接口基类完善
This commit is contained in:
@@ -11,30 +11,41 @@ namespace app\common\controller;
|
||||
|
||||
class Api {
|
||||
|
||||
protected $data;
|
||||
protected $data = array('code' => 0, 'msg' => '', 'time' => 0, 'data' => '');
|
||||
protected $mustToken = false; //是否检查用户行为
|
||||
protected $user = array(); //用户信息
|
||||
protected $client; //客户端信息
|
||||
protected $request;
|
||||
|
||||
public function __construct() {
|
||||
header("Access-Control-Allow-Origin: *");
|
||||
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
|
||||
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization");
|
||||
$header = getallheaders();
|
||||
$this->data = array('code' => 0, 'msg' => '', 'time' => time(), 'data' => '');
|
||||
$isCheck = $this->checkToken($header);
|
||||
$url = request()->module() . '/' . request()->controller() . '/' . request()->action();
|
||||
if (!$isCheck && 'api/index/gettoken' !== strtolower($url)) {
|
||||
public function __construct(\think\Request $request) {
|
||||
$this->setHeader();
|
||||
$this->request = $request;
|
||||
$this->data['time'] = time();
|
||||
if ($this->request->isOptions()){
|
||||
exit('OK');
|
||||
}
|
||||
$header = $this->request->header();
|
||||
|
||||
if (!$this->checkAuthor($header)) { //检查客户端接口是否可接入
|
||||
$this->data['code'] = '301';
|
||||
$this->data['data'] = '非法请求!';
|
||||
echo json_encode($this->data);
|
||||
exit();
|
||||
echo json_encode($this->data);exit();
|
||||
}
|
||||
|
||||
if ($this->mustToken) {
|
||||
if ($this->checkToken($header)) {
|
||||
$this->data['code'] = '201';
|
||||
$this->data['data'] = '用户登录信息失效,请重登!';
|
||||
echo json_encode($this->data);exit();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
protected function checkToken($header){
|
||||
if (isset($header['Authorization']) && $header['Authorization']) {
|
||||
$token = authcode($header['Authorization']);
|
||||
list($appid, $appsecret, $currentTime) = explode('|', $token);
|
||||
$client = db('Client')->where('appid', $appid)->where('appsecret', $appsecret)->value('id');
|
||||
if ($client && ($currentTime+86400) < time()) {
|
||||
protected function checkAuthor($header){
|
||||
if (isset($header['authorization']) && $header['authorization']) {
|
||||
list($appid, $sign) = explode('{|}', $header['authorization']);
|
||||
$this->client = db('Client')->where('appid', $appid)->find();
|
||||
if ($sign == md5($this->client['appid'].$this->client['appsecret'])) {
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
@@ -43,4 +54,26 @@ class Api {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
protected function checkToken($header){
|
||||
if (isset($header['access_token']) && $header['access_token']) {
|
||||
$token = authcode($header['access_token']);
|
||||
list($uid, $username, $password) = explode('|', $token);
|
||||
$this->user = model('User')->where('uid', $uid)->where('username', $username)->find();
|
||||
if ($this->user && $password === $this->user['password']) {
|
||||
return true;
|
||||
}else{
|
||||
$this->user = array();
|
||||
return false;
|
||||
}
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
protected function setHeader(){
|
||||
header("Access-Control-Allow-Origin: *");
|
||||
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
|
||||
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, access_token");
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user