xihrni / yii2-behavior-signature
Interface authentication behavior based on Yii2.
Installs: 27
Dependents: 0
Suggesters: 0
Security: 0
Stars: 3
Watchers: 1
Forks: 0
Open Issues: 0
Type:yii2-extension
Requires
- yiisoft/yii2: *
This package is auto-updated.
Last update: 2024-06-09 14:51:12 UTC
README
基于 Yii2 的接口鉴权行为
Install
$ composer require xihrni/yii2-behavior-signature
Usage
生成签名步骤
- 从服务端拿到客户端ID和秘钥
- 准备好
_c
、_d
、_s
、_t
四个参数- _c:客户端ID
- _d:当前时间戳(秒)
- _s:计算数值,取当前时间戳(秒)后6位 * 12345.6789,再进行进一取整
- _t:Token,将上面三个参数拼接到 URL 参数最后进行 MD5 加密后再拼接上面三个参数的值,接着拼接客户端秘钥,最后进行 SHA1 加密
- 将上面四个参数拼接到需要访问的 URL 参数最后进行请求
Example
需要请求的URL
http://xxx.com/index/index?page=1&per-page=10
组装之后的URL
http://xxx.com/index/index?page=1&per-page=10&_c=1001&_d=1607475506&_s=5870444392&_t=e9a24fc903d3899b160f15bbb58809b0c901c049
Demo
客户端签名生成
<?php $c = '1001'; // 客户端ID $d = time(); // 时间戳(秒) $s = ceil(substr($d, -6) * 12345.6789); // 计算数值 $url = 'http://xxx.com/index/index?page=1&per-page=10'; $url = explode('?', $url); $params = trim($url[1] . '&_c=' . $c . '&_d=' . $d . '&_s=' . $s, '&'); $newUrl = $url[0] . '?' . $params; $t = sha1(md5($newUrl) . $c . $d . $s . 'b8c37e33defde51cf91e1e03e51657da'); // Token $newUrl .= '&_t=' . $t; file_put_contents($newUrl);
服务端验证调用
<?php namespace app\controllers; use xihrni\yii2\behaviors\SignatureBehavior; class IndexController extends \yii\web\Controller { public function behaviors() { return array_merge(parent::behaviors(), [ 'signature' => [ 'class' => SignatureBehavior::className(), 'switchOn' => true, 'optional' => ['view'], 'clientSecrets' => [ ['id' => 1001, 'secret' => 'b8c37e33defde51cf91e1e03e51657da'], ['id' => 1002, 'secret' => 'fba9d88164f3e2d9109ee770223212a0'], // ... ], ], ]); } public function actionIndex() {} public function actionView($id) {} }