ApiAuth.php 1003 B

1234567891011121314151617181920212223242526272829303132333435
  1. <?php
  2. namespace app\common\middleware;
  3. //验证权限
  4. class ApiAuth
  5. {
  6. public function handle($request, \Closure $next)
  7. {
  8. $apiStatus=config('app.api_status');
  9. if(!$apiStatus){
  10. return shutdown('接口已关闭');
  11. }
  12. $appId=config('app.app_id');
  13. $appSecret=config('app.app_secret');
  14. $header = $request->header();
  15. $app_id=$header['x-im-appid'] ?? '';
  16. $timeStamp=$header['x-im-timestamp'] ?? 0;
  17. $sign=$header['x-im-sign'] ?? '';
  18. if(!$app_id || !$timeStamp || !$sign){
  19. return shutdown('缺少参数');
  20. }
  21. // 时间戳不能大约60秒
  22. if(time()-$timeStamp>60){
  23. return shutdown('请求超时');
  24. }
  25. if($appId!=$app_id){
  26. return shutdown('appId错误');
  27. }
  28. $signStr=md5($appId.$timeStamp.$appSecret);
  29. if($sign!=$signStr){
  30. return shutdown('签名错误');
  31. }
  32. return $next($request);
  33. }
  34. }