首页 发现 帮助
注册 登录
zhuishuyun
/
zhuishuyun_quickapp
10
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: ae71849594
分支列表 标签列表
zhuishuyun_q...
/
app
/
Http
/
Middleware
/
CheckSign.php

CheckSign.php 2.7 KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. <?php
    2. 

  2. 

  3. namespace App\Http\Middleware;
    4. 

  4. 

  5. use App\Consts\SysConsts;
    6. 

  6. use Closure;
    7. 

  7. 

  8. class CheckSign
    9. 

  9. {
    10. 

  10.     /**
    11. 

  11.      * Handle an incoming request.
    12. 

  12.      * changeLog: 2022-07-13
    13. 

  13.      * - 新版签名不使用device_info参与
    14. 

  14.      * - 为了和已经上架的快应用保持兼容,现在,两种签名方法通过一种就可以认为是签名通过
    15. 

  15.      *
    16. 

  16.      * @param \Illuminate\Http\Request $request
    17. 

  17.      * @param \Closure                 $next
    18. 

  18.      * @return mixed
    19. 

  19.      */
    20. 

  20.     public function handle($request, Closure $next)
    21. 

  21.     {
    22. 

  22.         $key       = 'a!A&AFRWT65Nb3NlklezUiqHyQAA@Z8M';
    23. 

  23. 

  24.         \Log::info('[CheckSign]请求的request参数:', $request->all());
    25. 

  25.         if($this->oldSignPass($request, $key) || $this->newSignPass($request, $key)) {
    26. 

  26.             return $next($request);
    27. 

  27.         } else {
    28. 

  28.             return response()->error('QAPP_SIGN_ERROR');
    29. 

  29.         }
    30. 

  30.     }
    31. 

  31. 

  32.     private function oldSignPass($request, $key) {
    33. 

  33.         $params    = $request->except(['_url']);
    34. 

  34.         $timestamp = $request->post('timestamp', 0);
    35. 

  35.         $sign      = $request->post('sign', '');
    36. 

  36.         $backendSign = _sign($params, $key);
    37. 

  37. //         \Log::info('[CheckSign]旧版校验sign:', [
    38. 

  38. //             'front_sign' => $sign,
    39. 

  39. //             'backend_sign' => $backendSign,
    40. 

  40. //             'device_no' => $request->input('device_no', ''),
    41. 

  41. //             'X-Version' => $request->header('X-Version', ''),
    42. 

  42. //             'package' => $request->input('package', ''),
    43. 

  43. //         ]);
    44. 

  44.         if ($timestamp && time() - $timestamp <= (SysConsts::ONE_HOUR_SECONDS * 10) && $sign == $backendSign) {
    45. 

  45. //             \Log::info('[CheckSign]旧版校验通过');
    46. 

  46.             return true;
    47. 

  47.         } else {
    48. 

  48. //             \Log::info('[CheckSign]旧版校验没有通过');
    49. 

  49.             return false;
    50. 

  50.         }
    51. 

  51.     }
    52. 

  52. 

  53.     private function newSignPass($request, $key) {
    54. 

  54.         $params = $request->except(['_url', 'device_info']);
    55. 

  55.         $timestamp = $request->post('timestamp', 0);
    56. 

  56.         $sign      = $request->post('sign', '');
    57. 

  57.         $backendSign = _sign($params, $key);
    58. 

  58. //         \Log::info('[CheckSign]新版校验sign:', [
    59. 

  59. //             'front_sign' => $sign,
    60. 

  60. //             'backend_sign' => $backendSign,
    61. 

  61. //             'device_no' => $request->input('device_no', ''),
    62. 

  62. //             'X-Version' => $request->header('X-Version', ''),
    63. 

  63. //             'package' => $request->input('package', ''),
    64. 

  64. //         ]);
    65. 

  65.         if ($timestamp && time() - $timestamp <= (SysConsts::ONE_HOUR_SECONDS * 10) && $sign == $backendSign) {
    66. 

  66. //             \Log::info('[CheckSign]新版校验通过');
    67. 

  67.             return true;
    68. 

  68.         } else {
    69. 

  69. //             \Log::info('[CheckSign]新版校验没有通过');
    70. 

  70.             return false;
    71. 

  71.         }
    72. 

  72.     }
    73. 

  73. }
    74.