请求参数。请求限制，参数校验

3 years ago · 2e19fc84e0
3 changed files with 42 additions and 37 deletions
--- a/source/application/api/controller/Controller.php
+++ b/source/application/api/controller/Controller.php
@ -15,6 +15,7 @@ class Controller extends \think\Controller
 {
    const JSON_SUCCESS_STATUS = 1;
    const JSON_ERROR_STATUS = 0;
+    protected $token = '9c4cb25665cf08667c815420ab383cb5';

    /* @ver $wxapp_id 小程序id */
    // protected $wxapp_id;
@ -26,20 +27,46 @@ class Controller extends \think\Controller
     */
    public function _initialize()
    {
+        /*
        $config = config('api_config');
-//        foreach ($config['access_control_allow_origin'] as $value) {
-//            header("Access-Control-Allow-Origin: ".$value);
-//        }
-        header("Access-Control-Allow-Origin: http://192.168.66.254:8080");
-        header("Access-Control-Allow-Origin: http://192.168.66.254:8081");
-        #header("Access-Control-Allow-Origin: *");
+        foreach ($config['access_control_allow_origin'] as $value) {
+            header("Access-Control-Allow-Origin: ".$value);
+        }
+
+	header("Access-Control-Allow-Origin:*");
        header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE");
        header("Access-Control-Allow-Headers: Content-Type");
        header("Access-Control-Allow-Credentials: true");
-        // 当前小程序id
-//        $this->wxapp_id = $this->getWxappId();
-//        // 验证当前小程序状态
-//        $this->checkWxapp();
+	*/
+    }
+
+    /**
+     * 获取请求token
+     * @return mixed
+     * @throws BaseException
+     */
+    protected function validateToken()
+    {
+        $signature = $this->request->param('signature');
+
+        if (empty($signature)) {
+            throw new BaseException(['msg' => '缺少必要的参数：signature']);
+        } else {
+            $data = $this->request->param('data');
+            $encrypt = $this->request->param('encrypt');
+            $date = (int)date("d");
+            $new_signature = md5($this->token . ($date % 2) . md5($data));
+            if ($new_signature !== $signature) {
+                throw new BaseException(['msg' => '数据校验失败']);
+            }
+            if (empty($data)) {
+                throw new BaseException('缺少必要参数：data');
+            }
+            $data_json = $encrypt ? $data : base64_decode($data);
+            $dataArr = json_decode(html_entity_decode($data_json),true);
+            if (empty($dataArr)) throw new BaseException('data参数不能为空');
+            if (!is_array($dataArr)) throw new BaseException('data参数类型错误');
+        }
    }

    /**
--- a/source/application/api/controller/library/Pass.php
+++ b/source/application/api/controller/library/Pass.php
@ -46,6 +46,7 @@ class Pass extends Controller
     */
    public function create()
    {
+        $this->validateToken();

        $data_json = $this->request->param('data');
        $data = json_decode(html_entity_decode($data_json),true);
@ -229,6 +230,7 @@ class Pass extends Controller
     */
    public function createLibraryLease()
    {
+        $this->validateToken();

        $data_json = $this->request->param('data');
        $data = json_decode(html_entity_decode($data_json),true);
--- a/source/application/api/controller/pass/Create.php
+++ b/source/application/api/controller/pass/Create.php
@ -19,32 +19,8 @@ class Create extends Controller
     */
    public function _initialize()
    {
-        // $this->getToken();
+        $this->validateToken();
    }
-
-    /**
-     * 获取请求token
-     * @return mixed
-     * @throws BaseException
-     */
-    private function getToken()
-    {
-        if (!$token = $this->request->param('token')) {
-            throw new BaseException(['msg' => '缺少必要的参数：token']);
-        }
-        $validateToken = md5($this->token . date('Ymd'));
-        if ($validateToken != $token) {
-            throw new BaseException(['msg' => '错误参数：token']);
-        }
-        if (!$data = $this->request->param('data')) {
-            throw new BaseException(['msg' => '缺少必要的参数：data']);
-        } else {
-            $data = json_decode(html_entity_decode(base64_decode($data)),true);
-            if (empty($data)) throw new BaseException(['msg' => '参数为空：data']);
-            if (!is_array($data)) throw new BaseException(['msg' => '数据有误：data']);
-        }
-    }
-
    /**
     * 创建客流统计数据
     * @return array
@ -63,8 +39,8 @@ class Create extends Controller
            $queryWhere = ['groupId' => $val['groupId'],'granularity' => $val['granularity'],'statTime' => $val['statTime']];
            $query = $dm->find('bt_passenger_flow',$queryWhere);
 		
-	    $groupRes = $dm->find('bt_passenger_monitor_group',['groupId' => $val['groupId']]);
-	    $groupName = isset($groupRes['groupName']) ? $groupRes['groupName']:$val['groupName'];
+	        $groupRes = $dm->find('bt_passenger_monitor_group',['groupId' => $val['groupId']]);
+	        $groupName = isset($groupRes['groupName']) ? $groupRes['groupName']:$val['groupName'];

            $insert_arr = [
                'groupId'           => $val['groupId'],