You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 lines
1.4 KiB
47 lines
1.4 KiB
<?php
|
|
namespace app\middleware;
|
|
|
|
use think\facade\Config;
|
|
|
|
class StaffAuth
|
|
{
|
|
public function handle($request, \Closure $next)
|
|
{
|
|
$token = $request->header('Authorization', '');
|
|
if (strpos($token, 'Bearer ') === 0) {
|
|
$token = substr($token, 7);
|
|
}
|
|
|
|
if (empty($token)) {
|
|
return json(['code' => -1, 'msg' => '请登录', 'data' => null])->code(401);
|
|
}
|
|
|
|
// 解析Token: base64(staff_id|expire|hmac)
|
|
$plain = base64_decode($token);
|
|
if (!$plain) {
|
|
return json(['code' => -1, 'msg' => 'Token无效', 'data' => null])->code(401);
|
|
}
|
|
|
|
$parts = explode('|', $plain);
|
|
if (count($parts) !== 3) {
|
|
return json(['code' => -1, 'msg' => 'Token格式错误', 'data' => null])->code(401);
|
|
}
|
|
|
|
[$staffId, $expire, $sign] = $parts;
|
|
|
|
// 校验过期
|
|
if (time() > intval($expire)) {
|
|
return json(['code' => -1, 'msg' => '登录已过期', 'data' => null])->code(401);
|
|
}
|
|
|
|
// 校验签名
|
|
$secret = Config::get('app.app_secret', 'bar_order_secret_key_2026');
|
|
$expected = hash_hmac('sha256', $staffId . '|' . $expire, $secret);
|
|
if (!hash_equals($expected, $sign)) {
|
|
return json(['code' => -1, 'msg' => 'Token签名错误', 'data' => null])->code(401);
|
|
}
|
|
|
|
$request->staffId = intval($staffId);
|
|
return $next($request);
|
|
}
|
|
}
|