添加逛目录

DengXinFei
Commit 8b4c9cc42c06019caf78ffd6d90f94c4071688b8 1 parent fabf6590
Showing 1 changed file with 51 additions and 0 deletions
逛/security.md
--- a/逛/security.md 0 → 100644
View file @8b4c9cc
+++ b/逛/security.md 0 → 100644
View file @8b4c9cc
+## 安全控制
+
+### 消息完整性校验
+
+#### 控制开关
+发送请求 `http://m.yohobuy.com/lb/v1?app_version=4.1.0.1603140001&client_secret=e750b0174173917bfe3388d57b03d5dd&client_type=iphone&os_version=9.3&screen_size=375x667&v=7`
+根据响应消息体中`bv`的接口判断是否进行消息完整性校验
+```javascript
+{
+code: 200,
+message: "Config Success",
+md5: "1231231231231",
+data: {
+  ae: "e0323a9039add2978bf5b49550572c7c",
+  url: "http://m.yohobuy.com",
+  tl: "7ea6bdf07376a928c5d4677789c45463",
+  rp: "62a165d59f8daf42e2df5f3c5aed8a2f",
+  bv: "94931e4a3036baeecdacb975e10a8ec6"
+ }
+}
+
+```
+
+![checksum](http://7xs795.com1.z0.glb.clouddn.com/228694685069003367.jpg)
+
+
+
+### 会话控制
+
+#### 控制开关
+
+ - 只有客户端版本>4.0.5才会进行session校验
+ - 只有下面的接口才会进行session校验
+    - app.passport.profile
+    - app.SpaceOrders.detail
+    - app.SpaceOrders.get
+
+#### java服务端配置
+ 
+```bash
+
+# gateway模块，是否启用校验
+is_checksession_enable=true
+
+ #用户模块，用分钟作为单位， 默认是7天
+ user.session.expire=10080 
+
+```
+
+
+ ![session](http://7xs795.com1.z0.glb.clouddn.com/10270172634654153.jpg)