public function authorize(Req $req, Res $res, $args) { $grant_type = $req->getInput('grant_type'); $client_id = $req->getServerParam('PHP_AUTH_USER'); $client_secret = $req->getServerParam('PHP_AUTH_PW'); $oauth = new Oauth(); $result = $oauth->get_token($client_id, $client_secret, $grant_type); return $res->authorize_output($result); }
/** * 根据 IP、当前小时、对应的路由、arg 参数、key 限制调用频率 * * @param Req $req HTTP 请求对象 */ protected function set_id(Req $req) { $ip = $req->getServerParam('REMOTE_ADDR'); $id = $ip . ':' . date('H'); $route = $req->getAttribute('route'); if ($route) { $id .= ':' . $route->getIdentifier(); if (!empty($this->opts['arg'])) { $id .= ':' . $route->getArgument($this->opts['arg']); } } if (!empty($this->opts['key'])) { $id .= ':' . $this->opts['key']; } $this->id = $id; }
public function __invoke(Req $req, Res $res, callable $next) { $request_uri = $req->getServerParam('REQUEST_URI'); if (strpos($request_uri, '/token') !== 0) { // 获取 token 链接无需验证权限 $route = $req->getAttribute('route'); if (!$route) { return $next($req, $res); } $action = ltrim($route->getCallable(), 'App\\Action\\'); $this->container->get('db'); $m_o = new \App\Model\Oauth(); $token = $req->getAccessToken(); $result = $m_o->valid_token($token, $action, $req); if ($result[0] !== 0) { return $res->output($result); } } return $next($req, $res); }