-
Notifications
You must be signed in to change notification settings - Fork 0
/
tools.class.php
130 lines (106 loc) · 4.38 KB
/
tools.class.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
class Utils {
private static $prikey = '';
private static $pubkey = '';
private static $header = array(
'alg'=>'HS256', //生成signature的算法
'typ'=>'JWT' //类型
);
/**
* @var mixed
*/
public static function outPut($code, $msg = '', $data = [], $requestId = null, $requestTime = null) {
global $_G;
require_once libfile('function/misc');
$arr = [
"Code" => intval($code),
"Msg" => $msg,
"Data" => $data,
"RequestId" => empty($requestId) ? Utils::create_uuid() : $requestId,
'RequestTime' => empty($requestTime) ? date('Y-m-d H:i:s') : $requestTime
];
header('content-type:application/json; charset=utf-8');
// 去掉设置cookie
header_remove('set-cookie');
header('access-control-expose-headers: Authorization, authenticated');
header('access-control-allow-credentials: true');
header('access-control-allow-methods: GET, POST, PATCH, PUT, OPTIONS, DELETE');
header('access-control-allow-headers: Origin, Content-Type, Cookie, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN');
header('access-control-allow-origin: '.$_G['cache']['plugin']['zhaisoul_dzq_api']['dzq_url']);
header('x-content-type-options: nosniff');
header('x-frame-options: SAMEORIGIN');
header('x-xss-protection: 1; mode=block');
if($code != 0) {
http_response_code(503);
}
exit(json_encode($arr));
}
/** 创建UUID */
public static function create_uuid($prefix=""){
$chars = md5(uniqid(mt_rand(), true));
$uuid = substr ( $chars, 0, 8 ) . '-'
. substr ( $chars, 8, 4 ) . '-'
. substr ( $chars, 12, 4 ) . '-'
. substr ( $chars, 16, 4 ) . '-'
. substr ( $chars, 20, 12 );
return $prefix.$uuid ;
}
/** 验证Token是否合法 */
public static function verifyToken(string $Token) {
$tokens = explode('.', $Token);
if (count($tokens) != 3) {
return false;
}
list($base64header, $base64payload, $sign) = $tokens;
$base64decodeheader = json_decode(self::base64UrlDecode($base64header), JSON_OBJECT_AS_ARRAY);
if (empty($base64decodeheader['alg'])) {
return false;
}
if (!self::verify($base64header.'.'.$base64payload, self::base64UrlDecode($sign))) {
return false;
}
$payload = json_decode(self::base64UrlDecode($base64payload), JSON_OBJECT_AS_ARRAY);
if(TIMESTAMP > $payload['exp']) {
return false;
}
return $payload;
}
private static function base64UrlDecode(string $input)
{
return base64_decode(strtr($input, '-_', '+/'));
}
private static function base64UrlEncode(string $input)
{
return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
}
private static function verify($input, $sign) {
global $_G;
self::$prikey = $_G['cache']['plugin']['zhaisoul_dzq_api']['pri_key'];
self::$pubkey = $_G['cache']['plugin']['zhaisoul_dzq_api']['pub_key'];
//解决Windows下CRLF导致key无法验证的问题
$key = str_replace("\r\n", "\n", self::$pubkey);
$pass = openssl_verify($input, $sign, $key, OPENSSL_ALGO_SHA256);
//调试用,获取openssl_verify验证失败的错误原因
$err = array();
while($msg = openssl_error_string())
$err[] = $msg;
return $pass;
}
private static function signature($input, $key, $alg = 'HS256') {
$key = str_replace("\r\n", "\n", $key);
$token = '';
openssl_sign($input, $token, $key, OPENSSL_ALGO_SHA256);
return self::base64UrlEncode($token);
}
public static function getToken($payload) {
global $_G;
self::$prikey = $_G['cache']['plugin']['zhaisoul_dzq_api']['pri_key'];
self::$pubkey = $_G['cache']['plugin']['zhaisoul_dzq_api']['pub_key'];
$base64header = self::base64UrlEncode(json_encode(self::$header));
$base64payload = self::base64UrlEncode(json_encode($payload));
return $base64header . '.' . $base64payload . '.' . self::signature($base64header . '.' . $base64payload, self::$prikey, self::$header['alg']);
}
}