添加逛目录

DengXinFei
Commit 8b4c9cc42c06019caf78ffd6d90f94c4071688b8 1 parent fabf6590
Showing 1 changed file with 51 additions and 0 deletions
逛/security.md
--- a/逛/security.md 0 → 100644
View file @8b4c9cc
+++ b/逛/security.md 0 → 100644
View file @8b4c9cc
+ ## 安全控制
+ 
+ ### 消息完整性校验
+ 
+ #### 控制开关
+ 发送请求 `http://m.yohobuy.com/lb/v1?app_version=4.1.0.1603140001&client_secret=e750b0174173917bfe3388d57b03d5dd&client_type=iphone&os_version=9.3&screen_size=375x667&v=7`
+ 根据响应消息体中`bv`的接口判断是否进行消息完整性校验
+ ```javascript
+ {
+ code: 200,
+ message: "Config Success",
+ md5: "1231231231231",
+ data: {
+   ae: "e0323a9039add2978bf5b49550572c7c",
+   url: "http://m.yohobuy.com",
+   tl: "7ea6bdf07376a928c5d4677789c45463",
+   rp: "62a165d59f8daf42e2df5f3c5aed8a2f",
+   bv: "94931e4a3036baeecdacb975e10a8ec6"
+  }
+ }
+ 
+ ```
+ 
+ ![checksum](http://7xs795.com1.z0.glb.clouddn.com/228694685069003367.jpg)
+ 
+ 
+ 
+ ### 会话控制
+ 
+ #### 控制开关
+ 
+  - 只有客户端版本>4.0.5才会进行session校验
+  - 只有下面的接口才会进行session校验
+     - app.passport.profile
+     - app.SpaceOrders.detail
+     - app.SpaceOrders.get
+ 
+ #### java服务端配置
+  
+ ```bash
+ 
+ # gateway模块，是否启用校验
+ is_checksession_enable=true
+ 
+  #用户模块，用分钟作为单位， 默认是7天
+  user.session.expire=10080 
+ 
+ ```
+ 
+ 
+  ![session](http://7xs795.com1.z0.glb.clouddn.com/10270172634654153.jpg)