From 2e19fc84e053d10fe8739607794a2074a189514f Mon Sep 17 00:00:00 2001
From: wanghongjun <1445693971@qq,com>
Date: Wed, 2 Aug 2023 10:42:37 +0800
Subject: [PATCH] =?UTF-8?q?=E8=AF=B7=E6=B1=82=E5=8F=82=E6=95=B0=E3=80=82?=
 =?UTF-8?q?=E8=AF=B7=E6=B1=82=E9=99=90=E5=88=B6=EF=BC=8C=E5=8F=82=E6=95=B0?=
 =?UTF-8?q?=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../application/api/controller/Controller.php | 47 +++++++++++++++----
 .../api/controller/library/Pass.php           |  2 +
 .../api/controller/pass/Create.php            | 30 ++----------
 3 files changed, 42 insertions(+), 37 deletions(-)

diff --git a/source/application/api/controller/Controller.php b/source/application/api/controller/Controller.php
index 79dd99e..339ab51 100644
--- a/source/application/api/controller/Controller.php
+++ b/source/application/api/controller/Controller.php
@@ -15,6 +15,7 @@ class Controller extends \think\Controller
 {
     const JSON_SUCCESS_STATUS = 1;
     const JSON_ERROR_STATUS = 0;
+    protected $token = '9c4cb25665cf08667c815420ab383cb5';
 
     /* @ver $wxapp_id 小程序id */
     // protected $wxapp_id;
@@ -26,20 +27,46 @@ class Controller extends \think\Controller
      */
     public function _initialize()
     {
+        /*
         $config = config('api_config');
-//        foreach ($config['access_control_allow_origin'] as $value) {
-//            header("Access-Control-Allow-Origin: ".$value);
-//        }
-        header("Access-Control-Allow-Origin: http://192.168.66.254:8080");
-        header("Access-Control-Allow-Origin: http://192.168.66.254:8081");
-        #header("Access-Control-Allow-Origin: *");
+        foreach ($config['access_control_allow_origin'] as $value) {
+            header("Access-Control-Allow-Origin: ".$value);
+        }
+
+	header("Access-Control-Allow-Origin:*");
         header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE");
         header("Access-Control-Allow-Headers: Content-Type");
         header("Access-Control-Allow-Credentials: true");
-        // 当前小程序id
-//        $this->wxapp_id = $this->getWxappId();
-//        // 验证当前小程序状态
-//        $this->checkWxapp();
+	*/
+    }
+
+    /**
+     * 获取请求token
+     * @return mixed
+     * @throws BaseException
+     */
+    protected function validateToken()
+    {
+        $signature = $this->request->param('signature');
+
+        if (empty($signature)) {
+            throw new BaseException(['msg' => '缺少必要的参数：signature']);
+        } else {
+            $data = $this->request->param('data');
+            $encrypt = $this->request->param('encrypt');
+            $date = (int)date("d");
+            $new_signature = md5($this->token . ($date % 2) . md5($data));
+            if ($new_signature !== $signature) {
+                throw new BaseException(['msg' => '数据校验失败']);
+            }
+            if (empty($data)) {
+                throw new BaseException('缺少必要参数：data');
+            }
+            $data_json = $encrypt ? $data : base64_decode($data);
+            $dataArr = json_decode(html_entity_decode($data_json),true);
+            if (empty($dataArr)) throw new BaseException('data参数不能为空');
+            if (!is_array($dataArr)) throw new BaseException('data参数类型错误');
+        }
     }
 
     /**
diff --git a/source/application/api/controller/library/Pass.php b/source/application/api/controller/library/Pass.php
index 89cc9d9..6e20e3f 100644
--- a/source/application/api/controller/library/Pass.php
+++ b/source/application/api/controller/library/Pass.php
@@ -46,6 +46,7 @@ class Pass extends Controller
      */
     public function create()
     {
+        $this->validateToken();
 
         $data_json = $this->request->param('data');
         $data = json_decode(html_entity_decode($data_json),true);
@@ -229,6 +230,7 @@ class Pass extends Controller
      */
     public function createLibraryLease()
     {
+        $this->validateToken();
 
         $data_json = $this->request->param('data');
         $data = json_decode(html_entity_decode($data_json),true);
diff --git a/source/application/api/controller/pass/Create.php b/source/application/api/controller/pass/Create.php
index d84efce..9a88448 100644
--- a/source/application/api/controller/pass/Create.php
+++ b/source/application/api/controller/pass/Create.php
@@ -19,32 +19,8 @@ class Create extends Controller
      */
     public function _initialize()
     {
-        // $this->getToken();
+        $this->validateToken();
     }
-
-    /**
-     * 获取请求token
-     * @return mixed
-     * @throws BaseException
-     */
-    private function getToken()
-    {
-        if (!$token = $this->request->param('token')) {
-            throw new BaseException(['msg' => '缺少必要的参数：token']);
-        }
-        $validateToken = md5($this->token . date('Ymd'));
-        if ($validateToken != $token) {
-            throw new BaseException(['msg' => '错误参数：token']);
-        }
-        if (!$data = $this->request->param('data')) {
-            throw new BaseException(['msg' => '缺少必要的参数：data']);
-        } else {
-            $data = json_decode(html_entity_decode(base64_decode($data)),true);
-            if (empty($data)) throw new BaseException(['msg' => '参数为空：data']);
-            if (!is_array($data)) throw new BaseException(['msg' => '数据有误：data']);
-        }
-    }
-
     /**
      * 创建客流统计数据
      * @return array
@@ -63,8 +39,8 @@ class Create extends Controller
             $queryWhere = ['groupId' => $val['groupId'],'granularity' => $val['granularity'],'statTime' => $val['statTime']];
             $query = $dm->find('bt_passenger_flow',$queryWhere);
 		
-	    $groupRes = $dm->find('bt_passenger_monitor_group',['groupId' => $val['groupId']]);
-	    $groupName = isset($groupRes['groupName']) ? $groupRes['groupName']:$val['groupName'];
+	        $groupRes = $dm->find('bt_passenger_monitor_group',['groupId' => $val['groupId']]);
+	        $groupName = isset($groupRes['groupName']) ? $groupRes['groupName']:$val['groupName'];
 
             $insert_arr = [
                 'groupId'           => $val['groupId'],