public function testSign() { $method = 'GET'; $path = '/api/test/test'; $headers = array('X_API_UNITTEST1' => 'A', 'X_API_UNITTEST2' => 'B'); $query = array('param1' => 'C', 'param2' => 'D'); $postData = array('param1' => 'E', 'param2' => 'F'); $secret = $this->secret; $r = PrismSign::produce($method, $path, $headers, $query, $postData, $secret); $this->assertEquals(32, strlen($r)); }
/** * 发起请求 */ protected function createRequest($http_method, $path, $headers = array(), $params = null) { // 获取完整URL信息 $url = $this->base_url . '/' . ltrim($path, '/'); if (substr($path, 0, 6) == '/oauth') { // oauth url fix $url = str_replace('/api', '', $url); } $url_arr = parse_url($url); // 准备query, headers, postData $query = array(); $postData = array(); $headers['Pragma'] = 'no-cache'; $headers['Cache-Control'] = 'no-cache'; switch ($http_method) { case 'GET': case 'DELETE': if ($params) { $query = array_merge($query, $params); } break; case 'POST': case 'PUT': if ($params) { $postData = array_merge($postData, $params); } $headers['Content-Type'] = 'application/x-www-form-urlencoded'; break; } $query['client_id'] = $this->app_key; $query['sign_method'] = 'md5'; $query['sign_time'] = time(); if ($this->access_token) { $headers["Authorization"] = "Bearer " . $this->access_token; } // 生成数字签名 $query['sign'] = PrismSign::produce($http_method, $url_arr['path'], $headers, $query, $postData, $this->app_secret); // https if ($url_arr['scheme'] == 'https') { $query = array(); $query['client_id'] = $this->app_key; $query['client_secret'] = $this->app_secret; } // 拼装最后Url $final_url = preg_replace("/\\?.*/", '', $url) . '?' . http_build_query($query); // 发起请求 CURL/SOCKET return $this->http->sendRequest($http_method, $final_url, $headers, $postData); }
public function validate($request, $response) { // 获取sign的值并清理params $sign = $request->params['sign']; unset($request->params['sign']); $http_method = $request->getMethod(); $path = $request->getPath(); $headers = $request->getHeaders(); $query = $request->getQuery(); $postData = $request->getPostData(); $app_info = $request->getAppInfo(); $app_secret = ''; unset($query['sign']); // 输入参数和Token进行校验 if ($sign == PrismSign::produce($http_method, $path, $headers, $query, $postData, $app_secret)) { return; } else { $response->setError('Invalid Request', 'Sign is not valid.')->send(); } }