h5测试页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>测试</title>
</head>
<body>
<p id="p1">测试</p>
</body>
</html>
<script src="../jquery-3.5.1.min.js"></script>
<script src = "https://gw.alipayobjects.com/as/g/h5-lib/alipayjsapi/3.1.1/alipayjsapi.min.js"> </script>
<script type="text/javascript">
window.onload = function(){
var s='https://abc.com/api/xd/ali_info';//接口地址
var s1 = encodeURIComponent(s);
window.location.href='https://openauth.alipay.com/oauth2/publicAppAuthorize.htm?app_id=xxx&scope=auth_user&redirect_uri='+s1+'&state=STATE';
};
</script>
控制器
public function ali_info(Request $request)
{
$data = $request->all();
$md = new AaAli();
$info = $md->ali_info_0($data);
return $info;
}
模型
<?php
namespace App\Models;
use Carbon\Carbon;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Facades\DB;
use Auth;
class AaAli extends Model
{
public function __construct()
{
$alipay = config('alipay');
$this->app_id = $alipay['app_id'];
$this->ali_public_key = $alipay['ali_public_key'];
$this->private_key = $alipay['private_key'];
$this->timeout = $alipay['timeout'];
$this->connect_timeout = $alipay['connect_timeout'];
$app_font_url = config('app.front_url');
$this->config = [
'app_id' => $this->app_id,
'notify_url' => $app_font_url . '/api/alipay_notify',
/* 'return_url'=>'http://192.168.1.137:3001/pay/success',*/
'return_url' => $app_font_url . '/paySuccess',
'ali_public_key' => $this->ali_public_key,
'private_key' => $this->private_key,
'log' => [
'file' => '../storage/logs/alipay.log',
'level' => 'info', // 建议生产环境等级调整为 info,开发环境为 debug
'type' => 'single', // optional, 可选 daily.
'max_file' => 30, // optional, 当 type 为 daily 时有效,默认 30 天
],
'http' => [ // optional
'timeout' => $this->timeout,
'connect_timeout' => $this->connect_timeout,
],
/* 'mode' => 'dev', // optional,设置此参数,将进入沙箱模式*/
];
parent::__construct();
}
//根据code获取用户信息
public function ali_info_0($data)
{
logz($data,'alipay_sq_login2');
$auth_token = $data['code'] ?? '';
if(empty($auth_token)){
$auth_token = $data['auth_code'] ?? '';
}
$uri = "https://openapi.alipay.com/gateway.do";
$data = [
'timestamp' => date('Y-m-d H:i:s'),
'method' => 'alipay.system.oauth.token',
'app_id' => $this->app_id,
'sign_type' => 'RSA2',
'version' => '1.0',
'charset' => 'utf-8',
'grant_type' => 'authorization_code',
'code' => $auth_token,
];
$sign = $this->sign($data);
logz($sign,'alipay_sq_login2');
$data['sign'] = $sign;
$res = $this->curl_get($uri, $data);
$data = json_decode($res, true);
logz($data,'alipay_sq_login2');
if(!empty($data['alipay_system_oauth_token_response']) && !empty($data['alipay_system_oauth_token_response']['access_token'])){
$rt = $this->get_ali_user_info($data['alipay_system_oauth_token_response']['access_token']);
logz($rt,'alipay_sq_login2');
return $rt;
}else{
return ['code'=>0,'msg'=>'失败'];
}
}
private function get_ali_user_info($access_token)
{
$uri = "https://openapi.alipay.com/gateway.do";
$data = [
'timestamp' => date('Y-m-d H:i:s'),
'method' => 'alipay.user.info.share',
'app_id' => $this->app_id,
'sign_type' => 'RSA2',
'version' => '1.0',
'charset' => 'UTF-8',
'auth_token' => $access_token
];
logger($data);
$sign = $this->sign($data);
$data['sign'] = $sign;
$res = $this->curl_get($uri, $data);
$data = json_decode($res, true);
if(isset($data['alipay_user_info_share_response']) &&
isset($data['alipay_user_info_share_response']['code']) &&
$data['alipay_user_info_share_response']['code'] == "10000" &&
$data['alipay_user_info_share_response']['msg'] == "Success")
{
//session(['ali.oauth_user.user' => $data['alipay_user_info_share_response']]);
$user_info = User::query()->where('app_openid', $data['alipay_user_info_share_response']['user_id'])->first();;
if (!$user_info) {
$user_info = new User();
$user_info->app_openid = $data['alipay_user_info_share_response']['user_id'];
$user_info->nick_name = $data['alipay_user_info_share_response']['nick_name']??'';
$user_info->avatar = $data['alipay_user_info_share_response']['avatar']??'';
$user_info->name = $user_info->create_name('ali');
$user_info->type = User::ALI;
$user_info->from = 1;
$user_info->save();
}
$user_info = User::query()->where('app_openid', $user_info['app_openid'])->first();
$token = Auth::guard('user')->login($user_info);
$expiration = config('jwt.ttl') * 60;
$res = compact('token', 'user_info', 'expiration');
UsersToken::addToken($user_info->id,$token,$expiration);
return ['code'=>1,'data'=>$res];
}else{
return ['code'=>0,'msg'=>'失败'];
}
}
private function sign($data){
ksort($data);
$stringToBeSigned = "";
foreach ($data as $k => $v) {
$isarray = is_array($v);
if ($isarray) {
$stringToBeSigned .= "$k" . "=" . json_encode($v, 320) . "&";
} else {
$stringToBeSigned .= "$k" . "=" . "$v" . "&";
}
}
unset ($k, $v);
$stringToBeSigned = substr($stringToBeSigned, 0, strlen($stringToBeSigned) - 1);
$sign = self::rsaSign($stringToBeSigned);
return $sign;
}
protected function rsaSign($data, $signType = "RSA2")
{
$res = "-----BEGIN RSA PRIVATE KEY-----\n" .
wordwrap($this->private_key, 64, "\n", true) .
"\n-----END RSA PRIVATE KEY-----";
($res) or die('您使用的私钥格式错误,请检查RSA私钥配置');
if ("RSA2" == $signType) {
openssl_sign($data, $sign, $res, OPENSSL_ALGO_SHA256);
} else {
openssl_sign($data, $sign, $res);
}
$sign = base64_encode($sign);
return $sign;
}
private function curl_get ($url, $data)
{
$ch = curl_init ();
$header = ["Accept-Charset: utf-8", 'Expect:'];
$url = $url . '?' . http_build_query ( $data );
curl_setopt ( $ch, CURLOPT_URL, $url );
curl_setopt ( $ch, CURLOPT_CUSTOMREQUEST, "GET" );
curl_setopt ( $ch, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_setopt ( $ch, CURLOPT_SSL_VERIFYHOST, FALSE );
curl_setopt ( $ch, CURLOPT_HTTPHEADER, $header );
curl_setopt ( $ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; MSIE 5.01; Windows NT 5.0)' );
curl_setopt ( $ch, CURLOPT_FOLLOWLOCATION, 1 );
curl_setopt ( $ch, CURLOPT_AUTOREFERER, 1 );
curl_setopt ( $ch, CURLOPT_TIMEOUT, 60 );
curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, true );
$result = curl_exec ( $ch );
curl_close ( $ch );
return $result;
}
}
php 支付宝 h5授权 获取用户信息 存到数据库 自行签名(无验签)
该文章展示了一个H5页面如何使用AlipayJSAPI进行OAuth2授权,通过重定向获取用户信息。代码包括HTML页面设置、JavaScript调用授权接口、后端控制器接收并处理授权请求以及模型中处理支付宝的签名和加密方法。
摘要由CSDN通过智能技术生成