This commit is contained in:
gaofeng
2026-06-17 10:58:30 +08:00
parent 81ade70944
commit 018c388266

View File

@@ -6,7 +6,7 @@ namespace app\miniapi\controller;
use api\Httpcurl; use api\Httpcurl;
use app\service\MiniProgramWechatService; use app\service\MiniProgramWechatService;
use think\exception\ValidateException; use think\exception\ValidateException;
use think\facade\Session; use think\facade\Cache;
class Auth extends Base class Auth extends Base
{ {
@@ -17,18 +17,24 @@ class Auth extends Base
return $error; return $error;
} }
$mobile = trim((string)$data['mobile']);
$code = mt_rand(1001, 9999); $code = mt_rand(1001, 9999);
$siteDomain = $this->currentSiteDomain();
$response = Httpcurl::request(YZM_URL, 'post', [ $response = Httpcurl::request(YZM_URL, 'post', [
'mobile' => $data['mobile'], 'mobile' => $mobile,
'code' => $code, 'code' => $code,
]); 'model' => MODEL,
'mini_app_code' => $this->currentMiniAppCode(),
'company_code' => $this->currentCompanyCode(),
'domain' => $siteDomain,
'site_domain' => $siteDomain,
], $this->smsHeaders($siteDomain));
$result = $this->decodeResponse($response, 'miniapi send sms'); $result = $this->decodeResponse($response, 'miniapi send sms');
if (empty($result) || intval($result['code'] ?? 0) !== 1) { if (empty($result) || intval($result['code'] ?? 0) !== 1) {
return $this->fail('发送验证码失败'); return $this->fail('发送验证码失败');
} }
Session::set($data['mobile'] . '_code', $code); Cache::set($this->smsCacheKey($mobile), $code . '|' . time(), 300);
Session::set($data['mobile'] . '_' . $code, time());
return $this->ok([], '发送成功'); return $this->ok([], '发送成功');
} }
@@ -47,24 +53,34 @@ class Auth extends Base
return $this->fail($e->getError()); return $this->fail($e->getError());
} }
$sms = Session::get($data['mobile'] . '_code'); $mobile = trim((string)$data['mobile']);
if (empty($sms) || strval($sms) !== strval($data['code'])) { $code = trim((string)$data['code']);
$cacheKey = $this->smsCacheKey($mobile);
$cached = (string)Cache::get($cacheKey, '');
if ($cached === '') {
return $this->fail('验证码已失效,请重新发送');
}
$parts = explode('|', $cached, 2);
$sms = (string)($parts[0] ?? '');
$codeTime = intval($parts[1] ?? 0);
if ($sms === '' || $codeTime <= 0 || (time() - $codeTime) > 300) {
Cache::delete($cacheKey);
return $this->fail('验证码超时,请重新发送');
}
if (!hash_equals($sms, $code)) {
return $this->fail('验证码不正确'); return $this->fail('验证码不正确');
} }
$codeTime = Session::get($data['mobile'] . '_' . $data['code']); Cache::delete($cacheKey);
if (empty($codeTime) || (time() - intval($codeTime)) > 300) {
Session::delete($data['mobile'] . '_code');
Session::delete($data['mobile'] . '_' . $data['code']);
return $this->fail('验证码超时,请重新发送');
}
$openid = ''; $openid = '';
if (!empty($data['login_code'])) { if (!empty($data['login_code'])) {
$openid = $this->wechatService()->openidByLoginCode((string)$data['login_code']); $openid = $this->wechatService()->openidByLoginCode((string)$data['login_code']);
} }
return $this->loginByMobile((string)$data['mobile'], $openid); return $this->loginByMobile($mobile, $openid);
} }
public function wxPhoneLogin() public function wxPhoneLogin()
@@ -131,4 +147,32 @@ class Auth extends Base
{ {
return new MiniProgramWechatService($this->currentMiniAppCode(), $this->currentMiniApp()); return new MiniProgramWechatService($this->currentMiniAppCode(), $this->currentMiniApp());
} }
private function smsCacheKey(string $mobile): string
{
return 'miniapi_sms_code_' . md5($this->currentMiniAppCode() . '|' . $mobile);
}
private function currentSiteDomain(): string
{
$domain = trim((string)($this->currentMiniApp()['site_domain'] ?? ''));
if (stripos($domain, 'http://') === 0 || stripos($domain, 'https://') === 0) {
$domain = (string)parse_url($domain, PHP_URL_HOST);
}
return trim(explode('/', $domain)[0]);
}
private function smsHeaders(string $siteDomain): array
{
if ($siteDomain === '') {
return [];
}
$origin = 'https://' . $siteDomain;
return [
'Origin: ' . $origin,
'Referer: ' . $origin . '/',
];
}
} }