|
|
@@ -9,6 +9,9 @@ class CheckSign
|
|
|
{
|
|
|
/**
|
|
|
* Handle an incoming request.
|
|
|
+ * changeLog: 2022-07-13
|
|
|
+ * - 新版签名不使用device_info参与
|
|
|
+ * - 为了和已经上架的快应用保持兼容,现在,两种签名方法通过一种就可以认为是签名通过
|
|
|
*
|
|
|
* @param \Illuminate\Http\Request $request
|
|
|
* @param \Closure $next
|
|
|
@@ -16,15 +19,51 @@ class CheckSign
|
|
|
*/
|
|
|
public function handle($request, Closure $next)
|
|
|
{
|
|
|
- $sign = $request->post('sign', '');
|
|
|
- $timestamp = $request->post('timestamp', 0);
|
|
|
$key = 'a!A&AFRWT65Nb3NlklezUiqHyQAA@Z8M';
|
|
|
- $params = $request->except('_url');
|
|
|
- if ($timestamp && time() - $timestamp <= (SysConsts::ONE_HOUR_SECONDS * 10) && $sign == _sign($params, $key)) {
|
|
|
+
|
|
|
+ \Log::info('[CheckSign]请求的request参数:', $request->all());
|
|
|
+ if($this->oldSignPass($request, $key) || $this->newSignPass($request, $key)) {
|
|
|
return $next($request);
|
|
|
} else {
|
|
|
- myLog('sign_error')->error($request->all());
|
|
|
return response()->error('QAPP_SIGN_ERROR');
|
|
|
}
|
|
|
}
|
|
|
+
|
|
|
+ private function oldSignPass($request, $key) {
|
|
|
+ $params = $request->except(['_url']);
|
|
|
+ $timestamp = $request->post('timestamp', 0);
|
|
|
+ $sign = $request->post('sign', '');
|
|
|
+ $backendSign = _sign($params, $key);
|
|
|
+ \Log::info('[CheckSign]旧版校验sign:', [
|
|
|
+ 'front_sign' => $sign,
|
|
|
+ 'backent_sign' => $backendSign,
|
|
|
+ 'device_no' => $request->input('device_no', '')
|
|
|
+ ]);
|
|
|
+ if ($timestamp && time() - $timestamp <= (SysConsts::ONE_HOUR_SECONDS * 10) && $sign == $backendSign) {
|
|
|
+ \Log::info('[CheckSign]旧版校验通过');
|
|
|
+ return true;
|
|
|
+ } else {
|
|
|
+ \Log::info('[CheckSign]旧版校验没有通过');
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ private function newSignPass($request, $key) {
|
|
|
+ $params = $request->except(['_url', 'device_info']);
|
|
|
+ $timestamp = $request->post('timestamp', 0);
|
|
|
+ $sign = $request->post('sign', '');
|
|
|
+ $backendSign = _sign($params, $key);
|
|
|
+ \Log::info('[CheckSign]新版校验sign:', [
|
|
|
+ 'front_sign' => $sign,
|
|
|
+ 'backent_sign' => $backendSign,
|
|
|
+ 'device_no' => $request->input('device_no', '')
|
|
|
+ ]);
|
|
|
+ if ($timestamp && time() - $timestamp <= (SysConsts::ONE_HOUR_SECONDS * 10) && $sign == $backendSign) {
|
|
|
+ \Log::info('[CheckSign]新版校验通过');
|
|
|
+ return true;
|
|
|
+ } else {
|
|
|
+ \Log::info('[CheckSign]新版校验没有通过');
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
