From 817015072f90175db4ed19b79c5bae046849bdb5 Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Thu, 25 Jul 2024 10:42:20 +0800 Subject: [PATCH] 1 --- .../controller/BaseAuthedController.class.php | 39 +++++++++++++++++++ webapp/controller/BaseController.class.php | 39 ------------------- webapp/controller/OpsController.class.php | 10 ----- 3 files changed, 39 insertions(+), 49 deletions(-) diff --git a/webapp/controller/BaseAuthedController.class.php b/webapp/controller/BaseAuthedController.class.php index 0f5e8f8b..b3fe90f5 100644 --- a/webapp/controller/BaseAuthedController.class.php +++ b/webapp/controller/BaseAuthedController.class.php @@ -121,6 +121,7 @@ class BaseAuthedController extends BaseController { phpcommon\sendError(1001, 'session expiration'); die(); } + $this->safeApiVerify(); $r = $this->_getRedis($this->_getAccountId()); if (!(getReqVal('c', '') == 'User' && getReqVal('a', '') == 'login')) { if ((getReqVal('c', '') == 'Battle')) { @@ -835,4 +836,42 @@ class BaseAuthedController extends BaseController { return $decVal; } + private function safeApiVerify() { + $aLastChar = substr(getReqVal('a', ''), -1); + if ($aLastChar != 'S') { + return; + } + $params = $_REQUEST; + ksort($params); + $signData = ''; + $ignoreKeys = array( + '__nonce', + '__timestamp', + '__sign' + ); + foreach($params as $key => $val){ + if (!in_array($key, $ignoreKeys)) { + $signData .= $key . '=' . $val . '&'; + } + } + $nonce = getReqVal('__nonce', ''); + $timeStamp = getReqVal('__timestamp', ''); + $sign = getReqVal('__sign', ''); + $postData = file_get_contents('php://input'); + if (intval($timeStamp) < myself()->_getNowTime() - 20 || + intval($timeStamp) < myself()->_getNowTime() + 10) { + error_log('safeApiVerify timestamp error:' . $timeStamp . ' nowTime:' . myself()->_getNowTime()); + myself()->_rspErr(1007, "sign error1"); + die(); + } + $signData .= $nonce . $timeStamp . $postData; + foreach (SAPI_SECRET_KEYS as $val) { + if (md5($signData . $val) == $sign) { + return; + } + } + myself()->_rspErr(1007, "sign error2"); + die(); + } + } diff --git a/webapp/controller/BaseController.class.php b/webapp/controller/BaseController.class.php index b75a061c..376e3e6e 100644 --- a/webapp/controller/BaseController.class.php +++ b/webapp/controller/BaseController.class.php @@ -19,7 +19,6 @@ class BaseController { $this->timeZone = 0; $this->nowtime = phpcommon\getNowTime(); - $this->safeApiVerify(); } public function _handlePre() @@ -318,44 +317,6 @@ class BaseController { return implode("_",$str_list); } - private function safeApiVerify() { - $aLastChar = substr(getReqVal('a', ''), -1); - if ($aLastChar != 'S') { - return; - } - $params = $_REQUEST; - ksort($params); - $signData = ''; - $ignoreKeys = array( - '__nonce', - '__timestamp', - '__sign' - ); - foreach($params as $key => $val){ - if (!in_array($key, $ignoreKeys)) { - $signData .= $key . '=' . $val . '&'; - } - } - $nonce = getReqVal('__nonce', ''); - $timeStamp = getReqVal('__timestamp', ''); - $sign = getReqVal('__sign', ''); - $postData = file_get_contents('php://input'); - if (intval($timeStamp) < myself()->_getNowTime() - 20 || - intval($timeStamp) < myself()->_getNowTime() + 10) { - error_log('safeApiVerify timestamp error:' . $timeStamp . ' nowTime:' . myself()->_getNowTime()); - myself()->_rspErr(1007, "sign error1"); - die(); - } - $signData .= $nonce . $timeStamp . $postData; - foreach (SAPI_SECRET_KEYS as $val) { - if (md5($signData . $val) == $sign) { - return; - } - } - myself()->_rspErr(1007, "sign error2"); - die(); - } - public function _upgradeToSafeApi() { echo json_encode(array( 'errcode' => 1006, diff --git a/webapp/controller/OpsController.class.php b/webapp/controller/OpsController.class.php index 45abbf07..ecd94605 100644 --- a/webapp/controller/OpsController.class.php +++ b/webapp/controller/OpsController.class.php @@ -28,14 +28,4 @@ class OpsController extends BaseController { )); } - public function selfCheckingS() - { - echo json_encode(array( - 'errcode' => 0, - 'errmsg' => '', - 'healthy' => 1, - 'max_rundelay' => 1, - )); - } - }