复现双验签

2024-04-11 14:57:47 +08:00 · 2024-04-11 14:57:47 +08:00 · 43c9890f06
commit 43c9890f06
parent b7239af0e0
4 changed files with 411 additions and 0 deletions
--- a/model/killara_customer_token_logic.go
+++ b/model/killara_customer_token_logic.go
@ -1,6 +1,10 @@
 package model

 import (
+	"encoding/json"
+	"errors"
+	"time"
+
 	"gorm.io/gorm"
 )

@ -9,3 +13,144 @@ type KillaraCustomerTokenModel struct {
 	db        *gorm.DB
 	TableName string // 表名
 }
+
+// InsertToken inserts a new token record
+// func (m *KillaraCustomerTokenModel) InsertToken(data map[string]interface{}) error {
+// 	token, ok := data["token"].(string)
+// 	if !ok {
+// 		return ErrInvalidTokenValue
+// 	}
+
+// 	m.DeleteToken(token)
+
+// 	customerID, _ := data["customer_id"].(uint64)
+// 	platform, _ := data["platform"].(int64)
+// 	if customerID != 0 && platform != 0 {
+// 		m.db.Where("customer_id = ? AND platform = ?", customerID, platform).Delete(&KillaraCustomerToken{})
+// 	}
+
+// 	return m.db.Create(&KillaraCustomerToken{
+// 		Token:      &token,
+// 		CustomerId: &customerID,
+// 		Data:       nilStringPtr(data["data"].(string)),
+// 		Expiry:     nilTimePtr(time.Unix(int64(data["expiry"].(float64)), 0)),
+// 		Platform:   platform,
+// 	}).Error
+// }
+
+// UpdateTokenData updates the data field of a token record
+func (m *KillaraCustomerTokenModel) UpdateTokenData(token string, data map[string]interface{}) error {
+	dataStr, _ := json.Marshal(data)
+	return m.db.Model(&KillaraCustomerToken{}).Where("token = ?", token).Update("data", string(dataStr)).Error
+}
+
+// UpdateTokenExpiry updates the expiry field of a token record
+func (m *KillaraCustomerTokenModel) UpdateTokenExpiry(token string, expiry int64) error {
+	return m.db.Model(&KillaraCustomerToken{}).Where("token = ?", token).Update("expiry", time.Unix(expiry, 0)).Error
+}
+
+// UpdateTokenCustomerID updates the customer_id field of a token record
+func (m *KillaraCustomerTokenModel) UpdateTokenCustomerID(token string, customerID uint64) error {
+	err := m.db.Model(&KillaraCustomerToken{}).Where("token = ?", token).Update("customer_id", customerID).Error
+	if err == gorm.ErrRecordNotFound {
+		return nil
+	}
+	return err
+}
+
+// DeleteToken deletes a token record
+func (m *KillaraCustomerTokenModel) DeleteToken(token string) error {
+	err := m.db.Where("token = ?", token).Delete(&KillaraCustomerToken{}).Error
+	if err == gorm.ErrRecordNotFound {
+		return nil
+	}
+	return err
+}
+
+// GetToken retrieves a token record by token value
+func (m *KillaraCustomerTokenModel) GetToken(token string) (*KillaraCustomerToken, error) {
+	var record KillaraCustomerToken
+	err := m.db.Where("token = ?", token).First(&record).Error
+	if err == gorm.ErrRecordNotFound {
+		return nil, nil
+	}
+	return &record, err
+}
+
+// CheckToken checks if a token is valid
+// func (m *KillaraCustomerTokenModel) CheckToken(token string) (*KillaraCustomerToken, error) {
+// 	var record KillaraCustomerToken
+// 	err := m.db.Where("token = ?", token).First(&record).Error
+// 	if err != nil {
+// 		return nil, err
+// 	}
+
+// 	if record.Expiry == nil || record.Expiry.Before(time.Now()) {
+// 		m.DeleteToken(token)
+// 		return nil, ErrTokenExpired
+// 	}
+
+// 	return &record, nil
+// }
+
+// ClearDuplicateToken clears duplicate tokens for a customer_id
+func (m *KillaraCustomerTokenModel) ClearDuplicateToken(customerID uint64, currentToken string, platform int64) error {
+	tokens := []KillaraCustomerToken{}
+	err := m.db.Where("customer_id = ? AND platform = ?", customerID, platform).Find(&tokens).Error
+	if err != nil {
+		return err
+	}
+
+	for _, token := range tokens {
+		if *token.Token != currentToken {
+			m.UpdateTokenCustomerID(*token.Token, 0)
+		}
+	}
+
+	return nil
+}
+
+// GetTokenByCustomerID retrieves the token value for a customer_id
+func (m *KillaraCustomerTokenModel) GetTokenByCustomerID(customerID uint64) (string, error) {
+	var record KillaraCustomerToken
+	err := m.db.Select("token").Where("customer_id = ?", customerID).First(&record).Error
+	return *record.Token, err
+}
+
+// GetTokenDataByCustomerID retrieves the token data for a customer_id
+func (m *KillaraCustomerTokenModel) GetTokenDataByCustomerID(customerID uint64) (map[string]interface{}, error) {
+	var record KillaraCustomerToken
+	err := m.db.Select("data").Where("customer_id = ?", customerID).First(&record).Error
+	if err != nil {
+		return nil, err
+	}
+
+	var data map[string]interface{}
+	if record.Data != nil {
+		err = json.Unmarshal([]byte(*record.Data), &data)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return data, nil
+}
+
+func nilStringPtr(s string) *string {
+	if s == "" {
+		return nil
+	}
+	return &s
+}
+
+func nilTimePtr(t time.Time) *time.Time {
+	if t.IsZero() {
+		return nil
+	}
+	return &t
+}
+
+var (
+	ErrInvalidTokenValue = errors.New("invalid token value")
+	ErrTokenExpired      = errors.New("token has expired")
+)
--- a/php_model/Token.php
+++ b/php_model/Token.php
@ -0,0 +1,197 @@
+<?php
+
+/**
+ * Token类存储APP和微信小程序用户登录产生的数据，并负责较验用户的状态。
+ *
+ * @author Evan
+ */
+
+class Model_Customer_Token extends \application\Model\Base\BaseModel
+{
+    private $_customerTokenTable;
+    private $_redisKey = 'token_';
+    
+    public $db;
+    public $redis;
+    
+    public function __construct() 
+    {
+        $this->db = \system\engine\Registry::get('db');
+        
+//        $this->redis = \system\engine\Registry::get('redis');
+        
+        $this->redis = false;
+        
+        $config = \system\engine\Registry::get('config');
+		
+        $this->tableFullName = $this->_customerTokenTable = $config->database->prefix
+                . 'customer_token';
+    }
+    
+    /**
+    * 删除指定的登录数据
+    *
+    * @param Array $data <p>登录认证数据</p>
+    * 
+    */
+    public function insertToken($data)
+    {
+    
+        $this->deleteToken($data['token']);
+        
+        if (!empty($data['customer_id']) && !empty($data['platform'])) {
+            $this->db->query('DELETE FROM ' . $this->_customerTokenTable . ' WHERE customer_id = ' 
+                    . $this->db->quote($data['customer_id']) . ' AND platform = ' . $this->db->quote($data['platform']));
+        }
+        
+        $this->db->insert($this->_customerTokenTable, $data);
+       
+    }
+    
+    /**
+    * 更新指定的登录数据
+    *
+    * @param String $token <p>用户登录时生成的token字符串</p>
+    * @param Array $data <p>其它需要记录的数据</p>
+    * 
+    */
+    public function updateTokenData($token, $data = array())
+    {
+ 
+        $where = $this->db->quoteInto('token = ?', $token);
+
+        $this->db->update($this->_customerTokenTable, array(
+            'data'      => json_encode($data)
+        ), $where);
+         
+    }
+    
+    /**
+    * 更新登录数据的生命期
+    *
+    * @param String $token <p>用户登录时生成的token字符串</p>
+    * @param Int $expiry <p>过期时间，Unix时间戳</p>
+    * 
+    */
+    public function updateTokenExpiry($token, $expiry)
+    {
+ 
+        $where = $this->db->quoteInto('token = ?', $token);
+
+        $this->db->update($this->_customerTokenTable, array(
+            'expiry'        => $expiry
+        ), $where);
+         
+    }
+    
+    /**
+    * 更新登录数据的会员ID
+    *
+    * @param String $token <p>用户登录时生成的token字符串</p>
+    * @param Int $customer_id <p>已登录会员的ID</p>
+    * 
+    */
+    public function updateTokenCustomerId($token, $customer_id)
+    {
+     
+        $where = $this->db->quoteInto('token = ?', $token);
+
+        $this->db->update($this->_customerTokenTable, array(
+            'customer_id'        => $customer_id
+        ), $where);
+     
+    }
+    
+    /**
+    * 删除指定的登录数据
+    *
+    * @param String $token <p>用户登录时生成的token字符串</p>
+    * 
+    */
+    public function deleteToken($token)
+    {
+     
+        $where = $this->db->quoteInto('token = ?', $token);
+
+        $this->db->delete($this->_customerTokenTable, $where);
+         
+    }
+
+    /**
+    *获取用户的登录数据
+    *
+    * @param String $token <p>用户登录时生成的token字符串</p>
+     * 
+    * @return Array 一个包含登录数据的数组
+    */
+    public function getToken($token)
+    {
+ 
+        return $this->db->fetchRow('SELECT * FROM ' . $this->_customerTokenTable 
+            . ' WHERE token = ' . $this->db->quote($token));
+      
+    }
+
+    /**
+    * 较验Token是否有效
+    *
+    * @param String $token <p>用户登录时生成的token字符串</p>
+    * 
+    * @return Mix 返回一组会员数据代表验证通过，<b>FALSE</b>代表验证不通过。
+    */
+    public function checkToken($token) 
+    {
+  
+        $result = $this->db->fetchRow('SELECT * FROM ' . $this->_customerTokenTable 
+                . ' WHERE token = ' . $this->db->quote($token));
+
+        if ($result) {
+            if ($result['expiry'] > time()) {
+                return $result;
+            } else {
+                $this->deleteToken($token);
+
+                return FALSE;
+            }
+        } else {
+            return FALSE;
+        }
+        
+    }
+    
+    /**
+    *获取用户的登录数据
+    *
+    * @param String $customer_id <p>用户ID</p>
+    * @param String $current_token <p>用户当前有效的token字符串</p>
+    * @param String $platform <p>登录平台ID</p>
+    * @return Boolean 一个包含登录数据的数组
+    */
+    public function clearDuplicateToken($customer_id, $current_token, $platform = 1)
+    {
+        $results = $this->db->fetchAll('SELECT * FROM ' . $this->_customerTokenTable
+                . ' WHERE customer_id = ' . $this->db->quote($customer_id) . 'AND platform = ' . $this->db->quote($platform));
+        
+        foreach ($results as $result) {
+            if ($result['token'] != $current_token) {
+                $this->updateTokenCustomerId($result['token'], 0);
+            }
+        }
+        
+        return false;
+    }
+    
+    public function getTokenByCustomerId($customer_id)
+    {
+        return $this->db->fetchOne('SELECT token FROM ' . $this->_customerTokenTable 
+            . ' WHERE customer_id = ' . $this->db->quote($customer_id));
+    }
+    
+    public function getTokenDataByCustomerId($customer_id)
+    {
+        $token_data =  $this->db->fetchOne('SELECT data FROM ' . $this->_customerTokenTable 
+            . ' WHERE customer_id = ' . $this->db->quote($customer_id));
+        
+        return json_decode($token_data, true);
+    }
+}
--- a/test/password_test.go
+++ b/test/password_test.go
@ -0,0 +1,30 @@
+package vertmore_test
+
+import (
+	"crypto/sha1"
+	"fmt"
+	"log"
+	"testing"
+
+	"github.com/iapologizewhenimwrong/Vestmore_GO/utils/auth"
+)
+
+func TestPassword(t *testing.T) {
+
+	// customer := map[string]string{
+	// 	"password":        "486790f71aea661645b38e94c2734e454dd73a4d",
+	// 	"salt":            "b83192106fa45fef0d914c579848ebea",
+	// 	"random_password": "709889",
+	// }
+	// password := "6601502.."
+	password := "709889"
+	pwdhash := fmt.Sprintf("%x", sha1.Sum([]byte(password)))
+
+	log.Println()
+
+	if !auth.CheckPassword("486790f71aea661645b38e94c2734e454dd73a4d", "b83192106fa45fef0d914c579848ebea", "709889", pwdhash) {
+		fmt.Println("密码验证失败")
+	} else {
+		fmt.Println("密码验证成功")
+	}
+}
--- a/utils/auth/check_customer_password.go
+++ b/utils/auth/check_customer_password.go
@ -0,0 +1,39 @@
+package auth
+
+import (
+	"crypto/md5"
+	"crypto/sha1"
+	"fmt"
+)
+
+// sha1($customer['salt'] . md5($customer['salt'] . $password))
+func HashPassword(salt, password string) string {
+	saltBytes := []byte(salt)
+	passwordBytes := []byte(password)
+
+	// 计算 md5($customer['salt'] . $password)
+	md5Hash := md5.Sum(append(saltBytes, passwordBytes...))
+
+	// 计算 $customer['salt'] . md5($customer['salt'] . $password)
+	combined := append(saltBytes, []byte(fmt.Sprintf("%x", md5Hash))...)
+
+	// 计算 sha1($customer['salt'] . md5($customer['salt'] . $password))
+	sha1Hash := sha1.Sum(combined)
+
+	return fmt.Sprintf("%x", sha1Hash)
+}
+
+func CheckPassword(custPassword, salt, randomPassword string, password string) bool {
+
+	if custPassword == HashPassword(salt, password) {
+		return true
+	}
+
+	// 验证密码规则2
+	if password == fmt.Sprintf("%x", sha1.Sum([]byte(randomPassword))) {
+		return true
+	}
+
+	// 如果两个条件都不满足，则返回false
+	return false
+}