Skip to content

Cong.Zhao / musician-api.hikoon.com

Go to a project
Toggle navigation
Toggle navigation pinning
Switch branch/tag
CheckSignature.php 3.03 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 
<?php

namespace App\Http\Middleware;

use App\Helper\ErrorCode;
use App\Helper\RedisClient;
use App\Helper\Response;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Arr;

class CheckSignature
{
    //access_token前缀
    const TOKEN_PREFIX = "access_token:";
    //timestamp有效时间
    const TIMESTAMP_LIMIT = 60;
    //nonce前缀
    const NONCE_PREFIX = 'nonce:';

    /**
     * Handle an incoming request.
     *
     * @param Request $request
     * @param Closure $next
     * @return \Illuminate\Http\JsonResponse|mixed
     */
    public function handle(Request $request, Closure $next)
    {
        //检查参数
        if (!$request->has('access_token')) {
            return Response::successWithCode(ErrorCode::MISSING_ACCESS_TOKEN, ErrorCode::$messages[ErrorCode::MISSING_ACCESS_TOKEN]);
        }

        if (!$request->has('client_id')) {
            return Response::successWithCode(ErrorCode::MISSING_CLIENT_ID, ErrorCode::$messages[ErrorCode::MISSING_CLIENT_ID]);
        }

        if (!$request->has('timestamp')) {
            return Response::successWithCode(ErrorCode::MISSING_TIMESTAMP, ErrorCode::$messages[ErrorCode::MISSING_TIMESTAMP]);
        }

        if (!$request->has('nonce')) {
            return Response::successWithCode(ErrorCode::MISSING_NONCE, ErrorCode::$messages[ErrorCode::MISSING_NONCE]);
        }

        if (!$request->filled('client_id') || !$request->filled('timestamp') || !$request->filled('nonce') || !$request->filled('access_token')) {
            return Response::successWithCode(ErrorCode::EMPTY_PARAMS, ErrorCode::$messages[ErrorCode::EMPTY_PARAMS]);
        }

        $params = $request->all();
        $redis = RedisClient::instance();

        //验证token
        $token_key = self::TOKEN_PREFIX . $params['access_token'];
        if ($redis->exists($token_key)) {
            if ($params['client_id'] != $redis->get($token_key)) {
                return Response::successWithCode(ErrorCode::INVALID_ACCESS_TOKEN, ErrorCode::$messages[ErrorCode::INVALID_ACCESS_TOKEN]);
            }
        }
        //验证签名
        $only = Arr::only($params, ['client_id', 'timestamp', 'nonce']);
        sort($only, SORT_STRING);
        $tmpStr = sha1(join('&', $only));
        if ($params['signature'] != $tmpStr) {
            return Response::successWithCode(ErrorCode::INVALID_SIGNATURE, ErrorCode::$messages[ErrorCode::INVALID_SIGNATURE]);
        }
        //防重放机制
        //检查时间戳是否有效
        if (time() > $params['timestamp'] + self::TIMESTAMP_LIMIT) {
            return Response::successWithCode(ErrorCode::INVALID_TIMESTAMP, ErrorCode::$messages[ErrorCode::INVALID_TIMESTAMP]);
        }
        //随机数是否已被使用
        $key_nonce = self::NONCE_PREFIX . $params['nonce'];
        if ($redis->exists($key_nonce)) {
            return Response::successWithCode(ErrorCode::INVALID_NONCE, ErrorCode::$messages[ErrorCode::INVALID_NONCE]);
        }
        $redis->setex($key_nonce, self::TIMESTAMP_LIMIT, $params['nonce']);

        return $next($request);
    }
}