if(!wx.getStorageSync('token')){
this.apilogin();
}else{
console.log(123)
}
},
formAdd:function(e){
console.log(e)
},
apilogin(){
if(!wx.getStorageSync('token')){
wx.login({
success: res => {
let code = res.code
wx.request({
url: 'http://www.week4.com/api/wxLogin',
data:{
code
},
method:"POST",
success:res=>{
let token = res.data.token
wx.setStorageSync('token', token)
}
})
}
})
}
},
//微信小程序登录
public function wxLogin(Request $request)
{
$stdData = array();
//获取code码
$code = $request->get('code');
//获取微信授权url
$url = sprintf(config('wx.wxLoginUrl'),config('wx.AppID'),config('wx.AppSecret'),$code);
//获取openid
$data = Curl::getCurl($url);
//查询数据表中是否有数据 若没有 则新增
$user = User::where('openid',$data['openid'])->first();
//若表中没有数据则添加openid进数据库
if(empty($user)){
$user = User::create(['openid'=>$data['openid'],'sessionkey'=>$data['session_key']]);
}
//生成token
$token = Token::getToken($user->id);
$stdData = [
'code' => 200,
'msg' => '操作成功',
'token' => $token
];
return json_encode($stdData);
}
<?php
namespace App\Server\Jwt;
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Parser;
use Lcobucci\JWT\Signer\Hmac\Sha256;
use Lcobucci\JWT\ValidationData;
class Token
{
private static $_config = [
'audience' => '',//接收人
'id' => '77186a706e55f4cc19a73d2',//token的唯一标识,这里只是一个简单示例
'sign' => 'aijiazufanga',//签名密钥
'issuer' => '',//签发人
'expire' => 7200 //生成token的有效期
];
//生成token
public static function getToken($user_id){
//签名对象
$signer = new Sha256();
//获取当前时间戳
$time = time();
//设置签发人、接收人、唯一标识、签发时间、立即生效、过期时间、用户id、签名
$token = (new Builder())->issuedBy(self::$_config['issuer'])
->canOnlyBeUsedBy(self::$_config['audience'])
->identifiedBy(self::$_config['id'], true)
->issuedAt($time)
->canOnlyBeUsedAfter($time-1)
->expiresAt($time + self::$_config['expire'])
->with('user_id', $user_id)
->sign($signer, self::$_config['sign'])
->getToken();
return (string)$token;
}
//从请求信息中获取token令牌
public static function getRequestToken()
{
if (empty($_SERVER['HTTP_AUTHORIZATION'])) {
return false;
}
$header = $_SERVER['HTTP_AUTHORIZATION'];
$method = 'bearer';
//去除token中可能存在的bearer标识
return trim(str_ireplace($method, '', $header));
}
//从token中获取用户id (包含token的校验)
public static function getUserId($token = null)
{
$user_id = null;
$token = empty($token)?self::getRequestToken():$token;
if (!empty($token)) {
//为了注销token 加以下if判断代码
$delete_token = cache('delete_token') ?: [];
if(in_array($token, $delete_token)){
//token已被删除(注销)
return $user_id;
}
$token = (new Parser())->parse((string) $token);
//验证token
$data = new ValidationData();
$data->setIssuer(self::$_config['issuer']);//验证的签发人
$data->setAudience(self::$_config['audience']);//验证的接收人
$data->setId(self::$_config['id']);//验证token标识
if (!$token->validate($data)) {
//token验证失败
return $user_id;
}
//验证签名
$signer = new Sha256();
if (!$token->verify($signer, self::$_config['sign'])) {
//签名验证失败
return $user_id;
}
//从token中获取用户id
$user_id = $token->getClaim('user_id');
}
return $user_id;
}
}
<?php
namespace App\Server\Curl;
class Curl
{
public static function getCurl($url)
{
$headerArray =array("Content-type:application/json;","Accept:application/json");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch,CURLOPT_HTTPHEADER,$headerArray);
$output = curl_exec($ch);
curl_close($ch);
$output = json_decode($output,true);
return $output;
}
}
<?php
namespace App\Http\Middleware;
use Closure;
use App\Server\Jwt\Token;
class CheckJwt
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
//jwt验证
//允许的源域名
header("Access-Control-Allow-Origin: *");
//允许的请求头信息
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization");
//允许的请求类型
header('Access-Control-Allow-Methods: GET, POST, PUT,DELETE,OPTIONS,PATCH');
try{
$user_id = Token::getUserId();
//登录验证
if(!empty($user_id)){
$this->failed('未登录或Token无效', 403);die();
}
//将获取的用户id 设置到请求信息中
$request->merge(['user_id'=>$user_id]);
}catch(\Exception $e){
$this->failed('服务异常,请检查token令牌', 403);die();
}
return $next($request);
}
/**
* 通用响应
* @param int $code 错误码
* @param string $msg 错误描述
* @param array $data 返回数据
*/
public function response($code=200, $msg='success', $data=[])
{
$res = [
'code' => $code,
'msg' => $msg,
'data' => $data
];
//以下两行二选一
echo json_encode($res, JSON_UNESCAPED_UNICODE);
//json($res)->send();die;
}
/**
* 失败时响应
* @param string $msg 错误描述
* @param int $code 错误码
*/
public function failed($msg='fail',$code=400)
{
return $this->response($code, $msg);
}
/**
* 成功时响应
* @param array $data 返回数据
* @param int $code 错误码
* @param string $msg 错误描述
*/
public function ok($data=[], $code=200, $msg='success')
{
return $this->response($code, $msg, $data);
}
}
Route::post('wxLogin',[ApiController::class,'wxLogin']);
Route::get('getshu',[ApiController::class,'getShu']);
Route::group(['prefix'=>'v1','namespace'=>'Api','middleware'=>['CheckJwt','throttle:60,1']],function (){
Route::post('zuAdd',[ApiController::class,'zuAdd']);
});
use App\Http\Controllers\ApiController;
return [
'AppID' => 'wx8322c6ecfe08ea62',
'AppSecret' => 'a492599f9e82d1a247b3e3704d051256',
'wxLoginUrl' => 'https://api.weixin.qq.com/sns/jscode2session?appid=%s&secret=%s&js_code=%s&grant_type=authorization_code'
];