From a7cecc9276a78c96850121b283f52f830113f6e0 Mon Sep 17 00:00:00 2001
From: zhaojs <349234519@qq.com>
Date: 星期一, 24 七月 2023 12:14:12 +0800
Subject: [PATCH] no message
---
h5/apph5/request/index.js | 5 +-
h5/apph5/request/api.js | 17 +++++---
application/api/controller/User.php | 19 ++++++++-
application/common/library/Auth.php | 57 ++++++++++++++++++++++++++++
application/common/controller/Api.php | 12 ++++-
5 files changed, 96 insertions(+), 14 deletions(-)
diff --git a/application/api/controller/User.php b/application/api/controller/User.php
index 524cace..1b1171f 100644
--- a/application/api/controller/User.php
+++ b/application/api/controller/User.php
@@ -22,13 +22,13 @@
use app\api\logic\ActivityInfo as InfoActivityInfo;
use app\common\model\UserExtend as ModelUserExtend;
use think\Db;
-
+use EasyWeChat\Kernel\Support\AES;
/**
* 浼氬憳鎺ュ彛
*/
class User extends Api
{
- protected $noNeedLogin = ['GetRecomInviter','login', 'mobilelogin', 'resetpwd', 'changemobile', 'wxapplogin','bind_mobile_login','register'];
+ protected $noNeedLogin = ['GetDfgToken','GetRecomInviter','login', 'mobilelogin', 'resetpwd', 'changemobile', 'wxapplogin','bind_mobile_login','register'];
protected $noNeedRight = '*';
public function _initialize()
@@ -55,6 +55,21 @@
}
+ public function GetDfgToken()
+ {
+ $userId=$this->request->post('userid');
+ if (!$userId) {
+ $this->error(__('Invalid parameters'));
+ }
+ //aes鍔犲瘑
+ $enKey="wp4hs3bvu7wq2mud";
+ $iv = 'fedcba9876543210';
+ $decrypted = base64_encode(AES::encrypt($userId,$enKey, $iv));
+ $this->success($decrypted);
+ }
+
+
+
/**
* 鏇存柊appclientid
*/
diff --git a/application/common/controller/Api.php b/application/common/controller/Api.php
index 6aee7d9..d0070a1 100644
--- a/application/common/controller/Api.php
+++ b/application/common/controller/Api.php
@@ -110,6 +110,7 @@
$token = $this->request->server('HTTP_TOKEN', $this->request->request('token', \think\Cookie::get('token')));
$path = str_replace('.', '/', $controllername) . '/' . $actionname;
+ $hasInit=false;
// 璁剧疆褰撳墠璇锋眰鐨刄RI
$this->auth->setRequestUri($path);
// 妫�娴嬫槸鍚﹂渶瑕侀獙璇佺櫥褰�
@@ -117,13 +118,18 @@
//鍒濆鍖�
if(empty($token))
{//token涓虹┖锛屽垽鏂璼essionkey
- $sessionkey= $this->request->server('HTTP_TOKEN', $this->request->request('dfgsessionkey', \think\Cookie::get('dfgsessionkey')));
+ $sessionkey= $this->request->server('HTTP_DFGSESSIONKEY', $this->request->request('dfgsessionkey', \think\Cookie::get('dfgsessionkey')));
if(!empty($sessionkey))
{//鏍¢獙sessionkey
-
+ $paramsArr=$this->request->post(false);
+ $this->auth->initSession($sessionkey,$paramsArr);
+ $hasInit=true;
}
}
- $this->auth->init($token);
+ if(!$hasInit)
+ {
+ $this->auth->init($token);
+ }
//妫�娴嬫槸鍚︾櫥褰�
if (!$this->auth->isLogin()) {
$this->error(__('Please login first'), [], 401);
diff --git a/application/common/library/Auth.php b/application/common/library/Auth.php
index 6de3231..12badc1 100644
--- a/application/common/library/Auth.php
+++ b/application/common/library/Auth.php
@@ -12,6 +12,7 @@
use think\Request;
use think\Validate;
use app\common\model\user\Third as ModelThird;
+use EasyWeChat\Kernel\Support\AES;
class Auth
{
@@ -122,6 +123,62 @@
}
}
+ public function initSession($sessionkey,$params)
+ {
+ //$sessionkey鍒嗕袱閮ㄥ垎锛�.鍓嶆槸md5鍔犲瘑锛�.鍚庢槸aes鍔犲瘑鐨剈serid
+ //鏍¢獙sessionkey鏄惁鍚堟硶
+ $enstrs="";
+ $searr=explode('.',$sessionkey);
+ if(count($searr)!=2)
+ {
+ $this->setError('Account not exist');
+ return false;
+ }
+ foreach ($params as $key => $value) {
+ $enstrs=$enstrs.$key;
+ $pvalue=preg_replace('/^\"|\"$/','',json_encode($value));
+ $enstrs=$enstrs.$pvalue;
+ }
+ $enstrs="dfg".$enstrs."apph5".$searr[1];
+ $enstrs=md5($enstrs,false);
+ if($enstrs!=$searr[0])
+ {//session鏍¢獙涓嶉�氳繃
+ $this->setError('Account not exist');
+ return false;
+ }
+ //aes瑙e瘑
+ $enKey="wp4hs3bvu7wq2mud";
+ $iv = 'fedcba9876543210';
+ $user_id = AES::decrypt(base64_decode($searr[1],true),$enKey, $iv);
+ if(empty($user_id))
+ {
+ $this->setError('Account not exist');
+ return false;
+ }
+ if ($user_id > 0) {
+ $user = User::get($user_id);
+ if (!$user) {
+ $this->setError('Account not exist');
+ return false;
+ }
+ if ($user['status'] != 'normal') {
+ $this->setError('Account is locked');
+ return false;
+ }
+ $this->_user = $user;
+ $this->_logined = true;
+ $this->_token = $user_id;
+
+ //鍒濆鍖栨垚鍔熺殑浜嬩欢
+ Hook::listen("user_init_successed", $this->_user);
+
+ return true;
+ } else {
+ $this->setError('You are not logged in');
+ return false;
+ }
+ }
+
/**
* 娉ㄥ唽鐢ㄦ埛
*
diff --git a/h5/apph5/request/api.js b/h5/apph5/request/api.js
index ead5e02..a345cd4 100644
--- a/h5/apph5/request/api.js
+++ b/h5/apph5/request/api.js
@@ -6,7 +6,7 @@
function get(url, data) {
//鑾峰彇token
let header={
- token:getUrlPar("token")
+ dfgsessionkey:getUrlPar("dfgtoken")
}
return request({
url: url,
@@ -18,9 +18,7 @@
function post(url, data) {
//鑾峰彇token
- let header={
- token:getUrlPar("token")
- }
+
let keysList=Object.keys(data);
let enstr="";
if(keysList&&keysList.length>0)
@@ -30,11 +28,16 @@
enstr+=value+ (JSON.stringify(data[value]).replace(/^\"|\"$/g,''));
})
}
- enstr="dfg"+enstr+"apph5";
+ let userToken=getUrlPar("dfgtoken");
+ enstr="dfg"+enstr+"apph5"+userToken;
enstr=md5.hex_md5(enstr);
- header = Object.assign({
+ enstr+='.'+userToken
+ /* header = Object.assign({
'dfgsessionkey': enstr
- },header)
+ },header) */
+ let header={
+ dfgsessionkey:enstr
+ }
return request({
url: url,
method: 'POST',
diff --git a/h5/apph5/request/index.js b/h5/apph5/request/index.js
index 250aec5..d06e2d2 100644
--- a/h5/apph5/request/index.js
+++ b/h5/apph5/request/index.js
@@ -4,9 +4,10 @@
let url = param.url;
let method = param.method;
let header = param.header || {};
- let data = Object.assign(param.data || {});
+ //let data = Object.assign(param.data || {});
+ let data=param.data;
if (method) {
- if (method == "POST") {
+ if (method == "GET") {
header = Object.assign({
'content-type': "application/x-www-form-urlencoded"
}, param.header)
--
Gitblit v1.9.3