Skip to content

hminyi/laravel-api-sign

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

laravel-api-sign

Laravel and Lumen sign

初始化

1、安装

composer require zsirius/laravel-api-sign

2、发布config文件

  • Laravel

    php artisan vendor:publish --provider="Zsirius\\Signature\\Providers\LaravelServiceProvider" --tag="config"
  • Lumen

    从vendor目录中复制配置文件:

    cp vendor/zsirius/laravel-api-sign/config/signature.php config/signature.php

    注册配置文件,在bootstrap/app.php添加:

    $app->configure('signature');
    
    $app->register(Zsirius\Signature\Providers\LumenServiceProvider::class);

3、中间件

  • Laravel 在Kernel.php中添加中间件
    protected $middlewareGroups = [
        'api' => [
            Zsirius\Signature\Middleware\ApiSign::class,
        ],
        'web' => [
        ]
    ];
  • Lumen 在bootstrap/app.php中添加
    $app->middleware([
        Zsirius\Signature\Middleware\ApiSign::class,
    ]);
    $app->routeMiddleware([
        'sign' => Zsirius\Signature\\Middleware\ApiSign::class,
    ]);

签名

1、在url中添加以下参数:

  • appid: 前后端约定好的应用ID。
  • timestamp: 当前的时间戳。
  • nonce: 12位随机数。
  • body: 如果是POST请求,则需要添加此参数,数值为请求的bodymd5 哈希值,如果请求的content-type=form-data,则不需要添加 body 参数。

2、排序

url的参数按照键名排序,排序的字符串获取其sha1哈希值,连接appsecret值,进行md5加密,赋予sign,并将其添加到参数中。

验证

验证不通过,抛出异常Zsirius\Signature\Exceptions\SignException,需自定义接收。

前端

例子

通用方法:

function md5(str) {
    return crypto.createHash('md5').update(str).digest('hex');
}
function sha1(str) {
    return crypto.createHash('sha1').update(str).digest('hex');
}
function nonce(length) {
  return Math.random().toString(36).substr(2, length);
}
function sign(obj, signKey) {
  var arr = []
  var keys = []
  for (var i in obj) {
    if (typeof obj[i] !== 'object' && i !== 'signature') {
      keys.push(i)
    }
  }
  keys.sort()
  for (var i in keys) {
    arr[keys[i]] = obj[keys[i]]
  }
  var sign = md5(sha1(qs.stringify(arr)) + signKey) 
  return sign
}

GET 请求

var params = {
    page: 1,
    count: 10
};
params.appid = "202010102020";
params.timestamp = parseInt(Date.now() / 1000);
params.nonce = nonce(8);
params['sign'] = sign(params, 'D8PMQ1BHYCGbvVxcScLrjRi3fbq7OkOP');

console.log('请求参数:');
console.log(params);
axios.get('/finance/transaction?' + qs.stringify(params))
    .then(function (response) {
        console.log('返回数据');
        console.log(response.data);
    })
    .catch(function (error) {
        console.log(error);
    });

POST 请求

var body = {
    mobile: '18515220153',
    password: '123456'
};
var params = {
    appid: "202010102020",
    timestamp: parseInt(Date.now() / 1000),
    nonce: nonce(8),
    body: md5(JSON.stringify(body)),
};
params['sign'] = sign(params, 'D8PMQ1BHYCGbvVxcScLrjRi3fbq7OkOP');

console.log('请求参数:');
console.log(params);
axios({
    method: 'POST',
    data: body,
    url: '/auth/login?' + qs.stringify(params),
}).then(function (response) {
    console.log('返回数据');
    console.log(response.data);
}).catch(function (error) {
    console.log(error);
});

form-data

var params = {
    appid: "202010102020",
    timestamp: parseInt(Date.now() / 1000),
    nonce: nonce(8),
};
params['sign'] = sign(params, 'D8PMQ1BHYCGbvVxcScLrjRi3fbq7OkOP');

console.log('请求参数:');
console.log(params);

var data = new FormData();
data.append('image', 'ADD');

axios({
    method: 'POST',
    data: data,
    url: '/common/upload/image?' + qs.stringify(params),
    headers: {
        'Content-Type': 'multipart/form-data'
    }
}).then(function (response) {
    console.log('返回数据');
    console.log(response.data);
}).catch(function (error) {
    console.log(error);
});

About

Laravel and Lumen sign

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages