PHP開發api介面安全驗證
阿新 • • 發佈:2020-06-01
前臺
這裡我並沒有實際的前臺,直接使用一個PHP檔案代替前臺,然後通過CURL模擬GET請求。
用的是TP框架,URL格式是pathinfo格式。
原始碼
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
<?php
/**
* Created by PhpStorm.
* User: Administrator
* Date: 2017/3/16 0016
* Time: 15:56
*/
namespace Client\Controller;
use Think\Controller;
class ClientController extends Controller{
const TOKEN = ‘API‘ ;
//模擬前臺請求伺服器api介面
public function getDataFromServer(){
//時間戳
$timeStamp = time();
//隨機數
$randomStr = $this -> createNonceStr();
//生成簽名
$signature = $this -> arithmetic( $timeStamp , $randomStr );
//url地址
$url = "http://www.apitest.com/Server/Server/respond/t/{$timeStamp}/r/{$randomStr}/s/{$signature}" ;
$result = $this -> httpGet( $url );
dump( $result );
}
//curl模擬get請求。
private function httpGet( $url ){
$curl = curl_init();
//需要請求的是哪個地址
curl_setopt( $curl ,CURLOPT_URL, $url );
//表示把請求的資料已檔案流的方式輸出到變數中
curl_setopt( $curl ,CURLOPT_RETURNTRANSFER,1);
$result = curl_exec( $curl );
curl_close( $curl );
return $result ;
}
//隨機生成字串
private function createNonceStr( $length = 8) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" ;
$str = "" ;
for ( $i = 0; $i < $length ; $i ++) {
$str .= substr ( $chars ,mt_rand(0, strlen ( $chars ) - 1),1);
}
return "z" . $str ;
}
/**
* @param $timeStamp 時間戳
* @param $randomStr 隨機字串
* @return string 返回簽名
*/
private function arithmetic( $timeStamp , $randomStr ){
$arr [ ‘timeStamp‘ ] = $timeStamp ;
$arr [ ‘randomStr‘ ] = $randomStr ;
$arr [ ‘token‘ ] = self::TOKEN;
//按照首字母大小寫順序排序
sort( $arr ,SORT_STRING);
//拼接成字串
$str = implode( $arr );
//進行加密
$signature = sha1( $str );
$signature = md5( $signature );
//轉換成大寫
$signature = strtoupper ( $signature );
return $signature ;
}
}
|
伺服器端
接受前臺資料進行驗證
原始碼
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
<?php
/**
* Created by PhpStorm.
* User: Administrator
* Date: 2017/3/16 0016
* Time: 16:01
*/
namespace Server\Controller;
use Think\Controller;
class ServerController extends Controller{
const TOKEN = ‘API‘ ;
//響應前臺的請求
public function respond(){
//驗證身份
$timeStamp = $_GET [ ‘t‘ ];
$randomStr = $_GET [ ‘r‘ ];
$signature = $_GET [ ‘s‘ ];
$str = $this -> arithmetic( $timeStamp , $randomStr );
if ( $str != $signature ){
echo "-1" ;
exit ;
}
//模擬資料
$arr [ ‘name‘ ] = ‘api‘ ;
$arr [ ‘age‘ ] = 15;
$arr [ ‘address‘ ] = ‘zz‘ ;
$arr [ ‘ip‘ ] = "192.168.0.1" ;
echo json_encode( $arr );
}
/**
* @param $timeStamp 時間戳
* @param $randomStr 隨機字串
* @return string 返回簽名
*/
public function arithmetic( $timeStamp , $randomStr ){
$arr [ ‘timeStamp‘ ] = $timeStamp ;
$arr [ ‘randomStr‘ ] = $randomStr ;
$arr [ ‘token‘ ] = self::TOKEN;
//按照首字母大小寫順序排序
sort( $arr ,SORT_STRING);
//拼接成字串
$str = implode( $arr );
//進行加密
$signature = sha1( $str );
$signature = md5( $signature );
//轉換成大寫
$signature = strtoupper ( $signature );
return $signature ;
}
}
結果
string(57) "{" name ":" api "," age ":15," address ":" zz "," ip ":" 192.168.0.1 "}"
|