server/game2006api
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1

Browse Source
This commit is contained in:
aozhiwei 2024-07-25 10:42:20 +08:00
parent 0b65f1d952
commit 817015072f
3 changed files with 39 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
webapp/controller/BaseAuthedController.class.php
View File

@ -121,6 +121,7 @@ class BaseAuthedController extends BaseController {
phpcommon\sendError(1001, 'session expiration'); phpcommon\sendError(1001, 'session expiration');
die(); die();
} }
$this->safeApiVerify();
$r = $this->_getRedis($this->_getAccountId()); $r = $this->_getRedis($this->_getAccountId());
if (!(getReqVal('c', '') == 'User' && getReqVal('a', '') == 'login')) { if (!(getReqVal('c', '') == 'User' && getReqVal('a', '') == 'login')) {
if ((getReqVal('c', '') == 'Battle')) { if ((getReqVal('c', '') == 'Battle')) {
@ -835,4 +836,42 @@ class BaseAuthedController extends BaseController {
return $decVal; return $decVal;
} }
private function safeApiVerify() {
$aLastChar = substr(getReqVal('a', ''), -1);
if ($aLastChar != 'S') {
return;
}
$params = $_REQUEST;
ksort($params);
$signData = '';
$ignoreKeys = array(
'__nonce',
'__timestamp',
'__sign'
);
foreach($params as $key => $val){
if (!in_array($key, $ignoreKeys)) {
$signData .= $key . '=' . $val . '&';
}
}
$nonce = getReqVal('__nonce', '');
$timeStamp = getReqVal('__timestamp', '');
$sign = getReqVal('__sign', '');
$postData = file_get_contents('php://input');
if (intval($timeStamp) < myself()->_getNowTime() - 20 ||
intval($timeStamp) < myself()->_getNowTime() + 10) {
error_log('safeApiVerify timestamp error:' . $timeStamp . ' nowTime:' . myself()->_getNowTime());
myself()->_rspErr(1007, "sign error1");
die();
}
$signData .= $nonce . $timeStamp . $postData;
foreach (SAPI_SECRET_KEYS as $val) {
if (md5($signData . $val) == $sign) {
return;
}
}
myself()->_rspErr(1007, "sign error2");
die();
}
} }

39
webapp/controller/BaseController.class.php
View File

@ -19,7 +19,6 @@ class BaseController {
$this->timeZone = 0; $this->timeZone = 0;
$this->nowtime = phpcommon\getNowTime(); $this->nowtime = phpcommon\getNowTime();
$this->safeApiVerify();
} }
public function _handlePre() public function _handlePre()
@ -318,44 +317,6 @@ class BaseController {
return implode("_",$str_list); return implode("_",$str_list);
} }
private function safeApiVerify() {
$aLastChar = substr(getReqVal('a', ''), -1);
if ($aLastChar != 'S') {
return;
}
$params = $_REQUEST;
ksort($params);
$signData = '';
$ignoreKeys = array(
'__nonce',
'__timestamp',
'__sign'
);
foreach($params as $key => $val){
if (!in_array($key, $ignoreKeys)) {
$signData .= $key . '=' . $val . '&';
}
}
$nonce = getReqVal('__nonce', '');
$timeStamp = getReqVal('__timestamp', '');
$sign = getReqVal('__sign', '');
$postData = file_get_contents('php://input');
if (intval($timeStamp) < myself()->_getNowTime() - 20 ||
intval($timeStamp) < myself()->_getNowTime() + 10) {
error_log('safeApiVerify timestamp error:' . $timeStamp . ' nowTime:' . myself()->_getNowTime());
myself()->_rspErr(1007, "sign error1");
die();
}
$signData .= $nonce . $timeStamp . $postData;
foreach (SAPI_SECRET_KEYS as $val) {
if (md5($signData . $val) == $sign) {
return;
}
}
myself()->_rspErr(1007, "sign error2");
die();
}
public function _upgradeToSafeApi() { public function _upgradeToSafeApi() {
echo json_encode(array( echo json_encode(array(
'errcode' => 1006, 'errcode' => 1006,

10
webapp/controller/OpsController.class.php
View File

@ -28,14 +28,4 @@ class OpsController extends BaseController {
)); ));
} }
public function selfCheckingS()
{
echo json_encode(array(
'errcode' => 0,
'errmsg' => '',
'healthy' => 1,
'max_rundelay' => 1,
));
}
} }