一.我们系统的一般的接口设计和跨域处理
1.前后端token验证
/** 初始化操作*/public function initialize() {// api接口测试的seesion_id,用param参数传递,cookie不能自动获取了!if (I('PHPSESSION')) {session_id(I('PHPSESSION'));}Session::start();parent::initialize();Header('Access-Control-Allow-Origin: *');//Header('Access-Control-Allow-Headers: *');Header('Access-Control-Allow-Headers: IsApi,Token');header("Cache-control: private"); // history.back返回后输入框值丢失问题 参考文章 http://www.tp-shop.cn/article_id_1465.html http://blog.csdn.net/qinchaoguang123456/article/details/29852881header('Content-type: application/json;charset=utf-8'); //设置文档格式为json$this->session_id = session_id(); // 当前的 session_iddefine('SESSION_ID',$this->session_id); //将当前的session_id保存为常量,供其它方法调用$this->page_size=10;// 判断当前用户是否手机if(isMobile())cookie('is_mobile','1',3600);elsecookie('is_mobile','0',3600);if (!function_exists('getallheaders')){function getallheaders(){foreach ($_SERVER as $name => $value){if (substr($name, 0, 5) == 'HTTP_'){$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;}}return $headers;}}//微信浏览器//$_SESSION['openid']='';$headers = getallheaders();Log::record('2019050801000'.$headers['isapi']);if(!session('?user')){$headers = getallheaders();$headers = array_change_key_case($headers);if($headers['token']){$logic = new UsersLogic();$data = $logic->app_checklogin($headers['token']);$this->loginhandel($data);}elseif(strstr($_SERVER['HTTP_USER_AGENT'],'MicroMessenger') && !$headers['isapi']){//$wx_type = tpCache('basic.wx_type');//接入的微信类型$this->weixin_config = M('wx_user')->find(); //获取微信配置Log::record('20190508跳转链接01');if(is_array($this->weixin_config) && $this->weixin_config['wait_access'] == 1){Log::record('20190508跳转链接022222');$wxuser = $this->GetOpenid(); //授权获取openid以及微信用户信息session('subscribe', $wxuser['subscribe']);// 当前这个用户是否关注了微信公众号//微信自动登录//$logic = new UsersLogic();//$data = $logic->thirdLogin($wxuser);$userLogic = new UsersLogicApp();$is_bind_account = tpCache('basic.is_bind_account');if ($is_bind_account == 1) {$data = $userLogic->thirdLogin_new($wxuser);if ($data['status'] != 1) {if ($data['result'] === '100') {session("third_oauth" , $wxuser);}//$this->ajaxReturn($data);}} else {$data = $userLogic->thirdLogin($wxuser);}$this->loginhandel($data);}}}if ((ACTION_NAME != 'do_login' && ACTION_NAME != 'do_register') && CONTROLLER_NAME !='Index' && CONTROLLER_NAME !='Salesdate'&& CONTROLLER_NAME !='Workshop') {if (!session('user.user_id')) {$this->ajaxReturn(array('status' => -99, 'msg' => '登陆已过期,请重新登陆'));exit;}}}
token返回的方法
public function app_checklogin($token = ''){$result = array();if (empty($token)){$result = array('status'=>-100, 'msg'=>'必须传递token', 'result'=>'');} else {$user = M('users')->where("token", $token)->find();if (empty($user)) {$result = array('status'=>-101, 'msg'=>'token错误', 'result'=>'');} else {$result = array('status'=>1,'msg'=>'登陆成功','result'=>$user);}}return $result;}
前端登陆
doLogin() {this.account.token = this.Msgcode.token;this.user.login(this.account).subscribe((resp:any) => {//this.navCtrl.push(MainPage);if (resp.status > 0) {this.loginback.status = 1;this.loginback.res = resp;console.log(this.loginback.res);if(this.loginback.res.status>0){this.Native.showToastTips(resp.msg);this.modalCtrl.dismiss(this.loginback);this.navCtrl.navigateRoot(['/']);}} else {this.Native.showToastTips(resp.msg);}}, (err) => {});}
拦截器
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {let authReq;// console.log('http:',req.url);console.log('http:',req.url);if (req.url.indexOf('/assets') > -1) {authReq = req.clone({url: (req.url)});}else if (req.url.indexOf('/ross') > -1) {authReq = req.clone({url: (req.url)});} else if (req.url == 'http://59.41.187.99:6790/ross/post/cloud/operation') {authReq = req.clone({url: (req.url)});} else if (req.url == 'http://cloudpf.weunit.cn/cloudpf/Printing/print') {authReq = req.clone({url: (req.url)});} else if (req.url == 'http://cloudpf.weunit.cn/cloudpf/Printing/print') {authReq = req.clone({url: (req.url)});} else if (req.url.indexOf('/ross/mes/cloud/api') > -1) {authReq = req.clone({url: (req.url)});} else {authReq = req.clone({url: (req.url),setHeaders: {'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',IsApi: 'true',Token: this.globalData.token ? this.globalData.token : ''}});}if (authReq.method != 'GET') {this.showLoading();}return <any>next.handle(authReq).pipe(mergeMap((event: any) => {if (event instanceof HttpResponse && event.status !== 200) {return throwError(event);}// console.log(event);return Observable.create(observer => {if (event.body) {// console.log(event.body);// 统一判断全局状态返回if (event.body.status == -99) {this.nativeService.showToastTips(event.body.msg);//延时判断是否微信浏览器 是否登陆 是否正在授权中if (this.wconf.isWeiXin()) {//满足条件触发 微信授权提示框并获取微信配置this.Api.get('WechatOauth/getwc_config').subscribe((res: any) => { }, (err) => { });} else {window['epInstance']['emit']('toLogin', 0);}} else if (event.body.status == -100) {//弹出微信授权窗口window['epInstance']['emit']('wechatLogin', event.body);}observer.next(event);} else {observer.next(event);}if (event.type > 0) {this.hideLoading();}}); // 请求成功返回响应}),catchError((res: HttpResponse<any>) => {// 请求失败处理this.hideLoading();if (!this.nativeService.isConnecting()) {this.nativeService.showToastTips('请连接网络');} else if (res instanceof TimeoutError) {this.nativeService.showToastTips('请求超时,请稍后再试!');} else {let msg = '请求发生异常';switch (res.status) {case 0://console.log('未知的Api');msg = '未知的Api';break;case 401:break;case 404://console.log('Api请求地址不存在');msg = 'Api请求地址不存在';//this.events.publish('toLogin');break;case 403://console.log('业务错误');break;case 500://console.log('服务器出错');msg = 'Api请求地址不存在';break;}// this.nativeService.showToastTips(msg);}return throwError(event);}));}
export class InterceptorService implements HttpInterceptor {
2.跨域处理
base.php处理
前端拦截器处理
二.接口设计规范
1.接口规范
https://blog.csdn.net/qq_38935667/article/details/79280295
2.安全性设计
https://www.jianshu.com/p/c6518a8f4040
三.restful接口设计
https://www.jianshu.com/p/b531519fe813
jwt
https://www.cnblogs.com/xiaohuochai/p/8440335.html
1090
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
