Login.php

//if ($code != $param['code']) {
         //   return show(config('code.error'), '手机短信验证码不合法', [], 404);
        //}

'token' => $obj->encryt($token . '||' . $id),

route.php

<?php
use think\Route;

Route::get('test', 'api/test/index');
//Route::resource('test', 'api/test');

Route::get('api/:ver/cat', 'api/:ver.cat/read');

Route::get('api/:ver/index', 'api/:ver.index/index');

Route::resource('api/:ver/news', 'api/:ver.news');

Route::get('api/:ver/rank', 'api/:ver.rank/index');

Route::get('api/:ver/init', 'api/:ver.index/init');

Route::get('test/tetssend', 'api/test/testSend');

Route::resource('api/:ver/identify', 'api/:ver.identify');

Route::post('api/:ver/login', 'api/:ver.login/save');

//test
Route::post('api/:ver/user', 'api/:ver.user/save');

AuthBase.php(Controller)

<?php
/**
 * Created by PhpStorm.
 * User: tong
 * Date: 2017/12/1
 * Time: 16:16
 */

namespace app\api\controller\v1;

use app\api\controller\Common;
use app\common\lib\Aes;
use app\common\lib\exception\ApiException;

/**
 * 客户端auth登陆权限基础类库
 * 1.每个接口（需要登陆 个人中心 点赞 评论）都需要去集成
 * 2.判定 access_user_token　是否合法
 * 3.用户变量
 * Class AuthBase
 * @package app\api\controller\v1
 */
class AuthBase extends Common
{
    /**
     * 登陆用户的基本信息
     * @var array
     */
    public $user = [];

    public function _initialize()
    {
        parent::_initialize();
        if (!$this->isLogin()) {
            throw new ApiException('您没有登陆', 401);
        }
    }

    /**
     * 判定是否登陆
     */
    public function isLogin()
    {
        if (empty($this->headers['access_user_token'])) {
            return false;
        }
        $obj = new Aes();
        $access_user_token = $obj->decrypt($this->headers['access_user_token']);
        //7b.....||1
        // halt($access_user_token);
        if (empty($access_user_token)) {
            return false;
        }
        if (!preg_match('/||/', $access_user_token)) {
            return false;
        }

        list($token, $id) = explode("||", $access_user_token);
        $user = \app\common\model\User::get(['token' => $token]);
        //halt($user);

        if (!$user || $user->status != 1) {
            return false;
        }
        //判断时间是否过期
        if (time() > $user->time_out) {
            return false;
        }
        $this->user = $user;
        return true;
    }
}

User.php(Controller)

<?php
/**
 * Created by PhpStorm.
 * User: tong
 * Date: 2017/12/1
 * Time: 16:52
 */

namespace app\api\controller\v1;

class User extends AuthBase
{
    public function save()
    {
        return show('12', 'OK', []);
    }
}

image.png

access_user_token加强安全性

类似sign 在token 后面加时间戳并进行AES加密
服务端解密后保存缓存实现请求唯一性

微信截图_20171201173246.png