																     "url": "http://apidocjs.com",
															
 
																     "version": "0.17.7"
															
 
																   }