api接口签名验证

客户端：

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
签名
</body>
<script src="http://libs.baidu.com/jquery/2.0.0/jquery.min.js"></script>
<script src="https://cdn.bootcss.com/blueimp-md5/2.10.0/js/md5.js"></script>
<script type="application/javascript">
    var secret='cmyxy';
    setParamSign = function (params) {
        console.log(secret);
        var paramStr = "";
        if (typeof params == "string") {
            paramStr = params;
        }
        else if (typeof params == "object") {
            var arr = [];
            for (var i in params) {
                if (params.hasOwnProperty(i)) {
                    arr.push((i + "=" + params[i]));
                }
            }
            paramStr = arr.join(("&"));
        }
        console.log(paramStr);
        if (paramStr) {
            var newParamStr = paramStr.split("&").sort().join("&");
            console.log(newParamStr);
            var sign = md5(newParamStr+secret);
            if (typeof params == "string") {
                params += ("&sign=" + sign);
            }else {
                params["sign"] = sign;
            }
        }
        console.log(params);
        return params;
    };

    var data = {
        token:'F5D933D3F00A51F90E0A20F75692AB83',
        timestamp:timest()
    };

    $.ajax({
        url: "http://192.168.7.68:4477/index",
        async: false,
        data: setParamSign(data),
        dataType: "json",
        type: "POST",
        success: function (data) {
            console.log('111');
            console.log(data);
        }
    });
    function timest() {
        var tmp = Date.parse( new Date() ).toString();
        tmp = tmp.substr(0,10);
        return tmp;
    }
</script>
</html>

 

 

服务器端验证：

<?php
/**
 * Created by PhpStorm.
 * User: HOUDJ
 * Date: 2020/6/11
 * Time: 10:59
 */

namespace app\index\controller;


use app\BaseController;
use think\exception\HttpResponseException;
use think\facade\Cache;

class Base extends BaseController
{
    public $userId=0;
    public $userName='';
    public $userMobile='';
    public $access_token='';
    public function initialize()
    {
        parent::initialize(); 
        $params=$this->request->param();
        $this->verifySign(config('app.sign_secret'),$params);
        $this->access_token=$params['token'];
        if(!$this->access_token || !$this->isLogin()){
            return $this->returnMsg(config('status.error'),'','登录异常，请重新登录！');
        }
    }

    /**
     * Notes:访问检测
     * User: HOUDJ
     * Date: 2020/7/1
     */
    function verifySign($secret, $data) {
        if(config('app.sign_check')) {//配置文件中可关闭验证
            // 验证参数中是否有签名
            if (!isset($data['sign']) || !$data['sign']) {
                return $this->returnMsg(config('status.error'), '', '发送的数据签名不存在');
            }
            if (!isset($data['timestamp']) || !$data['timestamp']) {
                return $this->returnMsg(config('status.error'), '', '发送的数据参数不合法');
            }
            // 验证请求，10分钟失效
            if (time() - $data['timestamp'] > 600) {
                return $this->returnMsg(config('status.error'), '', '访问超时，请重新请求！');
            }
            $sign = $data['sign'];
            unset($data['sign']);
            ksort($data);
            $params = http_build_query($data);
            $sign2 = md5(urldecode($params) . $secret); if ($sign == $sign2) { return true; } else { return $this->returnMsg(config('status.error'), '', '请求不合法'); } }else{ return true; } } /** * Notes:是否登录 * User: HOUDJ * Date: 2020/6/15 */ public function isLogin(){ $userInfo= Cache::get(config('app.login.login_prefix').$this->access_token); if(!$userInfo){ return false; } $userArr=json_decode($userInfo,true); $this->userId=$userArr['id']; $this->userName=$userArr['username']; $this->userMobile=$userArr['mobile']; return true; } public function returnMsg(...$args){ throw new HttpResponseException(returnMsg(...$args)); } }