diff --git a/config/config.php b/config/config.php index 5f23dd0a..926170e8 100644 --- a/config/config.php +++ b/config/config.php @@ -17,4 +17,7 @@ const HERO_CONTRACT_ADDRESS = "0xc8607507451059cfae6ca4d07ec6f631ce8ef9f9"; const NORMAL_HERO_CONTRACT_ADDRESS = "0x994de61dd536b22f7e3bdb77aa3ef55aec938bfd"; const ETH_LOCK_CONTRACT_ADDRESS = "0x7f2b4db626d878778e178b4f0c7ba3a2870c6dd0"; const NFT_META_URL = 'https://nft-test.kingsome.cn'; +const SAPI_SECRET_KEYS = array( + '~kCu8jYS)rJ5Ay_pZS_rT#&jOl)Qo0m)' +); define('PRESENT_FREE_ITEM', 1); diff --git a/doc/Bag.py b/doc/Bag.py index 0cc12d5d..c7d84ddd 100644 --- a/doc/Bag.py +++ b/doc/Bag.py @@ -20,10 +20,10 @@ class Bag(object): ] }, { - 'name': 'useItem', + 'name': 'useItemS', 'desc': '使用道具', 'group': 'Bag', - 'url': 'webapp/index.php?c=Bag&a=useItem', + 'surl': 'webapp/index.php?c=Bag&a=useItemS', 'params': [ _common.ReqHead(), ['item_uniid', 0, '道具唯一id'], diff --git a/doc/BlockChain.py b/doc/BlockChain.py index 3ff5c6c1..e8b40e55 100644 --- a/doc/BlockChain.py +++ b/doc/BlockChain.py @@ -122,4 +122,25 @@ class BlockChain(object): ['!params', [''], '合约参数列表'], ] }, + { + 'name': 'rechargeBuyS', + 'desc': 'usdt钻石充值', + 'group': 'BlockChain', + 'surl': 'webapp/index.php?c=BlockChain&a=rechargeBuyS', + 'params': [ + _common.ReqHead(), + ['goods_id', '', '商品id'], + ], + 'response': [ + _common.RspHead(), + ['order_id', '', '订单id'], + ['!calls', + [ + ['trans_id', '', '事务id'], + ['trans_req', _common.MFTransactionRequest(), '调用合约参数'], + ], + '合约调用-队列(排队执行上一个成功才能调用下一个)' + ] + ] + }, ] diff --git a/doc/README.php b/doc/README.php index 15d07b4a..78698960 100644 --- a/doc/README.php +++ b/doc/README.php @@ -9,3 +9,15 @@ * * */ + + /** + * @api {GET} AA接口升级日志 接口升级日志 + * @apiPermission none + * @apiGroup 接口升级日志 + * @apiVersion 0.0.1 + * @apiSuccessExample {json} Success-Response: + * 2024/07/25 + * c=Bag&a=useItemS + * + * + */ diff --git a/doc/Recharge.py b/doc/Recharge.py new file mode 100644 index 00000000..106163c9 --- /dev/null +++ b/doc/Recharge.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- + +import _common + +class Recharge(object): + + def __init__(self): + self.apis = [ + { + 'name': 'goodsList', + 'desc': '充值-商品列表', + 'group': 'Recharge', + 'url': 'webapp/index.php?c=Recharge&a=goodsList', + 'params': [ + _common.ReqHead(), + ], + 'response': [ + _common.RspHead(), + ['!goods', [_common.RechargeGoods()], '商品列表'] + ] + } + ] diff --git a/doc/_common.py b/doc/_common.py index 06a7f906..a338624c 100644 --- a/doc/_common.py +++ b/doc/_common.py @@ -1820,3 +1820,11 @@ class ChainActivity(object): ['to', '', 'to'], ['date', '', '事件发生时间'], ] + +class RechargeGoods(object): + + def __init__(self): + self.fields = [ + ['goods_id', '', '商品id(购买时用)'], + ['goods_meta', '', '配置表信息(和excel完全一样)'], + ] diff --git a/webapp/controller/BagController.class.php b/webapp/controller/BagController.class.php index 632a17d8..a5b4e2f3 100644 --- a/webapp/controller/BagController.class.php +++ b/webapp/controller/BagController.class.php @@ -73,7 +73,7 @@ class BagController extends BaseAuthedController { $this->_rspOk(); } - public function useItem() + public function useItemS() { $itemId = getReqVal('item_id', 0); $itemNum = getReqVal('item_num', 0); diff --git a/webapp/controller/BaseAuthedController.class.php b/webapp/controller/BaseAuthedController.class.php index 0430e0f5..b500b7c4 100644 --- a/webapp/controller/BaseAuthedController.class.php +++ b/webapp/controller/BaseAuthedController.class.php @@ -121,6 +121,7 @@ class BaseAuthedController extends BaseController { phpcommon\sendError(1001, 'session expiration'); die(); } + $this->safeApiVerify(); $r = $this->_getRedis($this->_getAccountId()); if (!(getReqVal('c', '') == 'User' && getReqVal('a', '') == 'login')) { if ((getReqVal('c', '') == 'Battle')) { @@ -832,4 +833,42 @@ class BaseAuthedController extends BaseController { return $decVal; } + private function safeApiVerify() { + $aLastChar = substr(getReqVal('a', ''), -1); + if ($aLastChar != 'S') { + return; + } + $params = $_REQUEST; + ksort($params); + $signData = ''; + $ignoreKeys = array( + '__nonce', + '__timestamp', + '__sign' + ); + foreach($params as $key => $val){ + if (!in_array($key, $ignoreKeys)) { + $signData .= $key . '=' . $val . '&'; + } + } + $nonce = getReqVal('__nonce', ''); + $timeStamp = getReqVal('__timestamp', ''); + $sign = getReqVal('__sign', ''); + $postData = file_get_contents('php://input'); + if (intval($timeStamp) < myself()->_getNowTime() - 20 || + intval($timeStamp) < myself()->_getNowTime() + 10) { + error_log('safeApiVerify timestamp error:' . $timeStamp . ' nowTime:' . myself()->_getNowTime()); + myself()->_rspErr(1007, "sign error1"); + die(); + } + $signData .= $nonce . $timeStamp . $postData; + foreach (SAPI_SECRET_KEYS as $val) { + if (md5($signData . $val) == $sign) { + return; + } + } + myself()->_rspErr(1007, "sign error2"); + die(); + } + } diff --git a/webapp/controller/BaseController.class.php b/webapp/controller/BaseController.class.php index 8e26e82a..376e3e6e 100644 --- a/webapp/controller/BaseController.class.php +++ b/webapp/controller/BaseController.class.php @@ -317,4 +317,13 @@ class BaseController { return implode("_",$str_list); } + public function _upgradeToSafeApi() { + echo json_encode(array( + 'errcode' => 1006, + 'errmsg' => 'already upgrade to safe api', + 'payload' => 1, + )); + die(); + } + } diff --git a/webapp/controller/OpsController.class.php b/webapp/controller/OpsController.class.php index 227cfc26..ecd94605 100644 --- a/webapp/controller/OpsController.class.php +++ b/webapp/controller/OpsController.class.php @@ -1,6 +1,6 @@ $meta['id'], + 'goods_meta' => $meta, + )); + }); + myself()->_rspData(array( + 'goods' => $goods + )); + } + +} diff --git a/webapp/index.php b/webapp/index.php index b6263b95..98e824e9 100644 --- a/webapp/index.php +++ b/webapp/index.php @@ -11,11 +11,23 @@ if (empty($_REQUEST['c']) || empty($_REQUEST['a'])) { function autoload_controller__($classname) { - require_once "controller/$classname.class.php"; + $fileName = "controller/$classname.class.php"; + if (!file_exists($fileName)) { + if (SERVER_ENV == _ONLINE) { + die(); + } + } + require_once $fileName; spl_autoload_unregister('autoload_controller__'); } spl_autoload_register('autoload_controller__'); +function isValidActionAction($a, $method) { + return $method && $method->isPublic() && + $a[0] != '_' && + (!$method->isConstructor() && !$method->isDestructor()); +} + try{ $c = $_REQUEST['c']; $a = $_REQUEST['a']; @@ -30,13 +42,28 @@ try{ $classname = $c .'Controller'; $beginTick = phpcommon\getTickCount(); $obj = eval('return new $classname();'); - $method = new ReflectionMethod($classname, $a); - if ($method && $method->isPublic() && - $a[0] != '_' && - (!$method->isConstructor() && !$method->isDestructor())) { + $method = null; + try { + $method = new ReflectionMethod($classname, $a); + } catch (Exception $e) { + } + $methodS = null; + try { + $methodS = new ReflectionMethod($classname, $a . 'S'); + } catch (Exception $e){ + } + if (isValidActionAction($a, $method)) { $obj->_handlePre(); $method->invoke($obj); $obj->_handlePost(); + } else if (isValidActionAction($a, $methodS)) { + //如果原版函数不存在并且S版函数存在,则自动切换为S版 + echo json_encode(array( + 'errcode' => 1006, + 'errmsg' => 'already upgrade to safe api', + 'payload' => 1, + )); + die(); } } catch (Exception $e){ error_log($e); diff --git a/webapp/mt/Recharge.php b/webapp/mt/Recharge.php new file mode 100644 index 00000000..a90beb63 --- /dev/null +++ b/webapp/mt/Recharge.php @@ -0,0 +1,26 @@ +