game2006api/webapp/services/MarketService.php

<?php

namespace services;

class MarketService extends BaseService {

    const TOKEN_SALT = 'B8E6BD4F-FD7B-E2B8-6688-80A2D8632064';

    public static function isValidToken($account, $token)
    {
        $deToken = base64_decode($token);
        if (empty($deToken)) {
            return false;
        }
        if (empty($account)) {
            return false;
        }
        $data = json_decode($deToken, true);
        $sign = md5(self::TOKEN_SALT .
                    $data['account'] .
                    $data['rand'] .
                    $data['nonce'] .
                    $data['createtime']);
        if ($sign == $data['sign']) {
            return phpcommon\isSameAddress($data['account'], $account);
        }
        return false;
    }

    public static function buyBoxVerifySignature($buyerAddress,
                                                 $type,
                                                 $paymentTokenAddress,
                                                 $price,
                                                 $nonce,
                                                 $signature)

    {
        $params = array(
            'c' => 'BcService',
            'a' => 'buyBoxVerifySignature',
            'type' => $type,
            'paymentTokenAddress' => $paymentTokenAddress,
            'price' => $price,
            'nonce' => $nonce,
            'signature' => $signature
        );
        $url = self::getWeb3ServiceUrl();
        $response = '';
        if (!phpcommon\HttpClient::get
            ($url,
             $params,
             $response)) {
            phpcommon\sendError(500,  'server internal error');
            die();
            return;
        }
        error_log(json_encode(array(
            '_REQUEST' => $_REQUEST,
            'params' => $params,
            'response' => $response
        )));
        $data = json_decode($response, true);
        if (getXVal($data, 'errcode', 0) != 0) {
            phpcommon\sendError(1,  'Signature verification failed');
            die();
            return;
        } else {
            $recovered = getXVal($data, 'recovered', '');
            if (!phpcommon\isSameAddress($recovered, $buyerAddress)) {
                phpcommon\sendError(1,  'Signature verification failed');
                die();
                return;
            }
        }
    }

    public static function auth($account, $tips, $nonce, $signature)
    {
        $params = array(
            'c' => 'BcService',
            'a' => 'authVerifySignature',
            'tips' => $tips,
            'nonce' => $nonce,
            'signature' => $signature
        );
        $url = self::getWeb3ServiceUrl();
        $response = '';
        if (!phpcommon\HttpClient::get
            ($url,
             $params,
             $response)) {
            myself()->_rspErr(500,  'server internal error');
            die();
            return;
        }
        error_log(json_encode(array(
            '_REQUEST' => $_REQUEST,
            'params' => $params,
            'response' => $response
        )));
        $data = json_decode($response, true);
        if (getXVal($data, 'errcode', 0) != 0) {
            myself()->_rspErr(1,  'Signature verification failed');
            die();
            return;
        } else {
            $recovered = getXVal($data, 'recovered', '');
            if (!phpcommon\isSameAddress($recovered, $account)) {
                myself()->_rspErr(1,  'Signature verification failed');
                die();
                return;
            } else {
                myself()->_rspData(array(
                    'token' => self::genToken($account, $nonce)
                ));
            }
        }
    }

    private static function getWeb3ServiceUrl()
    {
        $web3ServiceCluster = require_once('../config/web3service.cluster.php');
        return $web3ServiceCluster[rand() % count($web3ServiceCluster)];
    }

    private static function genToken($account, $nonce)
    {
        $data = array(
            'account' => $account,
            'rand' => uniqid(),
            'nonce' => $nonce,
            'createtime' => myself()->_getNowTime(),
        );
        $data['sign'] = md5(self::TOKEN_SALT .
                            $data['account'] .
                            $data['rand'] .
                            $data['nonce'] .
                            $data['createtime']);
        return base64_encode(json_encode($data));
    }

}