|
@@ -48,10 +48,10 @@ class EncryptMiddleware
|
|
|
return JsonService::fail('缺少必要的认证参数', [], 401);
|
|
return JsonService::fail('缺少必要的认证参数', [], 401);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-// // 验证时间戳(防重放攻击,5分钟内有效)
|
|
|
|
|
-// if (abs(time() - $timestamp) > 300) {
|
|
|
|
|
-// return JsonService::fail('请求时间戳无效', [], 401);
|
|
|
|
|
-// }
|
|
|
|
|
|
|
+ // 验证时间戳(防重放攻击,5分钟内有效)
|
|
|
|
|
+ if (abs(time() - $timestamp) > 300) {
|
|
|
|
|
+ return JsonService::fail('请求时间戳无效', [], 401);
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
// 验证应用信息
|
|
// 验证应用信息
|
|
|
$appInfo = OpenApiService::getAppInfo($appId);
|
|
$appInfo = OpenApiService::getAppInfo($appId);
|
|
@@ -71,14 +71,14 @@ class EncryptMiddleware
|
|
|
outFileLog($appInfo['app_secret'],'sign','app_secret');
|
|
outFileLog($appInfo['app_secret'],'sign','app_secret');
|
|
|
outFileLog($timestamp,'sign','$timestamp');
|
|
outFileLog($timestamp,'sign','$timestamp');
|
|
|
outFileLog($nonce,'sign','$nonce');
|
|
outFileLog($nonce,'sign','$nonce');
|
|
|
-// if (!OpenApiService::verifySignature($params, $appInfo['app_secret'], $timestamp, $nonce, $signature)) {
|
|
|
|
|
-// return JsonService::fail('签名验证失败', [], 401);
|
|
|
|
|
-// }
|
|
|
|
|
|
|
+ if (!OpenApiService::verifySignature($params, $appInfo['app_secret'], $timestamp, $nonce, $signature)) {
|
|
|
|
|
+ return JsonService::fail('签名验证失败', [], 401);
|
|
|
|
|
+ }
|
|
|
//
|
|
//
|
|
|
-// // 验证随机数(防重复攻击)
|
|
|
|
|
-// if (!OpenApiService::verifyNonce($appId, $nonce, $timestamp)) {
|
|
|
|
|
-// return JsonService::fail('重复的请求', [], 401);
|
|
|
|
|
-// }
|
|
|
|
|
|
|
+ // 验证随机数(防重复攻击)
|
|
|
|
|
+ if (!OpenApiService::verifyNonce($appId, $nonce, $timestamp)) {
|
|
|
|
|
+ return JsonService::fail('重复的请求', [], 401);
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
// 将应用信息传递给控制器
|
|
// 将应用信息传递给控制器
|
|
|
$request->appInfo = $appInfo;
|
|
$request->appInfo = $appInfo;
|
