waibao
/
NN2023021801


			
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
							<?php

namespace app\api\middleware;

use app\common\service\SystemConfigService;
use app\Request;
use interfaces\MiddlewareInterface;
use think\cache\driver\Redis;
use think\facade\Config;
use think\Response;
use utils\RedisCache;

class AuthSignMiddleWare implements MiddlewareInterface
{
    /*
     *  允许跨域的域名
     */
    protected $cookieDomain;

    public function handle(Request $request, \Closure $next)
    {
        $this->cookieDomain = Config::get('cookie.domain', '');
        $header = Config::get('cookie.header');
        $origin = $request->header('origin');
        if ($origin && ('' == $this->cookieDomain || strpos($origin, $this->cookieDomain)))
            $header['Access-Control-Allow-Origin'] = $origin;
        if ($request->method(true) == 'OPTIONS') {
            $response = Response::create('ok')->code(200)->header($header);
        }

        // 站点升级访问验证
        $isUpdate = SystemConfigService::make()->getConfigByName('site_web_is_update');
        $isUpdate = $isUpdate? $isUpdate : env('APP.WEB_IS_UPDATE');
        if ($isUpdate==1){
            // 非测试IP访问，直接拦截
            $config = SystemConfigService::make()->getConfigByNames(['site_update_tips','site_access_ips']);
            $updateTip = isset($config['site_update_tips'])? trim($config['site_update_tips']) : '';
            $accessIps = isset($config['site_access_ips'])? trim($config['site_access_ips']) : '';
            $updateTip = $updateTip? $updateTip : '网站升级中';
            $accessIps = $accessIps? $accessIps : env('APP.TEST_IPS');
            $currentIp = get_client_ip();

            if(empty($accessIps) || ($accessIps && !preg_match("/{$currentIp}/", $accessIps))){
                return api_error_return(['msg'=> $updateTip, 'data'=>['tips'=>$updateTip,'is_update'=>true,'ip'=> $currentIp]]);
            }
        }

        if (RedisCache::get('is_update_data')){
            return api_error_return(['msg'=>'更新数据中，请稍后几秒', 'data'=>null]);
        }

        if (env('API.IS_PUBLIC_REQUEST_VERIFY')){
            if (ISNOTREQUESTPASS($request->param())){
                return api_error_return(['msg'=>'参数错误', 'data'=>null]);
            }
        }


        // 验证sign
        if (env('API.IS_SIGN_VERIFY')){
            if (empty($request->param('sign'))){
                return api_error_return(['msg'=>'签名不存在', 'data'=>null]);
            }

            $sign = createApiSign($request->param());
            if ($request->param('sign') != $sign){
                return api_error_return(['msg'=>'签名错误', 'data'=>['aa'=>$sign]]);
            }

            if (time() - $request->post('timestamp') > 20){
                return api_error_return(['msg'=>'请求失败,稍后再试', 'data'=>null]);
            }
        }
        return $next($request);
    }
}