From ab6875e296f957deece39a1cba2fab6dc096456e Mon Sep 17 00:00:00 2001
From: szdot <szdot@live.com>
Date: Fri, 31 May 2024 18:15:36 +0800
Subject: [PATCH] =?UTF-8?q?=E7=B1=BB=09=E5=9E=8B=E3=80=91=EF=BC=9Afix=20?=
 =?UTF-8?q?=E3=80=90=E4=B8=BB=09=E9=A2=98=E3=80=91=EF=BC=9Atoken=20?=
 =?UTF-8?q?=E9=AA=8C=E8=AF=81=20=E3=80=90=E6=8F=8F=09=E8=BF=B0=E3=80=91?=
 =?UTF-8?q?=EF=BC=9A=20=09[=E5=8E=9F=E5=9B=A0]=EF=BC=9Atry=20jwt=E5=87=BD?=
 =?UTF-8?q?=E6=95=B0=E7=9A=84=E8=A7=A3=E7=A0=81=20=E9=98=B2=E6=AD=A2?=
 =?UTF-8?q?=E9=9D=9E=E6=B3=95token=20=E5=AF=BC=E8=87=B4=E7=9A=84=E9=A1=B5?=
 =?UTF-8?q?=E9=9D=A2=E9=94=99=E8=AF=AF=20=09[=E8=BF=87=E7=A8=8B]=EF=BC=9A?=
 =?UTF-8?q?=20=09[=E5=BD=B1=E5=93=8D]=EF=BC=9A=20=E3=80=90=E7=BB=93=09?=
 =?UTF-8?q?=E6=9D=9F=E3=80=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# 类型 包含:
# feat：新功能（feature）
# fix：修补bug
# docs：文档（documentation）
# style： 格式（不影响代码运行的变动）
# refactor：重构（即不是新增功能，也不是修改bug的代码变动）
# test：增加测试
# chore：构建过程或辅助工具的变动
---
 .../Api/Controller/CheckController.class.php  | 36 ++++++++++++++-----
 .../Controller/PublicController.class.php     | 22 +++++++-----
 2 files changed, 41 insertions(+), 17 deletions(-)

diff --git a/FlyCube/Api/Controller/CheckController.class.php b/FlyCube/Api/Controller/CheckController.class.php
index 4f81a66..604b86c 100644
--- a/FlyCube/Api/Controller/CheckController.class.php
+++ b/FlyCube/Api/Controller/CheckController.class.php
@@ -18,18 +18,36 @@ class CheckController extends PublicController
         parent::_initialize();
         //解构文件头里面的token
         $server = isset($_SERVER) ? $_SERVER : "";
-        $token = $server['HTTP_TOKEN'];
+        $token = isset($server['HTTP_TOKEN']) ? $server['HTTP_TOKEN'] : null;
         $jwtKey = C('jwtKey'); // jwt密钥
-        $jwt = JWT::decode($token, new Key($jwtKey, 'HS256')); // 使用密钥和 HS256 算法对 JWT 进行解码
-        $res_token = (array) $jwt; // 将解码后的对象转换为数组
-        //token过期
-        if (empty($res_token)) {
-            echo json_encode(array('status' => -1, 'msg' => '帐号认证过期!'));
+        try {
+            $jwt = JWT::decode($token, new Key($jwtKey, 'HS256')); // 使用密钥和 HS256 算法对 JWT 进行解码
+            $res_token = (array) $jwt; // 将解码后的对象转换为数组
+            // token过期
+            if (empty($res_token)) {
+                echo json_encode(array('status' => -1, 'msg' => '帐号认证过期!'));
+                exit();
+            }
+            // token检测通过 获取用户id
+            $this->openid = $res_token['openid'];
+            $this->session_key = $res_token['session_key'];
+        } catch (\UnexpectedValueException $e) {
+            // 捕获JWT解码错误
+            echo json_encode(array('status' => -1, 'msg' => 'Token 无效: ' . $e->getMessage()));
+            exit();
+        } catch (\DomainException $e) {
+            // 捕获JWT解码错误
+            echo json_encode(array('status' => -1, 'msg' => 'Token 解码失败: ' . $e->getMessage()));
+            exit();
+        } catch (\Exception $e) {
+            // 捕获其他可能的错误
+            echo json_encode(array('status' => -1, 'msg' => '未知错误: ' . $e->getMessage()));
             exit();
         }
-        //token检测通过 获取用户id
-        $this->openid = $res_token['openid'];
-        $this->session_key = $res_token['session_key'];
+    }
+    public function index()
+    {
+        echo json_encode(array('status' => 1, 'msg' => '认证通过'));
     }
     /**
      * @description: 获取用户手机号 并将手机号写入数据库 并给前端返回 隐藏中间4位的手机号
diff --git a/FlyCube/MpApi/Controller/PublicController.class.php b/FlyCube/MpApi/Controller/PublicController.class.php
index f283685..e1db680 100644
--- a/FlyCube/MpApi/Controller/PublicController.class.php
+++ b/FlyCube/MpApi/Controller/PublicController.class.php
@@ -16,7 +16,6 @@ class PublicController extends Controller
 	{
 		header("Access-Control-Allow-Origin: " . C('LimitApi')); //请求域名限制
 		header('Access-Control-Allow-Headers:Token'); //token请求头
-		//token验证
 		// token 验证
 		$server = isset($_SERVER) ? $_SERVER : "";
 		$token = isset($server['HTTP_TOKEN']) ? $server['HTTP_TOKEN'] : null;
@@ -26,15 +25,22 @@ class PublicController extends Controller
 			exit();
 		}
 		$jwtKey = C('jwtKey'); // jwt密钥
-		$jwt = JWT::decode($token, new Key($jwtKey, 'HS256')); // 使用密钥和 HS256 算法对 JWT 进行解码
-		$res_token = (array) $jwt; // 将解码后的对象转换为数组
-		//token过期
-		if (empty($res_token)) {
-			echo json_encode(array('status' => -1, 'msg' => '帐号认证过期!'));
+		try {
+			// 使用密钥和 HS256 算法对 JWT 进行解码
+			$jwt = JWT::decode($token, new Key($jwtKey, 'HS256'));
+			$res_token = (array) $jwt; // 将解码后的对象转换为数组
+			// token过期
+			if (empty($res_token)) {
+				echo json_encode(array('status' => -1, 'msg' => '帐号认证过期!'));
+				exit();
+			}
+			// token验证通过 获取shop_id
+			$this->tokenShop_id = $res_token['shop_id'];
+		} catch (Exception $e) {
+			// 捕获解码过程中可能的异常，并返回错误信息
+			echo json_encode(array('status' => -1, 'msg' => 'Token 无效: ' . $e->getMessage()));
 			exit();
 		}
-		// token验证通过 获取shop_id
-		$this->tokenShop_id = $res_token['shop_id'];
 	}
 	/**
 	 * @description: 总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断