Accueil Explorer Aide
S'inscrire Connexion
lizhen
/
lejian
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 2ca9ad68ce
Branches Tags
lejian
/
application
/
utils
/
CheckSignUtil.php

CheckSignUtil.php 2.1 KB
Historique Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. <?php
    2. 

  2. 

  3. namespace app\utils;
    4. 

  4. 

  5. use think\Request;
    6. 

  6. 

  7. /**
    8. 

  8.  * 校验sign 校验签名,防止刷重要接口
    9. 

  9.  */
    10. 

  10. class CheckSignUtil{
    11. 

  11. 

  12.     /**
    13. 

  13.      * 校验接口名单
    14. 

  14.      */
    15. 

  15.     const hitList = [
    16. 

  16.         'api/gift/givegift_typing',// 聊天赠送礼物
    17. 

  17.         'api/usercenter/chat_once',// 文字聊天扣费
    18. 

  18.         'api/usercenter/voice_onemin',// 语音聊天扣费
    19. 

  19.         'api/usercenter/videochat_onemin',// 视频聊天扣费
    20. 

  20.     ];
    21. 

  21. 

  22.     /**
    23. 

  23.      * 失效时间 单位 seconds
    24. 

  24.      */
    25. 

  25.     const deadTime = 150;
    26. 

  26. 

  27.     /**
    28. 

  28.      * 校验签名
    29. 

  29.      * @param $path
    30. 

  30.      * @param $token
    31. 

  31.      * @param $sign
    32. 

  32.      * @return array
    33. 

  33.      */
    34. 

  34.     public static function check($path,$token,$sign): array
    35. 

  35.     {
    36. 

  36.         if (!in_array($path,self::hitList)){
    37. 

  37.             return [true,'success'];
    38. 

  38.         }
    39. 

  39. 

  40.         if (empty($sign)){
    41. 

  41.             return [false,'签名缺失!'];
    42. 

  42.         }
    43. 

  43. 

  44.         // 签名解密
    45. 

  45.         $rsa = new RsaUtil();
    46. 

  46.         $sign = $rsa->privateDecrypt($sign);
    47. 

  47.         if (!$sign || !$sign = json_decode($sign,true)){
    48. 

  48.             return [false,'签名错误!'];
    49. 

  49.         }
    50. 

  50. 

  51.         if (empty($sign['token']) || empty($sign['timestamp']) || empty($sign['timezone'])){
    52. 

  52.             return [false,'签名参数错误!'];
    53. 

  53.         }
    54. 

  54. 

  55.         if ($token != $sign['token']){
    56. 

  56.             return [false,'签名参数校验错误!'];
    57. 

  57.         }
    58. 

  58. 

  59.         if ($token != $sign['token']){
    60. 

  60.             return [false,'签名参数校验错误!'];
    61. 

  61.         }
    62. 

  62. 

  63.         // 根据客户端 时区 校验时间戳
    64. 

  64.         $now = new \DateTime(null, new \DateTimeZone((string)$sign['timezone']));
    65. 

  65.         $time = (int)($now->format('U'));
    66. 

  66. 

  67.         // 如果 前端请求时间戳异常,则认为 请求被篡改 或 请求超时
    68. 

  68.         if ($sign['timestamp'] <= ($time - self::deadTime)){
    69. 

  69.             return [false,'签名过期,请求已过期!'];
    70. 

  70.         }
    71. 

  71. 

  72.         // 请求唯一key
    73. 

  73.         $key = md5($sign['token'] . '_' .((string)$sign['timestamp']));
    74. 

  74. 

  75.         // redis 重复请求
    76. 

  76.         if (!RedisUtil::getInstance('check_sign_lock',$key)->tryTimes(self::deadTime,1)) {
    77. 

  77.             return [false,'点的太快啦!'];
    78. 

  78.         }
    79. 

  79. 

  80.         return [true,'success'];
    81. 

  81.     }
    82. 

  82. 

  83. }
    84.