fe / YOHOBUYWAP · Commits

Go to a project

Authored by Rock Zhang
Commit f2d1975d90e004dd8c6ce0c8fce8df037fa23c12 1 parent 9608dc8a

添加对app中client_secret的校验 

Code Review By Rock Zhang
Inline Side-by-side
Showing 2 changed files with 34 additions and 7 deletions
@@ -25,12 +25,7 @@ class CouponController extends AbstractAction @@ -25,12 +25,7 @@ class CouponController extends AbstractAction
25 $uid = $this->getUid(true); 25 $uid = $this->getUid(true);
26 $app = $this->get('app', array()); 26 $app = $this->get('app', array());
27 27
28 - // APP时用参数中的ID  
29 - if (!empty($app)) {  
30 - $uid = isset($app['uid']) ? $app['uid'] : 0;  
31 - }  
32 -  
33 - $result = CouponModel::couponSend($uid, $token); 28 + $result = CouponModel::couponSend($uid, $token, $app);
34 29
35 $this->helpJsonCallbackResult($callback, $result['code'], $result['message'], $result['data']); 30 $this->helpJsonCallbackResult($callback, $result['code'], $result['message'], $result['data']);
36 } 31 }
@@ -2,6 +2,8 @@ @@ -2,6 +2,8 @@
2 2
3 namespace Coupon; 3 namespace Coupon;
4 4
  5 +use Api\Sign;
  6 +use Api\Yohobuy;
5 use LibModels\Wap\Cuxiao\ActivityData; 7 use LibModels\Wap\Cuxiao\ActivityData;
6 use Plugin\Helpers; 8 use Plugin\Helpers;
7 9
@@ -21,13 +23,19 @@ class CouponModel @@ -21,13 +23,19 @@ class CouponModel
21 * 23 *
22 * @param int $uid 用户ID 24 * @param int $uid 用户ID
23 * @param string $token 发券标记 25 * @param string $token 发券标记
  26 + * @param array $app url中传递的app有关的参数
24 * @return mixed 27 * @return mixed
25 */ 28 */
26 - public static function couponSend($uid, $token) 29 + public static function couponSend($uid, $token, $app)
27 { 30 {
28 $result = array('code' => 403, 'message' => '参数错误', 'data' => ''); 31 $result = array('code' => 403, 'message' => '参数错误', 'data' => '');
29 32
30 do { 33 do {
  34 + // APP时用参数中的ID
  35 + if (self::checkApp($app)) {
  36 + $uid = isset($app['uid']) ? $app['uid'] : 0;
  37 + }
  38 +
31 // 用户ID或者发券标记为空时 39 // 用户ID或者发券标记为空时
32 if (empty($uid) || empty($token)) { 40 if (empty($uid) || empty($token)) {
33 break; 41 break;
@@ -36,6 +44,8 @@ class CouponModel @@ -36,6 +44,8 @@ class CouponModel
36 $couponResult = ActivityData::couponSend($uid, $token); 44 $couponResult = ActivityData::couponSend($uid, $token);
37 // 接口返回错误时 45 // 接口返回错误时
38 if (empty($couponResult)) { 46 if (empty($couponResult)) {
  47 + $result['code'] = 404;
  48 + $result['message'] = '出错啦~';
39 break; 49 break;
40 } 50 }
41 51
@@ -45,4 +55,26 @@ class CouponModel @@ -45,4 +55,26 @@ class CouponModel
45 return $result; 55 return $result;
46 } 56 }
47 57
  58 + /**
  59 + * 校验是否为app
  60 + *
  61 + * @param array $app url中传递的app有关的参数
  62 + * @return bool
  63 + */
  64 + private static function checkApp($app)
  65 + {
  66 + $isApp = false;
  67 +
  68 + // APP时用参数中的ID
  69 + if (!empty($app) && isset($app['client_secret'])) {
  70 + $params = $app;
  71 + unset($params['client_secret']);
  72 + $params['private_key'] = Yohobuy::$privateKeyList[$params['client_type']];
  73 +
  74 + $isApp = ($app['client_secret'] === Sign::getSign($params));
  75 + }
  76 +
  77 + return $isApp;
  78 + }
  79 +
48 } 80 }