接口签名

app/Http/Appadapter/Adapter.php

@@ -44,22 +44,23 @@ class Adapter
      * @param $appUsername
      * @param $password
      * @param $money
+     * @param $billno
      * @return array
      */
-    public function login($appid, $appUsername , $password, $money){
+    public function login($appid, $appUsername , $password, $money, $billno=''){
         return array('code' => 1, 'msg'=>'成功');
 
-        $result = array('code'=>-2, 'msg'=>'');
+        $result = array('code'=>-2, 'msg'=>'', 'data'=>array());
         if($appid == 1){//体育
             $config = ['name' => 'agentname', 'key' => 'agentkey', 'secret' => 'agentsecret'];
             $proxy = new Sport();
             $proxy->Init($config);
             $ret = $proxy->tg($appUsername, $password);
-            if($ret['key_error'] == 1){
+            if($ret['status'] == 1){
                 //转账
-                $ret2 = $proxy->ptc($appUsername, $password, '', $money, 'IN');
-                if($ret2['key_error'] != 1){
-                    $result = array('code'=>1, 'msg'=>'成功');
+                $ret2 = $proxy->ptc($appUsername, $password, $billno, $money, 'IN');
+                if($ret2['status'] == 1){
+                    $result = array('code'=>1, 'msg'=>'成功', 'data'=>$ret['data']);
                 }else{
                     $result = array('code'=>-1, 'msg'=>'服务器繁忙');
                 }

app/Http/Appadapter/PartySign.php

@@ -0,0 +1,108 @@
+<?php
+
+namespace App\Http\Appadapter;
+
+class PartySign
+{
+    private $secret = '';
+    public function __construct($secret)
+    {
+        $this->secret =$secret;
+    }
+
+    /**
+     * 发送POST请求
+     *
+     * @param unknown $url
+     * @param unknown $data
+     * @return boolean
+     */
+    public function api_notice_increment($url, $data)
+    {
+        $ch = curl_init();
+        $header = "Accept-Charset: utf-8";
+        curl_setopt($ch, CURLOPT_URL, $url);
+        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 6);
+        curl_setopt($ch, CURLOPT_TIMEOUT, 6);
+        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
+        curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; MSIE 5.01; Windows NT 5.0)');
+        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
+        curl_setopt($ch, CURLOPT_AUTOREFERER, 1);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+        $tmpInfo = curl_exec($ch);
+        if (curl_errno($ch)) {
+            return false;
+        } else {
+            return $tmpInfo;
+        }
+
+    }
+    /**
+     * 将数组$data进行签名
+     *
+     * 签名方式：md5
+     *
+     * @param array $data
+     * @return String 签名结果
+     */
+    public function signString($data) {
+        $data = is_array($data) ? $data : json_decode($data, true);
+        $data = $this->arraytolower($data);
+
+        $data =  ksort($data);    //根据键值对数组升序排序
+
+        $content = '';
+        foreach ($data as $k=>$val) {
+            $content .= $k .'='. $val;
+        }
+
+        $content .= $this->secret;
+        $token = md5($content);
+
+        return $token;
+    }
+
+    /**
+     * 验证签名
+     * @param array $receive
+     * @return boolean
+     */
+    public function checkSignature($data)
+    {
+        if(isset($data['token'])) {
+            $token = $data['token'];
+        } else {
+            return false;
+        }
+        unset($data['token']);
+
+        $data = $this->arraytolower($data);
+        $data =  ksort($data);    //根据键值对数组升序排序
+
+        $content = '';
+        foreach ($data as $k=>$val) {
+            $content .= $k .'='. $val;
+        }
+        $content .= $this->secret;
+        $mySignature = md5($content);
+
+        if($mySignature == $token) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+    /**
+     * 将数组$array的key全部转换为大写
+     */
+    public function arraytolower($array) {
+        $new = array();
+        foreach ($array as $key=>$val) {
+            $new[strtolower($key)] = $val;
+        }
+        return $new;
+    }
+}

app/Http/Controllers/Api/PartyController.php

@@ -112,9 +112,10 @@ class PartyController extends Controller
             }
 
             //调用内容方的登陆接口
-            $result = $adapter->login($appid, $appUsername, $req->input('password'), $money);
-            if($result['code'] != 1){
-                return toJson(-3, $result['msg'], []);
+            $billno = date('YmdHis', time()).rand(10000, 99999);
+            $appResult = $adapter->login($appid, $appUsername, $req->input('password'), $money, $billno);
+            if($appResult['code'] != 1){
+                return toJson(-3, $appResult['msg'], []);
             }
 
             DB::beginTransaction();
@@ -146,6 +147,7 @@ class PartyController extends Controller
                 'app_username' => $appUsername,
                 'party_id' =>$partyInfo['id'],
                 'party_username' => $partyUserName,
+                'billno' => $billno,
                 //'ctime' =>now()
             ]);
             if($result === false){
@@ -160,7 +162,6 @@ class PartyController extends Controller
 
             return toJson($code, $msg, []);
         } catch (Exception $e) {
-            var_dump($e);die;
             return toJson($code, $msg, []);
         }
 
@@ -188,7 +189,7 @@ class PartyController extends Controller
             return $arr;
         }
         if(empty($req->input('appid'))){
-            $arr['msg'] = '请输如appid';
+            $arr['msg'] = '请输入appid';
             return $arr;
         }
         if(!preg_match('/^[0-9]{1,8}(.[0-9]{1,2})?$/', $req->input('money'))){

app/Http/Controllers/Sys/AppController.php

@@ -8,8 +8,9 @@ use App\Http\Controllers\Controller;
 use \App\Http\Models;
 use Illuminate\Support\Facades\DB;
 use \Exception;
+use App\Http\Appadapter\PartySign;
 
-/**
+    /**
  * 第三方管理类
  */
 class AppController extends Controller
@@ -96,4 +97,13 @@ class AppController extends Controller
     }
 
 
+    public function getToken(Request $request){
+
+        $data = $request->input();
+        $secret = 'abcds';
+        $partySign = new PartySign($secret);
+        $data = $partySign->signString($data);
+        return $data;
+    }
+
 }

app/Http/Middleware/authJWT.php

@@ -2,7 +2,9 @@
 
 namespace App\Http\Middleware;
 
+use App\Http\Appadapter\PartySign;
 use Closure;
+use \App\Http\Models;
 
 class authJWT
 {
@@ -15,35 +17,24 @@ class authJWT
      */
     public function handle($request, Closure $next)
     {
-
         try {
+            $data = $request->input();
 
-            // 如果用户登陆后的所有请求没有jwt的token抛出异常
-            $token = $request->input('token');
-            if(empty($token)){
-                return toJson(-30001);
-            }
-
-            $myToken = $this->createToken($request);
-            if($token != $myToken){
+            $secret = $this->getToken($data['key']);
+            $partySign = new PartySign($secret);
+            if(!$partySign->checkSignature($data)) {
                 return toJson(-30001);
             }
-
         } catch (Exception $e) {
             return toJson(-30001);
         }
         return $next($request);
     }
 
-    private function createToken($request){
-        $key = $request->input('key');
-        $secret = \App\Models\Party::where('key', $key)->first()['secret'];
-        if(empty($secret)){
-            return false;
-        }
-
-        $token = md5($key.$secret);
-        return $token;
+    private function getToken($key){
+        $partyModel = new Models\Party;
+        $partyInfo = $partyModel->where('key', $key)->first();
+        return $partyInfo['secret'];
     }
 
 }

routes/sys.php

@@ -0,0 +1,30 @@
+<?php
+
+use Illuminate\Http\Request;
+
+/*
+|--------------------------------------------------------------------------
+| API Routes
+|--------------------------------------------------------------------------
+|
+| Here is where you can register API routes for your application. These
+| routes are loaded by the RouteServiceProvider within a group which
+| is assigned the "api" middleware group. Enjoy building your API!
+|
+*/
+
+
+/*Route::any('/{class}/{action}', function ( $class, $action) {
+    $module='api';
+	return appExec($module, $class, $action);
+})->middleware('auth.jwt');*/
+
+/*Route::group(['namespace'=>'Sys','prefix'=>'sys','middleware'=>''],function () {
+    echo 432;die;
+    Route::post('app/loginOut','AppController@loginOut')->name('sys.app.loginOut')->middleware();
+});*/
+
+// Route::middleware('auth:api')->get('/user', function (Request $request) {
+    
+//     return $request->user();
+// });