1. 设备授权接口添加设备ID ，厂商，项目，型号，生产日期的校验

xu
1 parent 22c5f500
Showing 2 changed files with 27 additions and 11 deletions Show diff stats
app-api/controllers/AuthDeviceController.php
console/controllers/TestController.php
@@ -31,7 +31,7 @@ use function time;
  */
 class AuthDeviceController extends BaseController
 {
-    const SIGN_SALT = '13456';
+    private static $SIGN_SALT = '13456';
  
     private static function myLog($str)
     {
@@ -64,10 +64,25 @@ class AuthDeviceController extends BaseController
        $productionNo	= isset($getPostData['production'])?$getPostData['production']:'';
        $timestamp       = isset($getPostData['timestamp'])?$getPostData['timestamp']:'';
        $sign	        = isset($getPostData['sign'])?$getPostData['sign']:'';
+       if (empty($deviceId) || empty($manufactureNo) || empty($projectNo) || empty($modelNo) || empty($productionNo)) {
+           $e->message = '传入的数据部分为空';
+           return $e;
+       }
+       $pattern = "/^[a-zA-Z0-9]+$/";
+       $dexPattern = "/^[0-9a-fA-F]+$/";
+       if (!preg_match($pattern, $deviceId) || !preg_match($dexPattern, $manufactureNo) || !preg_match($dexPattern, $modelNo) || !preg_match($dexPattern, $productionNo)) {
+           $e->status = 9;
+           $e->message = '传入的数据字段格式不对';
+           return $e;
+       }
+       if (isset(Yii::$app->params['secretKey']) && !empty(Yii::$app->params['secretKey'])) {
+           $salt = Yii::$app->params['secretKey'];
+       } else {
+           $salt = isset(Yii::$app->params['secretKey'])? Yii::$app->params['secretKey']: self::$SIGN_SALT;
+       }
  
-       $salt = self::SIGN_SALT;
        $makeSign = md5($manufactureNo . $projectNo. $modelNo . $productionNo . $timestamp . $deviceId. $salt);
-       if ($sign != $makeSign) {
+       if ($sign != $makeSign || empty($sign)) {
            $e->status = 2;
            $e->message = '签名出错';
            return $e;
@@ -22,7 +22,8 @@ class TestController extends Controller
  
    public function actionGen()
    {
-       echo sprintf('%04x', 1);
+       $no = hexdec('000A') + 1;
+       echo sprintf('%04X', $no);
    }
  
     public function actionCheckSign()
@@ -34,13 +35,13 @@ class TestController extends Controller
  
     public function actionDeviceAuth()
     {
-        //$url = 'http://kingb:8012/app-api/web/authDevice';
-        $url = 'http://47.107.95.101/app-api/web/authDevice';
-        $manufactureNo = '0003';
-        $device_id = '000000010108';
-        $projectNo = '0003';
-        $modelNo = '0002';
-        $productionNo = '0004';
+        $url = 'http://kingb:8012/app-api/web/authDevice';
+        //$url = 'http://47.107.95.101/app-api/web/authDevice';
+        $manufactureNo = '0001';
+        $device_id = 'DEVICE00000A';
+        $projectNo = '0001';
+        $modelNo = '0001';
+        $productionNo = '0001';
         $timestamp = time();
         $salt = 13456;
         $sign = md5($manufactureNo. $projectNo. $modelNo . $productionNo . $timestamp .$device_id. $salt);
...	...	@@ -31,7 +31,7 @@ use function time;
31	31	*/
32	32	class AuthDeviceController extends BaseController
33	33	{
34		- const SIGN_SALT = '13456';
	34	+ private static $SIGN_SALT = '13456';
35	35
36	36	private static function myLog($str)
37	37	{
...	...	@@ -64,10 +64,25 @@ class AuthDeviceController extends BaseController
64	64	$productionNo = isset($getPostData['production'])?$getPostData['production']:'';
65	65	$timestamp = isset($getPostData['timestamp'])?$getPostData['timestamp']:'';
66	66	$sign = isset($getPostData['sign'])?$getPostData['sign']:'';
	67	+ if (empty($deviceId) \|\| empty($manufactureNo) \|\| empty($projectNo) \|\| empty($modelNo) \|\| empty($productionNo)) {
	68	+ $e->message = '传入的数据部分为空';
	69	+ return $e;
	70	+ }
	71	+ $pattern = "/^[a-zA-Z0-9]+$/";
	72	+ $dexPattern = "/^[0-9a-fA-F]+$/";
	73	+ if (!preg_match($pattern, $deviceId) \|\| !preg_match($dexPattern, $manufactureNo) \|\| !preg_match($dexPattern, $modelNo) \|\| !preg_match($dexPattern, $productionNo)) {
	74	+ $e->status = 9;
	75	+ $e->message = '传入的数据字段格式不对';
	76	+ return $e;
	77	+ }
	78	+ if (isset(Yii::$app->params['secretKey']) && !empty(Yii::$app->params['secretKey'])) {
	79	+ $salt = Yii::$app->params['secretKey'];
	80	+ } else {
	81	+ $salt = isset(Yii::$app->params['secretKey'])? Yii::$app->params['secretKey']: self::$SIGN_SALT;
	82	+ }
67	83
68		- $salt = self::SIGN_SALT;
69	84	$makeSign = md5($manufactureNo . $projectNo. $modelNo . $productionNo . $timestamp . $deviceId. $salt);
70		- if ($sign != $makeSign) {
	85	+ if ($sign != $makeSign \|\| empty($sign)) {
71	86	$e->status = 2;
72	87	$e->message = '签名出错';
73	88	return $e;
...	...
...	...	@@ -22,7 +22,8 @@ class TestController extends Controller
22	22
23	23	public function actionGen()
24	24	{
25		- echo sprintf('%04x', 1);
	25	+ $no = hexdec('000A') + 1;
	26	+ echo sprintf('%04X', $no);
26	27	}
27	28
28	29	public function actionCheckSign()
...	...	@@ -34,13 +35,13 @@ class TestController extends Controller
34	35
35	36	public function actionDeviceAuth()
36	37	{
37		- //$url = 'http://kingb:8012/app-api/web/authDevice';
38		- $url = 'http://47.107.95.101/app-api/web/authDevice';
39		- $manufactureNo = '0003';
40		- $device_id = '000000010108';
41		- $projectNo = '0003';
42		- $modelNo = '0002';
43		- $productionNo = '0004';
	38	+ $url = 'http://kingb:8012/app-api/web/authDevice';
	39	+ //$url = 'http://47.107.95.101/app-api/web/authDevice';
	40	+ $manufactureNo = '0001';
	41	+ $device_id = 'DEVICE00000A';
	42	+ $projectNo = '0001';
	43	+ $modelNo = '0001';
	44	+ $productionNo = '0001';
44	45	$timestamp = time();
45	46	$salt = 13456;
46	47	$sign = md5($manufactureNo. $projectNo. $modelNo . $productionNo . $timestamp .$device_id. $salt);
...	...