molong/sentcms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

接口基类完善

Browse Source
This commit is contained in:
molong
2017-11-10 11:31:22 +08:00
parent 4b020b8710
commit 477cd0b3ef
3 changed files with 88 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
application/api/controller/Auth.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
// +----------------------------------------------------------------------
// | SentCMS [ WE CAN DO IT JUST THINK IT ]
// +----------------------------------------------------------------------
// | Copyright (c) 2013 http://www.tensent.cn All rights reserved.
// +----------------------------------------------------------------------
// | Author: molong <molong@tensent.cn> <http://www.tensent.cn>
// +----------------------------------------------------------------------
namespace app\Api\controller;
use app\common\controller\Api;
class Auth extends Api {
public function login(){
if (!$this->request->post('username')) {
$this->data['msg'] = "用户名不能为空!";
return $this->data;
}
if (!$this->request->post('password')) {
$this->data['msg'] = "密码不能为空!";
return $this->data;
}
$user = model('User')->feild('uid,username,password,salt')->where('username', $this->request->post('username'))->find();
if ($user['password'] === md5($this->request->post('password').$user['salt'])) {
$this->data['code'] = 1;
$user['access_token'] = authcode($user['uid'].'|'.$user['username'].'|'.$user['password'], 'ENCODE');
$this->data['data'] = $user;
}else{
$this->data['msg'] = "密码错误!";
}
return $this->data;
}
}

9
application/api/controller/User.php
View File

@@ -12,14 +12,9 @@ use app\common\controller\Api;
class User extends Api { class User extends Api {
public function login(){ public function getuser(){
//$this->data['code'] = 1;
return $this->data;
}
public function getuser(\think\Request $request){
$this->data['code'] = 1; $this->data['code'] = 1;
$this->data['data'] = db('Member')->where('uid', $request->param('uid'))->find(); $this->data['data'] = db('Member')->where('uid', $this->request->param('uid'))->find();
return $this->data; return $this->data;
} }
} }

69
application/common/controller/Api.php
View File

@@ -11,30 +11,41 @@ namespace app\common\controller;
class Api { class Api {
protected $data; protected $data = array('code' => 0, 'msg' => '', 'time' => 0, 'data' => '');
protected $mustToken = false; //是否检查用户行为
protected $user = array(); //用户信息
protected $client; //客户端信息
protected $request;
public function __construct() { public function __construct(\think\Request $request) {
header("Access-Control-Allow-Origin: *"); $this->setHeader();
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS"); $this->request = $request;
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization"); $this->data['time'] = time();
$header = getallheaders(); if ($this->request->isOptions()){
$this->data = array('code' => 0, 'msg' => '', 'time' => time(), 'data' => ''); exit('OK');
$isCheck = $this->checkToken($header); }
$url = request()->module() . '/' . request()->controller() . '/' . request()->action(); $header = $this->request->header();
if (!$isCheck && 'api/index/gettoken' !== strtolower($url)) {
if (!$this->checkAuthor($header)) { //检查客户端接口是否可接入
$this->data['code'] = '301'; $this->data['code'] = '301';
$this->data['data'] = '非法请求!'; $this->data['data'] = '非法请求!';
echo json_encode($this->data); echo json_encode($this->data);exit();
exit(); }
if ($this->mustToken) {
if ($this->checkToken($header)) {
$this->data['code'] = '201';
$this->data['data'] = '用户登录信息失效,请重登!';
echo json_encode($this->data);exit();
}
} }
} }
protected function checkToken($header){ protected function checkAuthor($header){
if (isset($header['Authorization']) && $header['Authorization']) { if (isset($header['authorization']) && $header['authorization']) {
$token = authcode($header['Authorization']); list($appid, $sign) = explode('{|}', $header['authorization']);
list($appid, $appsecret, $currentTime) = explode('|', $token); $this->client = db('Client')->where('appid', $appid)->find();
$client = db('Client')->where('appid', $appid)->where('appsecret', $appsecret)->value('id'); if ($sign == md5($this->client['appid'].$this->client['appsecret'])) {
if ($client && ($currentTime+86400) < time()) {
return true; return true;
}else{ }else{
return false; return false;
@@ -43,4 +54,26 @@ class Api {
return false; return false;
} }
} }
protected function checkToken($header){
if (isset($header['access_token']) && $header['access_token']) {
$token = authcode($header['access_token']);
list($uid, $username, $password) = explode('|', $token);
$this->user = model('User')->where('uid', $uid)->where('username', $username)->find();
if ($this->user && $password === $this->user['password']) {
return true;
}else{
$this->user = array();
return false;
}
}else{
return false;
}
}
protected function setHeader(){
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, access_token");
}
} }