/**
* 获得RSA算法的公钥, 并将私钥记录在Session中
*
* 该方法一般用于重要的数据加密, 如登录或注册时的密码加密
*/
public function getPublicKey()
{
$rsa = new RSA();
$rsa->create();
$content = array('pubkey' => $rsa->getPublicKey());
$this->session->set('rsa_private_key', $rsa->getPrivateKey());
$this->responseJson(200, 'OK', $content)->send();
}
/**
* 用户注册动作
*
* @param string $username
* @param string $password
* @param string $nickname
* @param string $regDate
* @param string $regIp
*/
public function postRegAction($username, $password, $nickname, $regDate, $regIp)
{
if (!$this->security->checkToken()) {
$this->response(403, 'Forbidden', '未通过安全验证')->send();
return;
}
$this->db->begin();
try {
//RSA解密密码
if (!$this->session->has('rsa_private_key')) {
$this->response(403, 'Forbidden', '传输了未经加密的密码')->send();
}
$rsa = new RSA();
$rsa->setPrivateKey($this->session->get('rsa_private_key'));
$password = $rsa->decrypt($password);
//注册用户
$user = new UserController();
$user->postUserAction($username, $password, 'sha1_salt_sha1', 1, $regDate, $regIp);
$meta = new UserMetaController();
$meta->postUserMetaAction($user->resource->UID, 'nickname', $nickname);
$this->db->commit();
$this->responseJson(200, '注册成功')->send();
//登陆用户
$sso = new SsoController();
$sso->postLoginAction($username, $password, $regDate, $regIp);
$this->session->set('auth', array('id' => $sso->resource->UID, 'username' => $sso->resource->username, 'ticket' => $sso->resource->ticket, 'auto_signin' => false, 'created_at' => time()));
} catch (ResourceException $e) {
$this->db->rollback();
switch ($e->getCode()) {
case 409:
$this->responseJson($e->getCode(), '用户或昵称已存在')->send();
break;
case 500:
$this->responseJson($e->getCode(), '服务器错误')->send();
break;
default:
throw new RuntimeException('使用不存在的返回值');
break;
}
}
}