checkToken(); } public function checkToken() { // token $key = $this->request->param('key/s',""); $encryption_data = $this->request->param('encryption_data/s',""); $sign = $this->request->param('sign/s',""); if (!$encryption_data) { $this->error('异常的调用'); } //根据key查询公钥库 $public_key = \app\common\model\auth\api\Key::where('key', $key)->value("public_key"); if (!$public_key) { $this->error('非法访问！'); } $decrypted = ''; if (!openssl_public_decrypt(base64_decode($sign), $decrypted, $public_key)) { $this->error('非法访问！'); } $sign_data = json_decode($decrypted, true); //取出时间戳 $timestamp = $sign_data['timestamp']; //授权有效时间只有3分钟 if (time() - $timestamp > 180) { $this->error('授权已过期'); } //公钥解密加密数据 if($encryption_data){ $decrypt_data = ''; if (!openssl_public_decrypt(base64_decode($encryption_data), $decrypt_data, $public_key)) { $this->error('非法访问！'); } $this->decrypt_data = json_decode($decrypt_data, true); //如果有当前服务器的token，塞入当前服务，重新加载父类_initialize方法 if(!empty($this->decrypt_data['token'])){ $token = $this->decrypt_data['token']; $this->auth->init($token); } } } }