5befcf220b7ac2a860f25edc90f9a30b7048a002.svn-base 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244
  1. <?php namespace Maze\Security;
  2. use Maze\Http\Input;
  3. use Maze\Http\Output;
  4. use Maze\Config\Load as Config;
  5. use Maze\Config\Project;
  6. use Maze\Routing\Load;
  7. class Api
  8. {
  9. /**
  10. * prefix
  11. *
  12. * @var string
  13. */
  14. const PREFIX = 'api_';
  15. /**
  16. * time
  17. *
  18. * @var int
  19. */
  20. const TIME = 300;
  21. /**
  22. * path 定义api目录
  23. *
  24. * @var string
  25. */
  26. const PATH = 'api/';
  27. /**
  28. * default token
  29. *
  30. * @var string
  31. */
  32. static private $token = 'maze_api';
  33. /**
  34. * log
  35. *
  36. * @var string
  37. */
  38. static private $log;
  39. /**
  40. * state
  41. *
  42. * @var string
  43. */
  44. static public $state = false;
  45. /**
  46. * init
  47. * @param string $key
  48. * @param string $path
  49. *
  50. * @return string
  51. */
  52. static public function init($path = false)
  53. {
  54. if(!$path)
  55. {
  56. $path = MAZE_PROJECT_PATH;
  57. }
  58. $file = $path . self::PATH . 'main.php';
  59. if(is_file($file))
  60. {
  61. return include($file);
  62. }
  63. return array();
  64. }
  65. /**
  66. * check
  67. * @param string $key
  68. *
  69. * @return string
  70. */
  71. static public function check($key)
  72. {
  73. $config = self::init();
  74. if($config && isset($config[$key]))
  75. {
  76. self::$log = array();
  77. self::$log['add_site'] = $key;
  78. self::$state = true;
  79. # 验证当前api有效性
  80. $request = Input::prefix(self::PREFIX);
  81. if($request)
  82. {
  83. # 增加测试效果
  84. if(Input::get('maze_api_test') == 'test_yes')
  85. {
  86. print_r(self::get($request));die;
  87. }
  88. //self::result($request);
  89. foreach($request as $k => $v)
  90. {
  91. $k = str_replace(self::PREFIX, '', $k);
  92. if(!isset($config[$key]['request'][$k]))
  93. {
  94. Output::abert('api_param_exists', $k);
  95. }
  96. Input::set($k, $v);
  97. self::$log['add_request'][0][$k] = $v;
  98. }
  99. Config::$global['base']['api'] = true;
  100. }
  101. else
  102. {
  103. //Output::abert('api_param_exists', 'request');
  104. }
  105. }
  106. }
  107. /**
  108. * 得到数据结果
  109. *
  110. * @return mixed
  111. */
  112. static public function out($data)
  113. {
  114. if(self::$state == true)
  115. {
  116. if(!$data)
  117. {
  118. Output::abert('api_param_exists', 'response');
  119. }
  120. # 记录日志 暂时不做记录
  121. if(Project::load('manage'))
  122. {
  123. self::$log['add_response'][0] = $data;
  124. //Load::get('manage/api_log-insert', $param);
  125. }
  126. $result['msg'] = 'success';
  127. $result['status'] = 1;
  128. $result['data'] = $data;
  129. Output::result($result);
  130. }
  131. }
  132. /**
  133. * 得到解密结果
  134. *
  135. * @return mixed
  136. */
  137. static public function result($info)
  138. {
  139. $time = Input::get('time');
  140. # 验证时间是否超时,默认为5分钟
  141. if(time() - $time > self::TIME)
  142. {
  143. Output::abert('api_signature_exists');
  144. }
  145. $nonce = Input::get('nonce');
  146. $key = Input::get('signature');
  147. $signature = self::signature($time, $nonce, $info);
  148. if(Input::get('signature') != $signature)
  149. {
  150. Output::abert('api_signature_exists');
  151. }
  152. }
  153. /**
  154. * 得到签名及其数据
  155. *
  156. * @return mixed
  157. */
  158. static public function get($info)
  159. {
  160. $time = time();
  161. $nonce = self::nonce();
  162. $signature = self::signature($time, $nonce, $info);
  163. $info += array
  164. (
  165. 'time' => $time,
  166. 'nonce' => $nonce,
  167. 'signature' => $signature,
  168. //'token' => self::token(),
  169. //'status' => 1,
  170. //'msg' => 'success',
  171. );
  172. return $info;
  173. }
  174. /**
  175. * 获取signature
  176. *
  177. * @return mixed
  178. */
  179. static public function signature($time, $nonce, $info = array())
  180. {
  181. $info['token'] = self::token();
  182. $info['time'] = $time;
  183. $info['nonce'] = $nonce;
  184. ksort($info);
  185. $signature_string = '';
  186. foreach($info as $k => $v)
  187. {
  188. $signature_string .= $k . '=' . $v . '&';
  189. }
  190. $signature_string = substr($signature_string, 0, -1);
  191. return sha1($signature_string);
  192. }
  193. /**
  194. * 获取token
  195. *
  196. * @return mixed
  197. */
  198. static public function token()
  199. {
  200. self::$token = isset(Config::$global['base']['token']) ? Config::$global['base']['token'] : self::$token;
  201. return md5(self::$token);
  202. }
  203. /**
  204. * 获取nonce
  205. *
  206. * @return mixed
  207. */
  208. static public function nonce()
  209. {
  210. return substr(md5(microtime()), rand(10, 15));
  211. }
  212. }