首先双方协商一个秘钥secret 然后按照统一的规则加密 md5/sha1等...... 请求接口需要携带 sign,timestamp参数 中间件:接收传过来的参数 校验是否非法请求 protected $secret = 'dwwww123'; /**校验是否是合法请求 * @param $data * @throws CustomErrorMessageException */ protected function checkSign($data) { if (!isset($data['sign']) || !isset($data['timestamp'])) { throw new CustomErrorMessageException('缺少必要参数'); } //5min内 if ((time() - $data['timestamp']) > 300) { throw new CustomErrorMessageException('接口请求超时'); } $mysign = sha1($data['timestamp'] . $this->secret); if ($data['sign'] !== $mysign) { throw new CustomErrorMessageException('接口校验失败'); } }
$this->CheckSing($request->input());