## 一，創建middelware和controller ~~~ liuhongdi@lhdpc:/data/php/admapi$ php think make:middleware CheckSign Middleware:app\middleware\CheckSign created successfully. ~~~ ~~~ liuhongdi@lhdpc:/data/php/admapi$ php think make:controller Pay Controller:app\controller\Pay created successfully. ~~~ ## 二，編寫php代碼: 1,middleware/CheckSign.php ~~~ <?php declare (strict_types = 1); namespace app\middleware; use app\result\Result; use app\lib\util\sign; class CheckSign { //第三方對接口的訪問不需要檢查 private $notCheck = ["/pay/alipayreturn","/pay/alipayrotify"]; /** * 處理請求 * * @param \think\Request $request * @param \Closure $next * @return Response */ public function handle($request, \Closure $next) { $uri = $request->server("REQUEST_URI"); //如果是不需檢查的uri if (in_array($uri ,$this->notCheck)) { return $next($request); } else { $sign = new sign(); $param = $request->request(); unset($param['s']); //檢查參數的sign $res = $sign->verifySign($param); if ($res['code'] == 0){ return $next($request); } else { return Result::Error(1,$res['msg']); } } } } ~~~ 2,lib/util/sign.php ~~~ <?php namespace app\lib\util; class sign { private $appId = "lc20220118"; private $appKey = "u665698fzur5e2t85tyu142"; //創建sign public function makeSign($data) { ksort($data); $string = $this->toUrlParams($data); $string = $string . "&key=" . $this->appKey; $string = md5($string); $result = strtolower($string); return $result; } //檢驗sign是否正確 public function verifySign($data) { //check sign if (!isset($data['sign']) || !$data['sign']) { return ['code'=>1,'msg'=>'發送的數據簽名不存在']; } //check sign if (!isset($data['appid']) || !$data['appid']) { return ['code'=>1,'msg'=>'發送的應用參數1不存在']; } if ($data['appid'] != $this->appId) { return ['code'=>1,'msg'=>'發送的應用參數1錯誤']; } //check sign if (!isset($data['nonce']) || !$data['nonce']) { return ['code'=>1,'msg'=>'發送的應用參數2不存在']; } //check timestamp if (!isset($data['timestamp']) || !$data['timestamp']) { return ['code'=>1,'msg'=>'發送的數據參數不合法']; } // 驗證請求， 10分鐘失效 if (time() - $data['timestamp'] > 600) { return ['code'=>1,'msg'=>'驗證超時， 請重新發送請求']; } $clientSign = $data['sign']; unset($data['sign']); $serverSign = $this->makeSign($data); if ($clientSign == $serverSign) { return ['code'=>0,'msg'=>'驗證通過']; } else { return ['code'=>1,'msg'=>'請求不合法']; } } //生成url字符串 private function toUrlParams($values){ $buff = ""; foreach ($values as $k => $v) { //&& $v != "" if($k != "sign" && !is_array($v)){ $buff .= $k . "=" . $v . "&"; } } $buff = trim($buff, "&"); return $buff; } } ~~~ 3,controller/Pay.php ~~~ <?php declare (strict_types = 1); namespace app\controller; use think\Request; class Pay { /** * return * * @return \think\Response */ public function alipayReturn() { echo "alipayReturn"; exit; } /** * notify * * @return \think\Response */ public function alipayNotify() { echo "alipayNotify"; exit; } } ~~~ ## 三，編寫vue代碼: 說明：vue代碼僅供演示，因為js中無法安全保存appkey, ? ? ? ? ? ?所以web/wap等不需要做驗證: ~~~ <template> <div style="text-align: left;"> id:{{article.id}}<br/> title:{{article.title}}<br/> content:{{article.content}}<br/> </div> </template> <script> import {apiArticleOne} from "../api/api"; import {ElMessage} from "element-plus"; import {ref} from "vue"; import md5 from 'js-md5'; export default { name: "Article", setup() { const article = ref([]); //得到sign const getSign = (param,key) => { let str = ""; for(var idx in param) { let one = idx+"="+param[idx]; if (str == "") { str = one; } else { str = str+"&"+one; } } str = str+"&key="+key; //console.log("before md5:"+str); let md5str = md5(str); return md5str; } //得到參數對象 const getParam = (id) => { let appid = "lc20220118"; let appkey = "u665698fzur5e2t85tyu1421"; let timestamp = parseInt((new Date()).getTime()/1000); let nonce = Math.floor(Math.random()*8999)+1000; let param = { appid:appid, id:id, nonce:nonce, timestamp:timestamp, } let sign = getSign(param,appkey); param.sign = sign; return param; } //查詢得到一篇文章的內容: const getArticle = () => { var param = getParam(1); apiArticleOne(param).then(res => { //成功 if (res.code == 0) { article.value = res.data; } else { ElMessage.error("獲取表單令牌失敗:"+res.msg); } }).catch((error) => { console.log(error) }) } getArticle(); return { article, } } } </script> <style scoped> </style> ~~~ ## 四，測試效果: 1,成功返回數據時:  2,appkey不正確時:  3,直接訪問接口時報錯：  4,訪問不做check的接口:  ## 五，查看php和thinkphp的版本: