项目中常用的api接口签名验证方法: 给app分配对应的appId、appKey 2. Sign签名,调用API 时需要对请求参数进行签名验证,签名方式如下: a. 按照请求参数名称将所有请求参数按照
给app分配对应的appId、appKey
2. Sign签名,调用API 时需要对请求参数进行签名验证,签名方式如下:
a. 按照请求参数名称将所有请求参数按照键名进行升序排序,如:将arong=1,mrong=2,crong=3 排序为:arong=1, crong=3,mrong=2 然后将参数名和参数值进行拼接得到参数字符串:arong=1&crong=3&mrong=2
b. 将appKey加在参数字符串的尾部&key=appKey后进行MD5加密 ,加密后的字符串需转小写。即得到签名Sign;
PHP签名类
phpnamespace utils;class Sign{ private $appId = "2jOlqkesGGeJJwMx"; private $appKey = "wfEj1kXLdKjCV6rla6Rfasd"; //创建sign public function makeSign($data) { ksort($data); $string = $this->toUrlParams($data); $string = $string . "&key=" . $this->appKey; $string = md5($string); $result = strtolower($string); return $result; } //检验sign是否正确 public function verifySign($data) { //check sign if (!isset($data['sign']) || !$data['sign']) { return ['code' => 1, 'msg' => '发送的数据签名sign不存在']; } //check sign if (!isset($data['appid']) || !$data['appid']) { return ['code' => 1, 'msg' => '发送的应用参数appid不存在']; } if ($data['appid'] != $this->appId) { return ['code' => 1, 'msg' => '发送的应用参数appid错误']; } //check sign if (!isset($data['nonce']) || !$data['nonce']) { return ['code' => 1, 'msg' => '发送的应用参数nonce不存在']; } //check timestamp if (!isset($data['timestamp']) || !$data['timestamp']) { return ['code' => 1, 'msg' => '发送的数据参数timestamp不合法']; } // 验证请求, 10分钟失效 if (time() - $data['timestamp'] > 600) { return ['code' => 1, 'msg' => '验证超时timestamp请重新发送请求']; } $clientSign = $data['sign']; unset($data['sign']); $serverSign = $this->makeSign($data); if ($clientSign == $serverSign) { return ['code' => 0, 'msg' => '验证通过']; } else { return ['code' => 1, 'msg' => '签名校验失败']; } } //生成url字符串 private function toUrlParams($values) { $buff = ""; foreach ($values as $k => $v) { if ($k != "sign" && !is_array($v)) { $buff .= $k . "=" . $v . "&"; } } $buff = trim($buff, "&"); return $buff; }}使用实例,签名校验可以写在中间件拦截
namespace app\api\controller;use think\facade\Request;use utils\Sign;class Test{ public function sign(Request $request) { //接口签名校验 $appid = $request->header('appid', ''); $nonce = $request->header('nonce', ''); $timestamp = $request->header('timestamp', ''); $sign = $request->header('sign', ''); $Sign = app(Sign::class); $verifySign = $Sign->verifySign(compact('appid', 'nonce', 'timestamp', 'sign')); if (isset($verifySign['code']) && $verifySign['code']) { throw new IllegalException(); } }}<div id="app"></div><script src="https://cdn.staticfile.org/vue/2.2.2/vue.min.js"></script><script src="Https://unpkg.com/axiOS/dist/axios.min.js"></script><script src="https://cdn.bootCSS.com/blueimp-md5/2.10.0/js/md5.min.js"></script><script type="text/javascript"> new Vue({ el: '#app', data() { return { info: null } }, create(){ }, methods: { getSign: function(param,key) { let str = ""; for(var idx in param) { let one = idx+"="+param[idx]; if (str == "") { str = one; } else { str = str+"&"+one; } } str = str+"&key="+key; //console.log("before md5:"+str); let md5str = md5(str); return md5str; } }, mounted() { let appid = "2jOlqkesGGeJJwMx"; let appkey = "wfEj1kXLdKjCV6rla6Rfasd"; let timestamp = parseInt((new Date()).getTime()/1000); let nonce = Math.floor(Math.random()*8999)+1000; let param = { appid:appid, nonce:nonce, timestamp:timestamp, } let sign = this.getSign(param,appkey); param.sign = sign; console.log(param); const config = { headers: { appid: param.appid, nonce: param.nonce, timestamp: param.timestamp, sign:param.sign, } }; axios .post('https://www.baidu.com/api/Test/sign',[],config) .then(response => (this.info = response)) .catch(function (error) { // 请求失败处理 console.log(error); }); } })</script>来源地址:https://blog.csdn.net/qqq13500169/article/details/128573157
--结束END--
本文标题: PHP接口签名校验
本文链接: https://www.lsjlt.com/news/401013.html(转载时请注明来源链接)
有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
下载Word文档到电脑,方便收藏和打印~
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
回答
回答
回答
回答
回答
回答
回答
回答
回答
回答
一口价域名售卖能注册吗?域名是网站的标识,简短且易于记忆,为在线用户提供了访问我们网站的简单路径。一口价是在域名交易中一种常见的模式,而这种通常是针对已经被注册的域名转售给其他人的一种方式。
一口价域名买卖的过程通常包括以下几个步骤:
1.寻找:买家需要在域名售卖平台上找到心仪的一口价域名。平台通常会为每个可售的域名提供详细的描述,包括价格、年龄、流
443px" 443px) https://www.west.cn/docs/wp-content/uploads/2024/04/SEO图片294.jpg https://www.west.cn/docs/wp-content/uploads/2024/04/SEO图片294-768x413.jpg 域名售卖 域名一口价售卖 游戏音频 赋值/切片 框架优势 评估指南 项目规模
官方手机版
微信公众号
商务合作
0