添加后台代理代码
This commit is contained in:
149
codes/agent/game/api/source/apis/permission.php
Normal file
149
codes/agent/game/api/source/apis/permission.php
Normal file
@@ -0,0 +1,149 @@
|
||||
<?php
|
||||
header('Access-Control-Allow-Origin:*');// 指定允许其他域名访问
|
||||
header('Access-Control-Allow-Methods:POST');// 响应类型
|
||||
header('Access-Control-Allow-Headers:x-requested-with,content-type');
|
||||
|
||||
/**
|
||||
* 获取票据接口
|
||||
*/
|
||||
use phprs\util\Verify;
|
||||
use phprs\util\exceptions\Forbidden;
|
||||
use phprs\util\Logger;
|
||||
use phprs\util\exceptions\NotFound;
|
||||
use phprs\ezsql\Sql;
|
||||
use phprs\util\exceptions\BadRequest;
|
||||
|
||||
/**
|
||||
*
|
||||
* 获取信息接口
|
||||
* @path("/permission")
|
||||
*/
|
||||
class Permission {
|
||||
/**
|
||||
* 通过devkey和appid换取票据
|
||||
* @route({"POST","/ticket"})
|
||||
* @param({"appid","$._POST.appid"}) 应用appid
|
||||
* @param({"devkey","$._POST.devkey"}) 开发者key
|
||||
* @param({"domain","$._POST.domain"}) 域名
|
||||
* @param({"nocestr","$._POST.nocestr"}) 随机字符串
|
||||
* @throws({"phprs\util\exceptions\Forbidden","res", "403 Forbidden",{"error":"Forbidden"}}) cookie不可用
|
||||
*/
|
||||
public function getTicket($appid,$devkey,$domain,$nocestr) {
|
||||
// 当前时间戳,通过sid和scode获取用户信息,必须保障sid未过期
|
||||
$nowtime = time();
|
||||
|
||||
$ticket = md5($appid.'=='.$devkey.'=='.$domain.'=='.$nocestr);
|
||||
|
||||
$insertData = array();
|
||||
|
||||
$insertData['appid'] = $appid;
|
||||
$insertData['devkey'] = $appid;
|
||||
$insertData['domain'] = $appid;
|
||||
$insertData['nocestr'] = $appid;
|
||||
$insertData['ticket'] = $appid;
|
||||
|
||||
$expire_time = time();
|
||||
$expire_date = date('H:i:s',strtotime("+20 minute"));
|
||||
$expire_time = strtotime($expire_date);
|
||||
|
||||
$insertData['expiretime'] = $expire_time; // 票据过期时间
|
||||
|
||||
$pdo = $this->db;
|
||||
$pdo->beginTransaction();
|
||||
$id = Sql::insertInto('syweb_ticket')->values($insertData)->exec($pdo)->lastInsertId();
|
||||
$pdo->commit();
|
||||
|
||||
// 根据sid 查询用户信息
|
||||
$res = Sql::select('syweb_ticket.*')
|
||||
->from('syweb_ticket')
|
||||
->where('syweb_ticket.id=?', $id)
|
||||
->get($this->db ,null);
|
||||
|
||||
if(count($res)>0){
|
||||
$result[0]["error"] = "0";
|
||||
$result[0]["ticket"] = $ticket;
|
||||
}else{
|
||||
$result[0]["error"] = "1";
|
||||
$result[0]["error_code"] = 1; // 获取授权票据失败
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* 验证开发者权限
|
||||
* @route({"POST","/check_auth"})
|
||||
* @param({"appid","$._POST.appid"}) 应用appid
|
||||
* @param({"devkey","$._POST.devkey"}) 开发者key
|
||||
* @param({"ticket","$._POST.ticket"}) 服务器授予的票据
|
||||
* @param({"authcode","$._POST.authcode"}) 权限代码
|
||||
* @throws({"phprs\util\exceptions\Forbidden","res", "403 Forbidden",{"error":"Forbidden"}}) cookie不可用
|
||||
*/
|
||||
public function checkPermission($appid="",$devkey="",$ticket="",$authcode="") {
|
||||
// 当前时间戳
|
||||
$nowtime = time();
|
||||
|
||||
$referer = $_SERVER["HTTP_REFERER"];// 客户端来源地址
|
||||
|
||||
if( empty($appid) ){
|
||||
$result["error"] = '1';
|
||||
$result["error_code"] = '1';
|
||||
$result["message"] = '请传入appid参数。';
|
||||
return json_encode($result,JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
$appInfo = Sql::select('syweb_app.*')
|
||||
->from('syweb_app')
|
||||
->where('syweb_app.appid=?', $appid)
|
||||
->get($this->db ,null);
|
||||
if(!empty($appInfo) && count($appInfo)>0){
|
||||
$insertData['app_id'] = $appInfo[0]["id"];
|
||||
} else {
|
||||
$result["error"] = '1';
|
||||
$result["error_code"] = '2';
|
||||
$result["message"] = '指定的应用不存在,请检查appid参数。';
|
||||
return json_encode($result,JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
|
||||
if(empty($devkey)){
|
||||
$result["error"] = '1';
|
||||
$result["error_code"] = '3';
|
||||
$result["message"] = '请传入devkey参数。';
|
||||
return json_encode($result,JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
|
||||
|
||||
// 根据sid 查询用户信息
|
||||
// $res = Sql::select('syweb_ticket.*')
|
||||
// ->from('syweb_ticket')
|
||||
// ->where('syweb_ticket.appid=? and syweb_ticket.devkey=? and syweb_ticket.ticket=? and syweb_ticket.expiretime>?',$appid,$devkey,$ticket,$nowtime)
|
||||
// ->get($this->db ,null);
|
||||
|
||||
//if(count($res)>0){
|
||||
$res = Sql::select('syweb_api_apply.*')
|
||||
->from('syweb_api_apply,syweb_interface')
|
||||
->where('syweb_api_apply.interface_id=syweb_interface.id and syweb_api_apply.status=1 and syweb_interface.interface_code =? and dev_id in (select id from syweb_admin where devkey=? and type=2)',$authcode,$devkey)
|
||||
->get($this->db ,null);
|
||||
if(count($res)>0){
|
||||
$result["error"] = '0';
|
||||
$result["message"] = "用户具备接口权限。";// 用户具备该接口权限
|
||||
}else{
|
||||
$result["error"] = '1';
|
||||
$result["error_code"] = '4';
|
||||
$result["message"] = "用户不具备接口权限。";// 用户无该接口权限
|
||||
}
|
||||
//}else{
|
||||
// $result[0]["error"] = "1";
|
||||
// $result[0]["error_code"] = 1; // 用户票据过去或未获得票据
|
||||
//}
|
||||
|
||||
return json_encode($result,JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
|
||||
/** @inject("ioc_factory") */
|
||||
private $factory;
|
||||
/**
|
||||
* @property({"default":"@db"})
|
||||
* @var PDO
|
||||
*/
|
||||
public $db;
|
||||
}
|
||||
Reference in New Issue
Block a user