diff --git a/FlyCube/Api/Controller/CheckController.class.php b/FlyCube/Api/Controller/CheckController.class.php index 4f81a66..604b86c 100644 --- a/FlyCube/Api/Controller/CheckController.class.php +++ b/FlyCube/Api/Controller/CheckController.class.php @@ -18,18 +18,36 @@ class CheckController extends PublicController parent::_initialize(); //解构文件头里面的token $server = isset($_SERVER) ? $_SERVER : ""; - $token = $server['HTTP_TOKEN']; + $token = isset($server['HTTP_TOKEN']) ? $server['HTTP_TOKEN'] : null; $jwtKey = C('jwtKey'); // jwt密钥 - $jwt = JWT::decode($token, new Key($jwtKey, 'HS256')); // 使用密钥和 HS256 算法对 JWT 进行解码 - $res_token = (array) $jwt; // 将解码后的对象转换为数组 - //token过期 - if (empty($res_token)) { - echo json_encode(array('status' => -1, 'msg' => '帐号认证过期!')); + try { + $jwt = JWT::decode($token, new Key($jwtKey, 'HS256')); // 使用密钥和 HS256 算法对 JWT 进行解码 + $res_token = (array) $jwt; // 将解码后的对象转换为数组 + // token过期 + if (empty($res_token)) { + echo json_encode(array('status' => -1, 'msg' => '帐号认证过期!')); + exit(); + } + // token检测通过 获取用户id + $this->openid = $res_token['openid']; + $this->session_key = $res_token['session_key']; + } catch (\UnexpectedValueException $e) { + // 捕获JWT解码错误 + echo json_encode(array('status' => -1, 'msg' => 'Token 无效: ' . $e->getMessage())); + exit(); + } catch (\DomainException $e) { + // 捕获JWT解码错误 + echo json_encode(array('status' => -1, 'msg' => 'Token 解码失败: ' . $e->getMessage())); + exit(); + } catch (\Exception $e) { + // 捕获其他可能的错误 + echo json_encode(array('status' => -1, 'msg' => '未知错误: ' . $e->getMessage())); exit(); } - //token检测通过 获取用户id - $this->openid = $res_token['openid']; - $this->session_key = $res_token['session_key']; + } + public function index() + { + echo json_encode(array('status' => 1, 'msg' => '认证通过')); } /** * @description: 获取用户手机号 并将手机号写入数据库 并给前端返回 隐藏中间4位的手机号 diff --git a/FlyCube/MpApi/Controller/PublicController.class.php b/FlyCube/MpApi/Controller/PublicController.class.php index f283685..e1db680 100644 --- a/FlyCube/MpApi/Controller/PublicController.class.php +++ b/FlyCube/MpApi/Controller/PublicController.class.php @@ -16,7 +16,6 @@ class PublicController extends Controller { header("Access-Control-Allow-Origin: " . C('LimitApi')); //请求域名限制 header('Access-Control-Allow-Headers:Token'); //token请求头 - //token验证 // token 验证 $server = isset($_SERVER) ? $_SERVER : ""; $token = isset($server['HTTP_TOKEN']) ? $server['HTTP_TOKEN'] : null; @@ -26,15 +25,22 @@ class PublicController extends Controller exit(); } $jwtKey = C('jwtKey'); // jwt密钥 - $jwt = JWT::decode($token, new Key($jwtKey, 'HS256')); // 使用密钥和 HS256 算法对 JWT 进行解码 - $res_token = (array) $jwt; // 将解码后的对象转换为数组 - //token过期 - if (empty($res_token)) { - echo json_encode(array('status' => -1, 'msg' => '帐号认证过期!')); + try { + // 使用密钥和 HS256 算法对 JWT 进行解码 + $jwt = JWT::decode($token, new Key($jwtKey, 'HS256')); + $res_token = (array) $jwt; // 将解码后的对象转换为数组 + // token过期 + if (empty($res_token)) { + echo json_encode(array('status' => -1, 'msg' => '帐号认证过期!')); + exit(); + } + // token验证通过 获取shop_id + $this->tokenShop_id = $res_token['shop_id']; + } catch (Exception $e) { + // 捕获解码过程中可能的异常,并返回错误信息 + echo json_encode(array('status' => -1, 'msg' => 'Token 无效: ' . $e->getMessage())); exit(); } - // token验证通过 获取shop_id - $this->tokenShop_id = $res_token['shop_id']; } /** * @description: 总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断