From 4e39ba6db074a4a17986ac3ec7d75197a826cac1 Mon Sep 17 00:00:00 2001
From: tk <szdot@live.com>
Date: Wed, 5 Jun 2024 16:54:02 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=90=E7=B1=BB=09=E5=9E=8B=E3=80=91?=
 =?UTF-8?q?=EF=BC=9Afix=20=E3=80=90=E4=B8=BB=09=E9=A2=98=E3=80=91=EF=BC=9A?=
 =?UTF-8?q?=E7=99=BB=E5=BD=95=20token=E6=A0=BC=E5=BC=8F=E4=B8=8D=E5=90=88?=
 =?UTF-8?q?=E6=B3=95=20=E9=80=A0=E6=88=90=E9=A1=B5=E9=9D=A2=E5=B4=A9?=
 =?UTF-8?q?=E6=BA=83=20=E3=80=90=E6=8F=8F=09=E8=BF=B0=E3=80=91=EF=BC=9A=20?=
 =?UTF-8?q?=09[=E5=8E=9F=E5=9B=A0]=EF=BC=9A=E7=99=BB=E5=BD=95=20token?=
 =?UTF-8?q?=E6=A0=BC=E5=BC=8F=E4=B8=8D=E5=90=88=E6=B3=95=20=E9=80=A0?=
 =?UTF-8?q?=E6=88=90=E9=A1=B5=E9=9D=A2=E5=B4=A9=E6=BA=83=20=09[=E8=BF=87?=
 =?UTF-8?q?=E7=A8=8B]=EF=BC=9A=E9=80=9A=E8=BF=87jwt=20=E6=8A=9B=E5=BC=82?=
 =?UTF-8?q?=E5=B8=B8=20=09[=E5=BD=B1=E5=93=8D]=EF=BC=9A=20=E3=80=90?=
 =?UTF-8?q?=E7=BB=93=09=E6=9D=9F=E3=80=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# 类型 包含:
# feat：新功能（feature）
# fix：修补bug
# docs：文档（documentation）
# style： 格式（不影响代码运行的变动）
# refactor：重构（即不是新增功能，也不是修改bug的代码变动）
# test：增加测试
# chore：构建过程或辅助工具的变动
---
 .../Api/Controller/PublicController.class.php |  2 +-
 .../Controller/PublicController.class.php     | 42 +++++++++----------
 2 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/FlyCube/Api/Controller/PublicController.class.php b/FlyCube/Api/Controller/PublicController.class.php
index f697f2e..12b3712 100644
--- a/FlyCube/Api/Controller/PublicController.class.php
+++ b/FlyCube/Api/Controller/PublicController.class.php
@@ -75,7 +75,7 @@ class PublicController extends Controller
 			'iat'  => $currtime,    	// 签发时间（时间戳）
 			'iss'  => 'jwt_admin',      // 签发者
 			'nbf'  => $currtime,    // 在此时间之前不可用 (这里是2秒以内)
-			'exp'  => 20, //过期时间 到第二天凌晨
+			'exp'  => strtotime('tomorrow'), //过期时间 到第二天凌晨
 			'openid' => $openid,
 			'session_key' => $session_key,
 		];
diff --git a/FlyCube/MpApi/Controller/PublicController.class.php b/FlyCube/MpApi/Controller/PublicController.class.php
index 3522e97..361dcc7 100644
--- a/FlyCube/MpApi/Controller/PublicController.class.php
+++ b/FlyCube/MpApi/Controller/PublicController.class.php
@@ -16,32 +16,30 @@ class PublicController extends Controller
 	{
 		header("Access-Control-Allow-Origin: " . C('LimitApi')); //请求域名限制
 		header('Access-Control-Allow-Headers:Token'); //token请求头
-		// token 验证
-		$server = isset($_SERVER) ? $_SERVER : "";
-		$token = isset($server['HTTP_TOKEN']) && is_string($server['HTTP_TOKEN']) ? $server['HTTP_TOKEN'] : null;
-		// 如果 token 不存在，可以返回错误信息
-		if (!$token) {
-			echo json_encode(array('status' => -1, 'msg' => 'Token 不存在或无效!'));
-			exit();
-		}
-		$jwtKey = C('jwtKey'); // jwt密钥
+		// 获取请求头中的 Token
+		$token = isset($_SERVER['HTTP_TOKEN']) ? $_SERVER['HTTP_TOKEN'] : null;
+		// 获取 jwt 密钥
+		$jwtKey = C('jwtKey');
 		try {
-			// 使用密钥和 HS256 算法对 JWT 进行解码
-			$jwt = JWT::decode($token, new Key($jwtKey, 'HS256'));
-			$res_token = (array) $jwt; // 将解码后的对象转换为数组
-			// token过期
-			if (empty($res_token)) {
-				echo json_encode(array('status' => -1, 'msg' => '帐号认证过期!'));
-				exit();
-			}
-			// token验证通过 获取shop_id
-			$this->tokenShop_id = $res_token['shop_id'];
-		} catch (Exception $e) {
-			// 捕获解码过程中可能的异常，并返回错误信息
-			echo json_encode(array('status' => -1, 'msg' => 'Token 无效: ' . $e->getMessage()));
+			// 解码 JWT Token
+			$decoded = JWT::decode($token, new Key($jwtKey, 'HS256'));
+			// Token 没有过期，继续处理 token验证通过 获取shop_id
+			$this->tokenShop_id = $decoded->shop_id;
+		} catch (\Firebase\JWT\ExpiredException $e) {
+			// Token 过期
+			echo json_encode(array('status' => -1, 'msg' => 'Token 已过期'));
+			exit();
+		} catch (\Exception $e) {
+			// 其他 JWT 解码错误
+			echo json_encode(array('status' => -1, 'msg' => 'Token 解码失败'));
+			exit();
+		} catch (\TypeError $e) {
+			// 处理 Token 为 null 或者不是字符串的情况
+			echo json_encode(array('status' => -1, 'msg' => 'Token 无效'));
 			exit();
 		}
 	}
+
 	/**
 	 * @description: 总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
 	 */