From 8f288c03170aea02c4fbe055b578749e0c59aa8f Mon Sep 17 00:00:00 2001
From: tk <szdot@live.com>
Date: Wed, 5 Jun 2024 16:21:20 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=90=E7=B1=BB=09=E5=9E=8B=E3=80=91?=
 =?UTF-8?q?=EF=BC=9Atest=20=E3=80=90=E4=B8=BB=09=E9=A2=98=E3=80=91?=
 =?UTF-8?q?=EF=BC=9A=E7=99=BB=E5=BD=95token=20=E9=AA=8C=E8=AF=81=E6=B5=8B?=
 =?UTF-8?q?=E8=AF=95=20=E3=80=90=E6=8F=8F=09=E8=BF=B0=E3=80=91=EF=BC=9A=20?=
 =?UTF-8?q?=09[=E5=8E=9F=E5=9B=A0]=EF=BC=9A=20=09[=E8=BF=87=E7=A8=8B]?=
 =?UTF-8?q?=EF=BC=9A=20=09[=E5=BD=B1=E5=93=8D]=EF=BC=9A=20=E3=80=90?=
 =?UTF-8?q?=E7=BB=93=09=E6=9D=9F=E3=80=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# 类型 包含:
# feat：新功能（feature）
# fix：修补bug
# docs：文档（documentation）
# style： 格式（不影响代码运行的变动）
# refactor：重构（即不是新增功能，也不是修改bug的代码变动）
# test：增加测试
# chore：构建过程或辅助工具的变动
---
 .../Api/Controller/PublicController.class.php | 22 +++++++++----------
 .../Controller/PublicController.class.php     |  2 +-
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/FlyCube/Api/Controller/PublicController.class.php b/FlyCube/Api/Controller/PublicController.class.php
index f0b2c65..3cf4f10 100644
--- a/FlyCube/Api/Controller/PublicController.class.php
+++ b/FlyCube/Api/Controller/PublicController.class.php
@@ -14,9 +14,15 @@ class PublicController extends Controller
 	//初始化
 	public function _initialize()
 	{
+		header('Access-Control-Allow-Headers:Token'); //token请求头
 		//解构文件头里面的token
 		$server = isset($_SERVER) ? $_SERVER : "";
-		$token = isset($server['HTTP_TOKEN']) ? $server['HTTP_TOKEN'] : null;
+		$token = isset($server['HTTP_TOKEN']) && is_string($server['HTTP_TOKEN']) ? $server['HTTP_TOKEN'] : null;
+		// 如果 token 不存在，可以返回错误信息
+		if (!$token) {
+			echo json_encode(array('status' => -1, 'msg' => 'Token 不存在或无效!'));
+			exit();
+		}
 		$jwtKey = C('jwtKey'); // jwt密钥
 		try {
 			$jwt = JWT::decode($token, new Key($jwtKey, 'HS256')); // 使用密钥和 HS256 算法对 JWT 进行解码
@@ -29,17 +35,9 @@ class PublicController extends Controller
 			// token检测通过 获取用户id
 			$this->openid = $res_token['openid'];
 			$this->session_key = $res_token['session_key'];
-		} catch (\UnexpectedValueException $e) {
-			// 捕获JWT解码错误
-			echo json_encode($token);
-			exit();
-		} catch (\DomainException $e) {
-			// 捕获JWT解码错误
-			echo json_encode(array('status' => -1, 'msg' => 'Token 解码失败: ' . $e->getMessage()));
-			exit();
-		} catch (\Exception $e) {
-			// 捕获其他可能的错误
-			echo json_encode(array('status' => -1, 'msg' => '未知错误: ' . $e->getMessage()));
+		} catch (Exception $e) {
+			// 捕获解码过程中可能的异常，并返回错误信息
+			echo json_encode(array('status' => -1, 'msg' => 'Token 无效: ' . $e->getMessage()));
 			exit();
 		}
 	}
diff --git a/FlyCube/MpApi/Controller/PublicController.class.php b/FlyCube/MpApi/Controller/PublicController.class.php
index e1db680..3522e97 100644
--- a/FlyCube/MpApi/Controller/PublicController.class.php
+++ b/FlyCube/MpApi/Controller/PublicController.class.php
@@ -18,7 +18,7 @@ class PublicController extends Controller
 		header('Access-Control-Allow-Headers:Token'); //token请求头
 		// token 验证
 		$server = isset($_SERVER) ? $_SERVER : "";
-		$token = isset($server['HTTP_TOKEN']) ? $server['HTTP_TOKEN'] : null;
+		$token = isset($server['HTTP_TOKEN']) && is_string($server['HTTP_TOKEN']) ? $server['HTTP_TOKEN'] : null;
 		// 如果 token 不存在，可以返回错误信息
 		if (!$token) {
 			echo json_encode(array('status' => -1, 'msg' => 'Token 不存在或无效!'));