From 0b65f1d952c625f91ec15479496b8ce7f7c8847a Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Thu, 25 Jul 2024 10:39:21 +0800 Subject: [PATCH 1/9] 1 --- config/config.php | 3 ++ webapp/controller/BaseController.class.php | 48 ++++++++++++++++++++++ webapp/controller/OpsController.class.php | 12 +++++- 3 files changed, 62 insertions(+), 1 deletion(-) diff --git a/config/config.php b/config/config.php index 5f23dd0a..926170e8 100644 --- a/config/config.php +++ b/config/config.php @@ -17,4 +17,7 @@ const HERO_CONTRACT_ADDRESS = "0xc8607507451059cfae6ca4d07ec6f631ce8ef9f9"; const NORMAL_HERO_CONTRACT_ADDRESS = "0x994de61dd536b22f7e3bdb77aa3ef55aec938bfd"; const ETH_LOCK_CONTRACT_ADDRESS = "0x7f2b4db626d878778e178b4f0c7ba3a2870c6dd0"; const NFT_META_URL = 'https://nft-test.kingsome.cn'; +const SAPI_SECRET_KEYS = array( + '~kCu8jYS)rJ5Ay_pZS_rT#&jOl)Qo0m)' +); define('PRESENT_FREE_ITEM', 1); diff --git a/webapp/controller/BaseController.class.php b/webapp/controller/BaseController.class.php index 8e26e82a..b75a061c 100644 --- a/webapp/controller/BaseController.class.php +++ b/webapp/controller/BaseController.class.php @@ -19,6 +19,7 @@ class BaseController { $this->timeZone = 0; $this->nowtime = phpcommon\getNowTime(); + $this->safeApiVerify(); } public function _handlePre() @@ -317,4 +318,51 @@ class BaseController { return implode("_",$str_list); } + private function safeApiVerify() { + $aLastChar = substr(getReqVal('a', ''), -1); + if ($aLastChar != 'S') { + return; + } + $params = $_REQUEST; + ksort($params); + $signData = ''; + $ignoreKeys = array( + '__nonce', + '__timestamp', + '__sign' + ); + foreach($params as $key => $val){ + if (!in_array($key, $ignoreKeys)) { + $signData .= $key . '=' . $val . '&'; + } + } + $nonce = getReqVal('__nonce', ''); + $timeStamp = getReqVal('__timestamp', ''); + $sign = getReqVal('__sign', ''); + $postData = file_get_contents('php://input'); + if (intval($timeStamp) < myself()->_getNowTime() - 20 || + intval($timeStamp) < myself()->_getNowTime() + 10) { + error_log('safeApiVerify timestamp error:' . $timeStamp . ' nowTime:' . myself()->_getNowTime()); + myself()->_rspErr(1007, "sign error1"); + die(); + } + $signData .= $nonce . $timeStamp . $postData; + foreach (SAPI_SECRET_KEYS as $val) { + if (md5($signData . $val) == $sign) { + return; + } + } + myself()->_rspErr(1007, "sign error2"); + die(); + } + + public function _upgradeToSafeApi() { + echo json_encode(array( + 'errcode' => 1006, + 'errmsg' => 'already upgrade to safe api', + 'payload' => 1, + )); + die(); + } + } diff --git a/webapp/controller/OpsController.class.php b/webapp/controller/OpsController.class.php index 227cfc26..45abbf07 100644 --- a/webapp/controller/OpsController.class.php +++ b/webapp/controller/OpsController.class.php @@ -1,6 +1,6 @@ 0, + 'errmsg' => '', + 'healthy' => 1, + 'max_rundelay' => 1, + )); + } + } From 817015072f90175db4ed19b79c5bae046849bdb5 Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Thu, 25 Jul 2024 10:42:20 +0800 Subject: [PATCH 2/9] 1 --- .../controller/BaseAuthedController.class.php | 39 +++++++++++++++++++ webapp/controller/BaseController.class.php | 39 ------------------- webapp/controller/OpsController.class.php | 10 ----- 3 files changed, 39 insertions(+), 49 deletions(-) diff --git a/webapp/controller/BaseAuthedController.class.php b/webapp/controller/BaseAuthedController.class.php index 0f5e8f8b..b3fe90f5 100644 --- a/webapp/controller/BaseAuthedController.class.php +++ b/webapp/controller/BaseAuthedController.class.php @@ -121,6 +121,7 @@ class BaseAuthedController extends BaseController { phpcommon\sendError(1001, 'session expiration'); die(); } + $this->safeApiVerify(); $r = $this->_getRedis($this->_getAccountId()); if (!(getReqVal('c', '') == 'User' && getReqVal('a', '') == 'login')) { if ((getReqVal('c', '') == 'Battle')) { @@ -835,4 +836,42 @@ class BaseAuthedController extends BaseController { return $decVal; } + private function safeApiVerify() { + $aLastChar = substr(getReqVal('a', ''), -1); + if ($aLastChar != 'S') { + return; + } + $params = $_REQUEST; + ksort($params); + $signData = ''; + $ignoreKeys = array( + '__nonce', + '__timestamp', + '__sign' + ); + foreach($params as $key => $val){ + if (!in_array($key, $ignoreKeys)) { + $signData .= $key . '=' . $val . '&'; + } + } + $nonce = getReqVal('__nonce', ''); + $timeStamp = getReqVal('__timestamp', ''); + $sign = getReqVal('__sign', ''); + $postData = file_get_contents('php://input'); + if (intval($timeStamp) < myself()->_getNowTime() - 20 || + intval($timeStamp) < myself()->_getNowTime() + 10) { + error_log('safeApiVerify timestamp error:' . $timeStamp . ' nowTime:' . myself()->_getNowTime()); + myself()->_rspErr(1007, "sign error1"); + die(); + } + $signData .= $nonce . $timeStamp . $postData; + foreach (SAPI_SECRET_KEYS as $val) { + if (md5($signData . $val) == $sign) { + return; + } + } + myself()->_rspErr(1007, "sign error2"); + die(); + } + } diff --git a/webapp/controller/BaseController.class.php b/webapp/controller/BaseController.class.php index b75a061c..376e3e6e 100644 --- a/webapp/controller/BaseController.class.php +++ b/webapp/controller/BaseController.class.php @@ -19,7 +19,6 @@ class BaseController { $this->timeZone = 0; $this->nowtime = phpcommon\getNowTime(); - $this->safeApiVerify(); } public function _handlePre() @@ -318,44 +317,6 @@ class BaseController { return implode("_",$str_list); } - private function safeApiVerify() { - $aLastChar = substr(getReqVal('a', ''), -1); - if ($aLastChar != 'S') { - return; - } - $params = $_REQUEST; - ksort($params); - $signData = ''; - $ignoreKeys = array( - '__nonce', - '__timestamp', - '__sign' - ); - foreach($params as $key => $val){ - if (!in_array($key, $ignoreKeys)) { - $signData .= $key . '=' . $val . '&'; - } - } - $nonce = getReqVal('__nonce', ''); - $timeStamp = getReqVal('__timestamp', ''); - $sign = getReqVal('__sign', ''); - $postData = file_get_contents('php://input'); - if (intval($timeStamp) < myself()->_getNowTime() - 20 || - intval($timeStamp) < myself()->_getNowTime() + 10) { - error_log('safeApiVerify timestamp error:' . $timeStamp . ' nowTime:' . myself()->_getNowTime()); - myself()->_rspErr(1007, "sign error1"); - die(); - } - $signData .= $nonce . $timeStamp . $postData; - foreach (SAPI_SECRET_KEYS as $val) { - if (md5($signData . $val) == $sign) { - return; - } - } - myself()->_rspErr(1007, "sign error2"); - die(); - } - public function _upgradeToSafeApi() { echo json_encode(array( 'errcode' => 1006, diff --git a/webapp/controller/OpsController.class.php b/webapp/controller/OpsController.class.php index 45abbf07..ecd94605 100644 --- a/webapp/controller/OpsController.class.php +++ b/webapp/controller/OpsController.class.php @@ -28,14 +28,4 @@ class OpsController extends BaseController { )); } - public function selfCheckingS() - { - echo json_encode(array( - 'errcode' => 0, - 'errmsg' => '', - 'healthy' => 1, - 'max_rundelay' => 1, - )); - } - } From fa714b9436501539e7991108361234ae2e7d01df Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Thu, 25 Jul 2024 10:46:54 +0800 Subject: [PATCH 3/9] 1 --- webapp/index.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/webapp/index.php b/webapp/index.php index b6263b95..f1a7ab11 100644 --- a/webapp/index.php +++ b/webapp/index.php @@ -11,7 +11,13 @@ if (empty($_REQUEST['c']) || empty($_REQUEST['a'])) { function autoload_controller__($classname) { - require_once "controller/$classname.class.php"; + $fileName = "controller/$classname.class.php"; + if (!file_exists($fileName)) { + if (SERVER_ENV == _ONLINE) { + die(); + } + } + require_once $fileName; spl_autoload_unregister('autoload_controller__'); } spl_autoload_register('autoload_controller__'); From cdb8e9206e17ca11b92de07c8f179d1408430bbf Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Thu, 25 Jul 2024 11:05:59 +0800 Subject: [PATCH 4/9] 1 --- doc/Bag.py | 4 ++-- doc/README.php | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/doc/Bag.py b/doc/Bag.py index 0cc12d5d..c7d84ddd 100644 --- a/doc/Bag.py +++ b/doc/Bag.py @@ -20,10 +20,10 @@ class Bag(object): ] }, { - 'name': 'useItem', + 'name': 'useItemS', 'desc': '使用道具', 'group': 'Bag', - 'url': 'webapp/index.php?c=Bag&a=useItem', + 'surl': 'webapp/index.php?c=Bag&a=useItemS', 'params': [ _common.ReqHead(), ['item_uniid', 0, '道具唯一id'], diff --git a/doc/README.php b/doc/README.php index 15d07b4a..78698960 100644 --- a/doc/README.php +++ b/doc/README.php @@ -9,3 +9,15 @@ * * */ + + /** + * @api {GET} AA接口升级日志 接口升级日志 + * @apiPermission none + * @apiGroup 接口升级日志 + * @apiVersion 0.0.1 + * @apiSuccessExample {json} Success-Response: + * 2024/07/25 + * c=Bag&a=useItemS + * + * + */ From e6ff8b603143d416cf0ee67e397629250bed2a9d Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Thu, 25 Jul 2024 11:11:17 +0800 Subject: [PATCH 5/9] 1 --- webapp/index.php | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/webapp/index.php b/webapp/index.php index f1a7ab11..e7dfc0bf 100644 --- a/webapp/index.php +++ b/webapp/index.php @@ -22,6 +22,12 @@ function autoload_controller__($classname) } spl_autoload_register('autoload_controller__'); +function isValidActionAction($a, $method) { + return $method && $method->isPublic() && + $a[0] != '_' && + (!$method->isConstructor() && !$method->isDestructor()); +} + try{ $c = $_REQUEST['c']; $a = $_REQUEST['a']; @@ -37,12 +43,19 @@ try{ $beginTick = phpcommon\getTickCount(); $obj = eval('return new $classname();'); $method = new ReflectionMethod($classname, $a); - if ($method && $method->isPublic() && - $a[0] != '_' && - (!$method->isConstructor() && !$method->isDestructor())) { + $methodS = new ReflectionMethod($classname, $a . 'S'); + if (isValidActionAction($a, $method)) { $obj->_handlePre(); $method->invoke($obj); $obj->_handlePost(); + } else if (isValidActionAction($a, $methodS)) { + //如果原版函数不存在并且S版函数存在,则自动切换为S版 + echo json_encode(array( + 'errcode' => 1006, + 'errmsg' => 'already upgrade to safe api', + 'payload' => 1, + )); + die(); } } catch (Exception $e){ error_log($e); From 522ea447ab5612eb9b83d6406ef71f5c0f55cbfe Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Thu, 25 Jul 2024 11:18:24 +0800 Subject: [PATCH 6/9] 1 --- webapp/controller/BagController.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapp/controller/BagController.class.php b/webapp/controller/BagController.class.php index 632a17d8..a5b4e2f3 100644 --- a/webapp/controller/BagController.class.php +++ b/webapp/controller/BagController.class.php @@ -73,7 +73,7 @@ class BagController extends BaseAuthedController { $this->_rspOk(); } - public function useItem() + public function useItemS() { $itemId = getReqVal('item_id', 0); $itemNum = getReqVal('item_num', 0); From 3d966c69edc7a7fb30baff71fe253e3bcbe09470 Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Thu, 25 Jul 2024 11:30:20 +0800 Subject: [PATCH 7/9] 1 --- webapp/index.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/webapp/index.php b/webapp/index.php index e7dfc0bf..98e824e9 100644 --- a/webapp/index.php +++ b/webapp/index.php @@ -42,8 +42,16 @@ try{ $classname = $c .'Controller'; $beginTick = phpcommon\getTickCount(); $obj = eval('return new $classname();'); - $method = new ReflectionMethod($classname, $a); - $methodS = new ReflectionMethod($classname, $a . 'S'); + $method = null; + try { + $method = new ReflectionMethod($classname, $a); + } catch (Exception $e) { + } + $methodS = null; + try { + $methodS = new ReflectionMethod($classname, $a . 'S'); + } catch (Exception $e){ + } if (isValidActionAction($a, $method)) { $obj->_handlePre(); $method->invoke($obj); From 4632b3d3f37d02796aae2951d7cec2f5d7d83c22 Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Thu, 25 Jul 2024 15:35:51 +0800 Subject: [PATCH 8/9] 1 --- doc/BlockChain.py | 21 +++++++++++++++++++++ doc/Recharge.py | 22 ++++++++++++++++++++++ doc/_common.py | 8 ++++++++ 3 files changed, 51 insertions(+) create mode 100644 doc/Recharge.py diff --git a/doc/BlockChain.py b/doc/BlockChain.py index 3ff5c6c1..e8b40e55 100644 --- a/doc/BlockChain.py +++ b/doc/BlockChain.py @@ -122,4 +122,25 @@ class BlockChain(object): ['!params', [''], '合约参数列表'], ] }, + { + 'name': 'rechargeBuyS', + 'desc': 'usdt钻石充值', + 'group': 'BlockChain', + 'surl': 'webapp/index.php?c=BlockChain&a=rechargeBuyS', + 'params': [ + _common.ReqHead(), + ['goods_id', '', '商品id'], + ], + 'response': [ + _common.RspHead(), + ['order_id', '', '订单id'], + ['!calls', + [ + ['trans_id', '', '事务id'], + ['trans_req', _common.MFTransactionRequest(), '调用合约参数'], + ], + '合约调用-队列(排队执行上一个成功才能调用下一个)' + ] + ] + }, ] diff --git a/doc/Recharge.py b/doc/Recharge.py new file mode 100644 index 00000000..106163c9 --- /dev/null +++ b/doc/Recharge.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- + +import _common + +class Recharge(object): + + def __init__(self): + self.apis = [ + { + 'name': 'goodsList', + 'desc': '充值-商品列表', + 'group': 'Recharge', + 'url': 'webapp/index.php?c=Recharge&a=goodsList', + 'params': [ + _common.ReqHead(), + ], + 'response': [ + _common.RspHead(), + ['!goods', [_common.RechargeGoods()], '商品列表'] + ] + } + ] diff --git a/doc/_common.py b/doc/_common.py index 2db7ac3f..8c25b2de 100644 --- a/doc/_common.py +++ b/doc/_common.py @@ -1821,3 +1821,11 @@ class ChainActivity(object): ['to', '', 'to'], ['date', '', '事件发生时间'], ] + +class RechargeGoods(object): + + def __init__(self): + self.fields = [ + ['goods_id', '', '商品id(购买时用)'], + ['goods_meta', '', '配置表信息(和excel完全一样)'], + ] From d52e97551c852984ed0d178203098ce886febff9 Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Thu, 25 Jul 2024 16:20:42 +0800 Subject: [PATCH 9/9] 1 --- .../controller/RechargeController.class.php | 21 +++++++++++++++ webapp/mt/Recharge.php | 26 +++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 webapp/controller/RechargeController.class.php create mode 100644 webapp/mt/Recharge.php diff --git a/webapp/controller/RechargeController.class.php b/webapp/controller/RechargeController.class.php new file mode 100644 index 00000000..6434012b --- /dev/null +++ b/webapp/controller/RechargeController.class.php @@ -0,0 +1,21 @@ + $meta['id'], + 'goods_meta' => $meta, + )); + }); + myself()->_rspData(array( + 'goods' => $goods + )); + } + +} diff --git a/webapp/mt/Recharge.php b/webapp/mt/Recharge.php new file mode 100644 index 00000000..a90beb63 --- /dev/null +++ b/webapp/mt/Recharge.php @@ -0,0 +1,26 @@ +