<?php
/**
* 接口基类文件
* author : php小组
*/
namespace Home\Controller;
use Think\FlException;
use Think\Controller;
use Think\Model;
class BaseController extends Controller{
protected $isCheck = true;//是否开启签名校验
protected $islimit = false;//是否开启接口访问次数限制
protected $isiplimit = false;//是否开启ip白名单
public function __construct(){
ob_end_clean();
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Headers: Origin, X-Requested-With,Pragma,User-Agent, Content-Type, Accept,token,sign,timestamp,version,source,sign");
header('Access-Control-Allow-Methods:POST');
$this->run();
}
//执行
public function run(){
$logs_model = D('Logs');//日志模型
$ask_auth_model = D('Askauth'); //请求授权校验模型
//调用默认response
$result=get_object_vars($ask_auth_model->getResponse());
//接受header参数--系统参数
$systemParam=$ask_auth_model->getAllHeadersParam();
//接受data数据--业务参数
$data =I("post.data");
$privatekey = C('apiKey_img');
try {
//参数判断
if(empty($systemParam['token']) || empty($systemParam['timestamp']) || empty($systemParam['version']) || empty($systemParam['sign']) || $systemParam['source']==='' ){
E("200000","参数错误");
}
if(empty($data)){
E("200001","参数错误");
}
if(empty($privatekey)){
E("200002","参数错误".$systemParam['token']);
}
$token = $systemParam['token'];//服务端分配的标识(不同客户端需使用不同的标识)
$timestamp = $systemParam['timestamp'];//时间戳,UTC时间,以北京时间东八区(+8)为准
$version = $systemParam['version'];//版本号
$sign = $systemParam['sign'];//签名
$source = $systemParam['source'];//来源(0安卓、1ios、2H5、3pc、4php 、5 java )
$data = json_decode(htmlspecialchars_decode($data),true);//业务参数json格式
if(empty($data)){
E("200003","data解析失败");
}
if($this->isCheck){//授权
$auth_result = $ask_auth_model->checkAuth($source,$data,$token,$timestamp,$version,$privatekey,$sign);
if($auth_result === false){
E("200006",'验签失败');
}
}
if($this->isiplimit){//开启ip白名单校验
//ip白名单校验
$ip_check_result= $ask_auth_model->illegalip();
if($ip_check_result == '2'){
E("200007",'非法的IP地址!');
}
}
//时间校验
$expire_second=C('expire_second');
$timestamp_t=$timestamp+$expire_second;
if($timestamp_t<time()){
E("200008",'请求已经过期');
}
if($this->islimit){//开启限制
//接口访问次数限制
$as_count_result= $ask_auth_model->ask_count();
if($as_count_result == '2'){
E("200009",'休息一下在访问吧!');
}
}
}catch (FlException $ex) {
$curCode=$ex->getErrorCode();
$curmsg=$ex->getMessage();
// todo add log
$return_data = ['status'=>'1','errorCode'=>$curCode,'msg'=>$curmsg,"result"=>null];
$source = empty($source)? '':$source;
$logs_model->Write_Log('请求error',$systemParam,$return_data,$from=$source);
$this->ajaxReturn($return_data);exit;
}
}
//请求成功,插入日志
public function api_log($return_data){
$logs_model = D('Logs');//日志模型
$ask_auth_model = D('Askauth'); //请求授权校验模型
//接受header参数--系统参数
$systemParam=$ask_auth_model->getAllHeadersParam();
$source = $systemParam['source'];//来源(0安卓、1ios、2H5、3pc、4php 、5 java )
$logs_model->Write_Log('success',$systemParam,$return_data,$from=$source);
}
/**********************************************************************/
}
?>
<?php
namespace Home\Controller;
use Think\Controller;
use Think\Model;
class UploadController extends BaseController {
public function index(){
$data = array('msg' =>"加载成功!" , 'status'=>'0','result'=>null);
$this->ajaxReturn($data);
}
/****
* 图片上传: 单图 from_data
* service_type --业务类型--必传:
* 1 前台 - 用户头像
* 2 管理后台 - 广告图片
* 3 管理后台 - 商品图片
* 4 管理管理后台 - 商品详情
* 5 前台 - 打款凭证(大额订单)
* 6 管理后台 - icon图标
* 7 前台 - 店铺logo
* 8 管理后台 - APP开屏广告
* 9 店铺二维码 - 前台
******/
public function file_one(){
$data = I("post.data");
$data = json_decode(htmlspecialchars_decode($data),true);//业务参数json格式
if(empty($data['service_type']) ){
//必传字段为空
$data = array('status' => '1','errorCode' => '300100', 'msg' =>"请选择业务类型",'result'=>null);
$this->ajaxReturn($data);
}
if(empty($_FILES['file_name'])){//请选择你要上传得文件
$data = array('status' => '1','errorCode' => '300101', 'msg' =>"请选择你要上传得文件",'result'=>null);
$this->ajaxReturn($data);
}
$ext = $data['ext'];
$receivename = $data['receivename'];
$service_type = $data['service_type'];
$size_check = false; //是否开启尺寸验证
$file_type = array('jpg', 'gif', 'png', 'jpeg','tmp');
$file_maxSize = '5242880'; //5M
$file_width = '100';
$file_height = '100';
switch ($service_type) {
case '1': //用户头像
$folder_path ="/server/user/";
$file_maxSize = '13631488'; //13M
break;
case '2': //广告图片: 文件命名不能带有ad : 小米会屏蔽
$folder_path ="/server/billboard/"; break;
case '3': //商品图片
$folder_path ="/server/goods/"; break;
case '4': //商品详情
$folder_path ="/server/detail/"; break;
case '5': //打款凭证(大额订单)
$folder_path ="/server/large/";
$file_maxSize='13631488'; //13M
break;
case '6': //icon图标
$folder_path ="/server/icon/"; break;
case '7': //店铺logo 前台
$folder_path ="/server/store/"; break;
case '8': //APP开屏广告
$folder_path ="/server/peacock/"; break;
case '9': //店铺二维码
$folder_path ="/server/qrcode/"; break;
case '10': //商品分类
$folder_path ="/server/goodcate/"; break;
case '11': //商品品牌
$folder_path ="/server/goodbrand/"; break;
case '12': //提现附件
$folder_path ="/server/annexes/"; break;
case '13': //富文本编辑器
$folder_path ="/server/text/"; break;
default:
$folder_path ='';break;
}
$Upload_model = D('Upload');
$result = $Upload_model->upload_put_img('file_name',$size_check,$file_type,$file_maxSize,$file_width,$file_height,$folder_path,$service_type,$ext,$receivename);
if($result['status'] == '1'){
$status = '1';
$errorCode = '300102';
$msg = $result['msg'];
$result = null;
}else{
$status = '0';
$errorCode = '0';
$msg = '操作成功!';
$result = array(
'filepath'=>$result['filepath'],
'fileview'=>$result['fileview']
);
}
$return_data = array('status'=>$status,'errorCode'=>$errorCode,'msg'=>$msg,'result'=>$result);
//写入请求日志
$this->api_log($return_data);
$this->ajaxReturn($return_data);
}
}
<?php
namespace Home\Model;
use Think\Model;
/****
* 请求授权模型
*/
class AskauthModel extends Model
{
Protected $autoCheckFields = false;
/**
* @title 签名函数
* @param $paramArr 系统参数
* @param $token TOKEN
* @return string 返回签名
*/
public function createSign ($paramArr,$apiKey) {
ksort($paramArr);
$sign='';
foreach ($paramArr as $key => $val) {
if ($key != '' && $val != '') {
$sign .= $key."=".$val."&";
}
}
$sign=rtrim($sign,"&");
$sign.=$apiKey;
$sign=strtolower($sign); //转为小写
$sign = md5($sign);
return $sign;
}
/**
* @title 校验
* @param $source TOKEN
* @param $data TOKEN
* @param $token TOKEN
* @param $timestamp TOKEN
* @param $version TOKEN
* @param $privatekey TOKEN
* @param $sign TOKEN
*/
public function checkAuth($source,$data,$token,$timestamp,$version,$privatekey,$sign){
if($source==2){
$datas=stripslashes(json_encode($data, JSON_UNESCAPED_UNICODE));
}else{
$datas=json_encode($data, JSON_UNESCAPED_UNICODE);
}
//系统参数
$paramArr=array(
'token'=>$token,
'timestamp'=>$timestamp,
'version'=>$version,
'source'=>$source,
'data'=>$datas,
);
//按规则拼接为字符串
$str = $this->createSign($paramArr,$privatekey);
// print_r($paramArr);
// print_r($str);
// echo "---";
// echo $sign;
// exit;
if($str !== $sign){
return false;
}
return true;
}
/**
* 获取所有 以 HTTP开头的header参数
* @return array
*/
public function getAllHeadersParam(){
$headers = array();
foreach($_SERVER as $key=>$value){
if(substr($key, 0, 5)==='HTTP_'){
$key = substr($key, 5);
$key = str_replace('_', ' ', $key);
$key = str_replace(' ', '-', $key);
$key = strtolower($key);
$headers[$key] = $value;
}
}
return $headers;
}
/**
* @desc 返回respon
*/
public function getResponse(){
$statsEntity=array(
"status"=>0,
"errorCode"=>0,
"msg"=>"成功",
"result"=>null
);
return $statsEntity;
}
/**
* 非法IP限制访问
* @param array $config
* @return void
*/
public function illegalip(){
$remote_ip = sys_get_client_ip();
$array_ip_allow = C('ip_allow');
if(in_array($remote_ip, $array_ip_allow)){
return 1; //true
}
return 2; //false
}
//限制请求接口次数
public function ask_count(){
$client_ip = sys_get_client_ip();
$ask_url = sys_GetCurUrl();
$limit_num = C('api_ask_limit'); //限制次数
$limit_time = C('api_ask_time'); //有效时间内,单位:秒
$now_time = time();
$youxiao_time = $now_time - $limit_time;
$ipwhere['creatime'] = array('EGT',date('Y-m-d H:i:s',$youxiao_time));
$ipwhere['ip_name'] = $client_ip;
$ipwhere['ask_url'] = $ask_url;
$check_result = M('log_ip_ask')->where($ipwhere)->count();
if($check_result !=='0'){
if($check_result >= $limit_num){
return 2; //false 已经超出了限制次数
}
}
//执行插入
$add_data = array(
'ip_name'=>$client_ip,
'ask_url'=>$ask_url,
'creatime'=>date('Y-m-d H:i:s',time())
);
$result = M('log_ip_ask')->data($add_data)->add();
if($result){
return 1; //true
}else{
return 3; //true
}
}
}
<?php
namespace Home\Model;
use Think\Model;
/****
* 操作日志
*/
class LogsModel extends Model
{
Protected $autoCheckFields = false;
/**
* 写入日志
*
* @param type $message 状态信息: 成功还是失败
* @param type $param 请求参数
* @param type $return 返回参数
* @param type $from 来源
*
* @return boolean
*/
public function Write_Log($message,$systemParam,$return_data,$from) {
$from=$this->source($from);
if(empty($message) || empty($systemParam) || empty($return_data) || empty($from) ){
return false;
}
$log_arr = array(
'message' => $message,
'create_time' => date('Y-m-d H:i:s'),
'ask_ip' => sys_get_client_ip(),
'ask_from' => $from,
'ask_content'=>json_encode($systemParam),
'return_content'=>json_encode($return_data),
);
$log_resulet = M("log_system")->data($log_arr)->add();
if ($log_resulet){
return true;
}else{
return false;
}
}
//请求来源判定
private function source($source){
switch ($source){
case '0':$result='android';break;
case '1':$result='ios';break;
case '2':$result='H5';break;
case '3':$result='pc';break;
case '4':$result='php';break;
case '5':$result='java';break;
default: $result='other';
}
return $result;
}
}
浙公网安备 33010602011771号