前面讲过:移动端与PHP服务端接口通信流程设计(基础版)
对于 api_token 的校验,其安全性还可再增强:
增强地方一:
再增加2张表,一个接口表,一个授权表,设计参考如下:
接口表
| 字段名 | 字段类型 | 注释 |
| api_id | int | 接口ID |
| api_name | varchar(120) | 接口名,以"/"作为分割线,如 blog/Index/addBlog |
| api_domain | varchar(255) | 所属领域 |
| is_enable | tinyiny(1) | 1可用,0不可用 |
| add_time | int | 添加时间 |
(注:只列出了核心字段,其它的再扩展吧!!!)
授权表
| 字段名 | 字段类型 | 注释 |
| client_id | int | 客户端ID |
| api_id | int | api编号 |
| api_name | varchar(120) | |
| is_enabled | tinyint(1) | 是否可用 1:可用 0:不可用 |
| add_time | int | 添加时间(戳) |
| expire_time | int | 过期时间(戳) |
(注:只列出了核心字段,其它的再扩展吧!!!)
执行过程如下:
1、移动端与服务端生成的 api_token 进行对比,如果不相等,则直接返回错误,否则,进入下一步;
2、根据接口URL,组装 api_name,再加上客户端传回的 client_id 为参数,查找 “授权表”记录,如果记录存在,且有效(是否可用,是否过期),则表示权限验证通过,返回接口数据,否则返回错误信息;
增强地方二:
对于一些很特殊的接口,怎么特殊,哪些算特殊,我也不知道,总而言之,就是感觉http请求有可能被劫取,传递参数有可能被窜改等情况,还是举个例子来说吧:
有个直接转账接口,页面上 我输入的是5元,表示我要给对方某某转账5元,结果在http传递过程中,被人劫取并窜改成了 10000元,而且入账对象改成了“黑客”的账号,那不是亏大发了,思考了一下,应该有2种方案解决这个问题,
方案一:走https,这个就不多说,比较公认的安全机制;
方案二:走数字签名,实现原理如下:
一个http请求,假如需要传递如下3个参数
参数名1=参数值1
参数名2=参数值2
参数名3=参数值3
我们可以再追加一个参数,该参数的名为 identity_key (名字是什么不重要),该参数的值为 前几个参数值按顺序相加,再加密后的结果。
即:
identity_key = md5('参数值1' + '参数值2' + '参数值3' + '加密密钥');
于是,最终传递的参数有:
参数名1=参数值1
参数名2=参数值2
参数名3=参数值3
client_id=client_id值
identity_key=md5('参数值1' + '参数值2' + '参数值3'+ 'client_id值' + '加密密钥')
服务端接到参数后,再按相同的加密规则重新生成一份 identity_key,服务端的identity_key和客户端的identity_key 进行校对,如果不相等,表示被窜改过,接下来怎么操作,自己看着办吧!
Working with Flash Session Data in LaravelMar 12, 2025 pm 05:08 PMLaravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-
cURL in PHP: How to Use the PHP cURL Extension in REST APIsMar 14, 2025 am 11:42 AMThe PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.
Simplified HTTP Response Mocking in Laravel TestsMar 12, 2025 pm 05:09 PMLaravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>
12 Best PHP Chat Scripts on CodeCanyonMar 13, 2025 pm 12:08 PMDo you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom
Discover File Downloads in Laravel with Storage::downloadMar 06, 2025 am 02:22 AMThe Storage::download method of the Laravel framework provides a concise API for safely handling file downloads while managing abstractions of file storage. Here is an example of using Storage::download() in the example controller:
Explain the concept of late static binding in PHP.Mar 21, 2025 pm 01:33 PMArticle discusses late static binding (LSB) in PHP, introduced in PHP 5.3, allowing runtime resolution of static method calls for more flexible inheritance.Main issue: LSB vs. traditional polymorphism; LSB's practical applications and potential perfo
PHP Logging: Best Practices for PHP Log AnalysisMar 10, 2025 pm 02:32 PMPHP logging is essential for monitoring and debugging web applications, as well as capturing critical events, errors, and runtime behavior. It provides valuable insights into system performance, helps identify issues, and supports faster troubleshoot
How to Register and Use Laravel Service ProvidersMar 07, 2025 am 01:18 AMLaravel's service container and service providers are fundamental to its architecture. This article explores service containers, details service provider creation, registration, and demonstrates practical usage with examples. We'll begin with an ove
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
SublimeText3 Linux new version
SublimeText3 Linux latest version
SublimeText3 English version
Recommended: Win version, supports code prompts!
