diff --git a/app/miniapi/controller/Auth.php b/app/miniapi/controller/Auth.php index bc51484..7855e2e 100644 --- a/app/miniapi/controller/Auth.php +++ b/app/miniapi/controller/Auth.php @@ -6,7 +6,7 @@ namespace app\miniapi\controller; use api\Httpcurl; use app\service\MiniProgramWechatService; use think\exception\ValidateException; -use think\facade\Session; +use think\facade\Cache; class Auth extends Base { @@ -17,18 +17,24 @@ class Auth extends Base return $error; } + $mobile = trim((string)$data['mobile']); $code = mt_rand(1001, 9999); + $siteDomain = $this->currentSiteDomain(); $response = Httpcurl::request(YZM_URL, 'post', [ - 'mobile' => $data['mobile'], + 'mobile' => $mobile, 'code' => $code, - ]); + 'model' => MODEL, + 'mini_app_code' => $this->currentMiniAppCode(), + 'company_code' => $this->currentCompanyCode(), + 'domain' => $siteDomain, + 'site_domain' => $siteDomain, + ], $this->smsHeaders($siteDomain)); $result = $this->decodeResponse($response, 'miniapi send sms'); if (empty($result) || intval($result['code'] ?? 0) !== 1) { return $this->fail('发送验证码失败'); } - Session::set($data['mobile'] . '_code', $code); - Session::set($data['mobile'] . '_' . $code, time()); + Cache::set($this->smsCacheKey($mobile), $code . '|' . time(), 300); return $this->ok([], '发送成功'); } @@ -47,24 +53,34 @@ class Auth extends Base return $this->fail($e->getError()); } - $sms = Session::get($data['mobile'] . '_code'); - if (empty($sms) || strval($sms) !== strval($data['code'])) { + $mobile = trim((string)$data['mobile']); + $code = trim((string)$data['code']); + $cacheKey = $this->smsCacheKey($mobile); + $cached = (string)Cache::get($cacheKey, ''); + if ($cached === '') { + return $this->fail('验证码已失效,请重新发送'); + } + + $parts = explode('|', $cached, 2); + $sms = (string)($parts[0] ?? ''); + $codeTime = intval($parts[1] ?? 0); + if ($sms === '' || $codeTime <= 0 || (time() - $codeTime) > 300) { + Cache::delete($cacheKey); + return $this->fail('验证码超时,请重新发送'); + } + + if (!hash_equals($sms, $code)) { return $this->fail('验证码不正确'); } - $codeTime = Session::get($data['mobile'] . '_' . $data['code']); - if (empty($codeTime) || (time() - intval($codeTime)) > 300) { - Session::delete($data['mobile'] . '_code'); - Session::delete($data['mobile'] . '_' . $data['code']); - return $this->fail('验证码超时,请重新发送'); - } + Cache::delete($cacheKey); $openid = ''; if (!empty($data['login_code'])) { $openid = $this->wechatService()->openidByLoginCode((string)$data['login_code']); } - return $this->loginByMobile((string)$data['mobile'], $openid); + return $this->loginByMobile($mobile, $openid); } public function wxPhoneLogin() @@ -131,4 +147,32 @@ class Auth extends Base { return new MiniProgramWechatService($this->currentMiniAppCode(), $this->currentMiniApp()); } + + private function smsCacheKey(string $mobile): string + { + return 'miniapi_sms_code_' . md5($this->currentMiniAppCode() . '|' . $mobile); + } + + private function currentSiteDomain(): string + { + $domain = trim((string)($this->currentMiniApp()['site_domain'] ?? '')); + if (stripos($domain, 'http://') === 0 || stripos($domain, 'https://') === 0) { + $domain = (string)parse_url($domain, PHP_URL_HOST); + } + + return trim(explode('/', $domain)[0]); + } + + private function smsHeaders(string $siteDomain): array + { + if ($siteDomain === '') { + return []; + } + + $origin = 'https://' . $siteDomain; + return [ + 'Origin: ' . $origin, + 'Referer: ' . $origin . '/', + ]; + } }