添加对app中client_secret的校验

Code Review By Rock Zhang

添加对app中client_secret的校验
Code Review By Rock Zhang
Rock Zhang
Commit f2d1975d90e004dd8c6ce0c8fce8df037fa23c12 1 parent 9608dc8a
Showing 2 changed files with 34 additions and 7 deletions
yohobuy/m.yohobuy.com/application/controllers/Coupon.php
yohobuy/m.yohobuy.com/application/models/Coupon/Coupon.php
--- a/yohobuy/m.yohobuy.com/application/controllers/Coupon.php
View file @f2d1975
+++ b/yohobuy/m.yohobuy.com/application/controllers/Coupon.php
View file @f2d1975
@@ -25,12 +25,7 @@ class CouponController extends AbstractAction
         $uid = $this->getUid(true);
         $app = $this->get('app', array());
 
-         // APP时用参数中的ID
-         if (!empty($app)) {
-             $uid = isset($app['uid']) ? $app['uid'] : 0;
-         }
- 
-         $result = CouponModel::couponSend($uid, $token);
+         $result = CouponModel::couponSend($uid, $token, $app);
 
         $this->helpJsonCallbackResult($callback, $result['code'], $result['message'], $result['data']);
     }
--- a/yohobuy/m.yohobuy.com/application/models/Coupon/Coupon.php
View file @f2d1975
+++ b/yohobuy/m.yohobuy.com/application/models/Coupon/Coupon.php
View file @f2d1975
@@ -2,6 +2,8 @@
 
 namespace Coupon;
 
+ use Api\Sign;
+ use Api\Yohobuy;
 use LibModels\Wap\Cuxiao\ActivityData;
 use Plugin\Helpers;
 
@@ -21,13 +23,19 @@ class CouponModel
      *
      * @param int $uid 用户ID
      * @param string $token 发券标记
+      * @param array $app url中传递的app有关的参数
      * @return mixed
      */
-     public static function couponSend($uid, $token)
+     public static function couponSend($uid, $token, $app)
     {
         $result = array('code' => 403, 'message' => '参数错误', 'data' => '');
 
         do {
+             // APP时用参数中的ID
+             if (self::checkApp($app)) {
+                 $uid = isset($app['uid']) ? $app['uid'] : 0;
+             }
+ 
             // 用户ID或者发券标记为空时
             if (empty($uid) || empty($token)) {
                 break;
@@ -36,6 +44,8 @@ class CouponModel
             $couponResult = ActivityData::couponSend($uid, $token);
             // 接口返回错误时
             if (empty($couponResult)) {
+                 $result['code'] = 404;
+                 $result['message'] = '出错啦~';
                 break;
             }
 
@@ -45,4 +55,26 @@ class CouponModel
         return $result;
     }
 
+     /**
+      * 校验是否为app
+      *
+      * @param array $app url中传递的app有关的参数
+      * @return bool
+      */
+     private static function checkApp($app)
+     {
+         $isApp = false;
+ 
+         // APP时用参数中的ID
+         if (!empty($app) && isset($app['client_secret'])) {
+             $params = $app;
+             unset($params['client_secret']);
+             $params['private_key'] = Yohobuy::$privateKeyList[$params['client_type']];
+ 
+             $isApp = ($app['client_secret'] === Sign::getSign($params));
+         }
+ 
+         return $isApp;
+     }
+ 
 }