API Token

API:

獲取token

1:定義 ID 和Secret

比較地址欄中input(get.ID)和input(get.token) 惋戏。如果匹配，那么生成$token = md5(time() . mt_rand(111111,999999));

放在cache里面 cache（token,id,時間）

[if !supportLists]2.?[endif]比較token

地址欄中獲取$token=input(get.token),然后判斷 cache($token)是不是等于id,是的話嚷掠，那就合法。

然后該干嘛就干嘛烧给。

代碼不想分享趋厉，非要看的話，硬著頭皮汰现，透過刪除線看吧~

~~<?php~~

~~namespace app\api\controller;~~

~~use think\Controller;~~

~~use think\Db;~~

~~use think\Request;~~

~~use app\org\controller\CorpTool;~~

/**

*對外接口控制器

*錯誤碼列表

* 3001 account_id or account_secret缺失

~~?*/~~

~~class Api extends Controller{~~

~~//屬性聲明~~

~~????private $account_id = 'ssc93048865';~~

~~????private $account_secret = 'ssceeRsTyrCG';~~

????/**

*獲取access_token

~~?????*/~~

~~????public function gettoken(){~~

~~//提取請求身份參數(shù)~~

~~????????$account_id = input('post.account_id',false);~~

~~????????$account_secret = input('post.account_secret',false);~~

~~????????if(!$account_id || !$account_secret){~~

~~????????????return json([~~

~~????????????????'errcode' => 1001,~~

~~????????????????'errmsg' => 'account_id or account_secret missing'~~

~~????????????]);~~

~~????????}~~

~~//驗證account_id合法性~~

~~????????if($account_id != $this->account_id){~~

~~????????????return json([~~

~~????????????????'errcode' => 1002,~~

~~????????????????'errmsg' => 'account_id is not exists'~~

~~????????????]);~~

~~????????}~~

~~//驗證account_secret合法性~~

~~????????if($account_secret != $this->account_secret){~~

~~????????????return json([~~

~~????????????????'errcode' => 1003,~~

~~????????????????'errmsg' => 'account_secret is invalid'~~

~~????????????]);~~

~~????????}~~

~~//生成access_token~~

~~????????$token = md5(time() . mt_rand(111111,999999));~~

~~????????cache($token,$account_id,3600);~~

~~????????cache($account_id,$token,3600);~~

~~????????return json([~~

~~????????????'errcode' => 0,~~

~~????????????'errmsg' => 'success',~~

~~????????????'access_token' => $token,~~

~~????????????'expires_in' => 3600~~

~~????????]);~~

~~????}~~

~~????public function doSomething{~~

~~//提取請求身份參數(shù)~~

~~????????$access_token = input('get.access_token',false);~~

~~????????if(!$access_token){~~

~~????????????return json([~~

~~????????????????'errcode' =>2001,~~

~~????????????????'errmsg' => 'access_token missing'~~

~~????????????]);~~

~~????????}~~

~~????????$msg = json_encode(input('post.'));~~

~~????????file_put_contents('./callback.log', $msg);~~

~~//驗證參數(shù)是否正確~~

~~????????if($account_id=cache($access_token)){~~

~~//驗證token是否正確~~

~~????????????if(cache($account_id)!=$access_token){~~

~~????????????????return json([~~

~~????????????????????'errcode' => 2004,~~

~~????????????????????'errmsg' => 'access_token invalid or expired'~~

~~????????????????]);~~

~~????????????};~~

~~//獲取請求參數(shù)~~

~~????????????$pin = input('post.pin',false);~~

~~????????????$state = input('post.state',false);~~

~~????????????if($pin===false || $state===false){~~

~~????????????????return json([~~

~~????????????????????'errcode' => 2002,~~

~~????????????????????'errmsg' => 'required params missing'~~

~~????????????????]);~~

~~????????????}~~

~~????????????file_put_contents('./callback_success.log', $msg);~~

~~???????????//HERE IS YOUR CODE~~

~~//執(zhí)行返回~~

~~????????????return json([~~

~~????????????????'errcode' => 0,~~

~~????????????????'errmsg' => 'ok'~~

~~????????????]);~~

~~????????}else{~~

~~????????????file_put_contents('./callback_error.log', $msg);~~

~~????????????return json([~~

~~????????????????'errcode' => 4002,~~

~~????????????????'errmsg' => 'access_token is invalid'~~

~~????????????]);~~

~~????????}~~

~~????}~~

}

最后編輯于：2018.11.13 11:27:34

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者