79 lines
2.8 KiB
PHP
79 lines
2.8 KiB
PHP
<?php
|
|
|
|
namespace app\support;
|
|
|
|
use support\Request;
|
|
use support\think\Db;
|
|
|
|
class EnterpriseOpenApiAuthService
|
|
{
|
|
public function authenticate(Request $request): array
|
|
{
|
|
$appKey = trim((string)$request->header('x-axy-app-key', ''));
|
|
$timestamp = trim((string)$request->header('x-axy-timestamp', ''));
|
|
$nonce = trim((string)$request->header('x-axy-nonce', ''));
|
|
$signature = trim((string)$request->header('x-axy-signature', ''));
|
|
|
|
if ($appKey === '' || $timestamp === '' || $nonce === '' || $signature === '') {
|
|
throw new \RuntimeException('开放接口鉴权头不完整');
|
|
}
|
|
|
|
if (!ctype_digit($timestamp) || abs(time() - (int)$timestamp) > 300) {
|
|
throw new \RuntimeException('请求时间戳已过期');
|
|
}
|
|
|
|
$app = Db::name('enterprise_customer_apps')->where('app_key', $appKey)->find();
|
|
if (!$app || ($app['status'] ?? 'enabled') !== 'enabled') {
|
|
throw new \RuntimeException('应用 Key 不存在或已停用');
|
|
}
|
|
|
|
$customer = Db::name('enterprise_customers')->where('id', $app['customer_id'])->find();
|
|
if (!$customer || ($customer['status'] ?? 'enabled') !== 'enabled') {
|
|
throw new \RuntimeException('客户不存在或已停用');
|
|
}
|
|
|
|
$this->storeNonce($appKey, $nonce, (int)$timestamp);
|
|
|
|
$secret = (new EnterpriseCustomerService())->decryptSecret((string)($app['app_secret_cipher'] ?? ''));
|
|
if ($secret === '') {
|
|
throw new \RuntimeException('应用密钥不可用');
|
|
}
|
|
|
|
$rawBody = $request->rawBody();
|
|
$pathWithQuery = $request->uri();
|
|
$base = strtoupper($request->method()) . $pathWithQuery . $timestamp . $nonce . hash('sha256', $rawBody);
|
|
$expected = hash_hmac('sha256', $base, $secret);
|
|
|
|
if (!hash_equals($expected, strtolower($signature))) {
|
|
throw new \RuntimeException('请求签名无效');
|
|
}
|
|
|
|
Db::name('enterprise_customer_apps')->where('id', $app['id'])->update([
|
|
'last_used_at' => date('Y-m-d H:i:s'),
|
|
'updated_at' => date('Y-m-d H:i:s'),
|
|
]);
|
|
|
|
return [
|
|
'app' => $app,
|
|
'customer' => $customer,
|
|
];
|
|
}
|
|
|
|
private function storeNonce(string $appKey, string $nonce, int $timestamp): void
|
|
{
|
|
$expireBefore = date('Y-m-d H:i:s', time() - 600);
|
|
Db::name('enterprise_api_nonces')->where('created_at', '<', $expireBefore)->delete();
|
|
|
|
try {
|
|
Db::name('enterprise_api_nonces')->insert([
|
|
'app_key' => $appKey,
|
|
'nonce' => $nonce,
|
|
'request_timestamp' => $timestamp,
|
|
'created_at' => date('Y-m-d H:i:s'),
|
|
]);
|
|
} catch (\Throwable $e) {
|
|
throw new \RuntimeException('请求 nonce 已使用');
|
|
}
|
|
}
|
|
}
|