xioayue
/
btgym_php
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

请求参数。请求限制,参数校验

master
wanghongjun 3 years ago
parent
6621900d61
commit
2e19fc84e0
3 changed files with 42 additions and 37 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 47
      source/application/api/controller/Controller.php
  2. 2
      source/application/api/controller/library/Pass.php
  3. 26
      source/application/api/controller/pass/Create.php

47
source/application/api/controller/Controller.php
View File

@ -15,6 +15,7 @@ class Controller extends \think\Controller
{ {
const JSON_SUCCESS_STATUS = 1; const JSON_SUCCESS_STATUS = 1;
const JSON_ERROR_STATUS = 0; const JSON_ERROR_STATUS = 0;
protected $token = '9c4cb25665cf08667c815420ab383cb5';
/* @ver $wxapp_id 小程序id */ /* @ver $wxapp_id 小程序id */
// protected $wxapp_id; // protected $wxapp_id;
@ -26,20 +27,46 @@ class Controller extends \think\Controller
*/ */
public function _initialize() public function _initialize()
{ {
/*
$config = config('api_config'); $config = config('api_config');
// foreach ($config['access_control_allow_origin'] as $value) { foreach ($config['access_control_allow_origin'] as $value) {
// header("Access-Control-Allow-Origin: ".$value); header("Access-Control-Allow-Origin: ".$value);
// } }
header("Access-Control-Allow-Origin: http://192.168.66.254:8080");
header("Access-Control-Allow-Origin: http://192.168.66.254:8081"); header("Access-Control-Allow-Origin:*");
#header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE"); header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE");
header("Access-Control-Allow-Headers: Content-Type"); header("Access-Control-Allow-Headers: Content-Type");
header("Access-Control-Allow-Credentials: true"); header("Access-Control-Allow-Credentials: true");
// 当前小程序id */
// $this->wxapp_id = $this->getWxappId(); }
// // 验证当前小程序状态
// $this->checkWxapp(); /**
* 获取请求token
* @return mixed
* @throws BaseException
*/
protected function validateToken()
{
$signature = $this->request->param('signature');
if (empty($signature)) {
throw new BaseException(['msg' => '缺少必要的参数:signature']);
} else {
$data = $this->request->param('data');
$encrypt = $this->request->param('encrypt');
$date = (int)date("d");
$new_signature = md5($this->token . ($date % 2) . md5($data));
if ($new_signature !== $signature) {
throw new BaseException(['msg' => '数据校验失败']);
}
if (empty($data)) {
throw new BaseException('缺少必要参数:data');
}
$data_json = $encrypt ? $data : base64_decode($data);
$dataArr = json_decode(html_entity_decode($data_json),true);
if (empty($dataArr)) throw new BaseException('data参数不能为空');
if (!is_array($dataArr)) throw new BaseException('data参数类型错误');
}
} }
/** /**

2
source/application/api/controller/library/Pass.php
View File

@ -46,6 +46,7 @@ class Pass extends Controller
*/ */
public function create() public function create()
{ {
$this->validateToken();
$data_json = $this->request->param('data'); $data_json = $this->request->param('data');
$data = json_decode(html_entity_decode($data_json),true); $data = json_decode(html_entity_decode($data_json),true);
@ -229,6 +230,7 @@ class Pass extends Controller
*/ */
public function createLibraryLease() public function createLibraryLease()
{ {
$this->validateToken();
$data_json = $this->request->param('data'); $data_json = $this->request->param('data');
$data = json_decode(html_entity_decode($data_json),true); $data = json_decode(html_entity_decode($data_json),true);

26
source/application/api/controller/pass/Create.php
View File

@ -19,32 +19,8 @@ class Create extends Controller
*/ */
public function _initialize() public function _initialize()
{ {
// $this->getToken(); $this->validateToken();
} }
/**
* 获取请求token
* @return mixed
* @throws BaseException
*/
private function getToken()
{
if (!$token = $this->request->param('token')) {
throw new BaseException(['msg' => '缺少必要的参数:token']);
}
$validateToken = md5($this->token . date('Ymd'));
if ($validateToken != $token) {
throw new BaseException(['msg' => '错误参数:token']);
}
if (!$data = $this->request->param('data')) {
throw new BaseException(['msg' => '缺少必要的参数:data']);
} else {
$data = json_decode(html_entity_decode(base64_decode($data)),true);
if (empty($data)) throw new BaseException(['msg' => '参数为空:data']);
if (!is_array($data)) throw new BaseException(['msg' => '数据有误:data']);
}
}
/** /**
* 创建客流统计数据 * 创建客流统计数据
* @return array * @return array

Write Preview
Loading…
Cancel
Save