whereof/signature

This package is abandoned and no longer maintained. No replacement package was suggested.

signature

Maintainers

Details

github.com/iphper/signature

Source

Issues

Installs: 668

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

dev-master 2022-03-30 03:00 UTC

Requires

Requires (Dev)

MIT 83fc846d22fff218b880387bfc5d459ce59f6c4e

  • iphper <tp5er.woop@qq.com>

This package is auto-updated.

Last update: 2022-03-30 14:32:43 UTC

README

composer require whereof/signature

异常捕捉错误

UnexpectedValueException sign/timestamp/appId未定义
whereof\Exception\SignatureInvalidException appId和sign不正确
whereof\Exception\ExpiredException 签名失效

实例化

  • $appId 随机32位

    可以根据用户ID进行加密生成

    https://packagist.org/packages/hashids/hashids

    composer require hashids/hashids

    $appId = (new Hashids('',32))->encode($userId)

  • $appSecret 随机32位

  • $leeway 当前请求timestamp的生命周期内有效

$sign = new \whereof\OpenApiSign($appId,$appSecret,$leeway=60);

客户端使用

// 客户端待发送的数据包
$data = array(
    'sex'       => '1',
    'age'       => '16',
    'addr'      => 'whereof',
    'appid'     => $appid,//必传
    'timestamp' => time(),//必传
);
function sign($appSecret, array $input = [])
{
    // 对数组的值按key排序
    ksort($input);
    // 生成url的形式
    $params = http_build_query($input);
    // 生成sign
    $sign = md5($params . $appSecret);
    return $sign;
}
$data['sign'] = sign($appSecret, $data);

服务端进行验证

//根据请求过来的$data数据解析出appid,然后在根据appid查到appSecret
$sign->verifySign($appSecret, $data);

Java md5 加密 org.apache.commons.codec.digest.DigestUtils.md5Hex($params . $appSecret)