Download the PHP package gitfei1231/webman-api-sign without Composer

On this page you can find all versions of the php package gitfei1231/webman-api-sign. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of gitfei1231/webman-api-sign

Informations about the package webman-api-sign

webman-api-sign

适用于webman项目的api签名,本插件基于 https://github.com/wen-gg/webman-api-sign 修改,不需要防止重放请求和RSA加密的直接使用原作者的插件即可。

更新日志

2024-03-18 修复无法安装问题

安装

composer require gitfei1231/webman-api-sign

配置

指定路由不需要签名验证

不设置 setParams 或者 设置notSign为 false 都要经过验证

开启非对称加密 rsa_status

注意:开启后客户端需自行随机动态生成app_secret(不开启则使用服务端固定的app_secret),用公钥进行加密app_secret,服务器端会进行解密出app_secret, 生成sign进行比对。

非对称加密算法为 RSAES-PKCS1-V1_5

  1. app_secret 客户端自行生成
  2. sign使用自动生成的app_secret按照下面签名算法客户端计算出来
  3. 使用公钥加密app_secret,通过header中的appKey字段进行传输(未开启rsa,此字段不用传)

php端非对称加密和解密代码例子

js端非对称加密和解密代码例子

开启body报文加密 encrypt_body,非明文传输参数安全性更高(不加密get参数)

注意:如果启用的RSA,那么需使用自行随机动态生成app_secret进行对称加密(否则使用服务端固定的app_secret进行对称加密)

app_secret秘钥必须为32位,如:3ddc81a729c34c50b097a098b0512f16

接口使用https已经可以达到报文加密的作用了,开发这个为啥?因为防止 “中间人”抓包,使用代理软件抓包可以获取https明文数据

1、开启了rsa_status
  1. 把body传输的json数据进行转为字符串
  2. 使用自动生成的app_secret作为密钥进行aes-128-cbc对称加密
  3. 将加密后的字符串直接通过body进行传输
2、未开启rsa_status
  1. 把body传输的json数据进行转为字符串
  2. 使用固定的app_secret作为密钥进行aes-128-cbc对称加密
  3. 将加密后的字符串直接通过body进行传输

php对称加密代码例子

JS端对称加密/解密类,可与本库加解密互通

其他客户端语言加解密可以参考上面php/js端类进行编写

再support/Request.php新增方法

签名计算

注意:签名数据除业务参数外需加上app_key,timestamp,nonceStr对应的字段数据,上面的加密报文和签名sign计算不相干,sign还是按照传输的字段进行计算,密文到后端会转为字段后再进行sign计算

  1. 签名数据先按照键名升序排序
  2. 使用 & 链接签名数组(参数不转义,空数据不参与加密),再在尾部加上app_secret
  3. 再根据配置的加密方式 hash() 签名数据

示例

排序前

排序后

链接后

加密

方法一:提供一个js http_build_query 比较高效的写法

方法二:提供一个locutus库中 js 仿php http_build_query 写法

修复了该库的方法在有空数组空对象时多出连续&符号问题

提供一个js sortData 排序方法

提供一个php sortData 排序方法

测试js版本 http_build_query + sortData 对比 php版本 http_build_query + sortData

js版本使用的是上面 http_build_query方法(上面) + sortData方法(上面) + urldecode方法(上面)

php版本使用的http_build_query + sortData(上面) + urldecode

All versions of webman-api-sign with dependencies

PHP Build Version
Package Version
Requires webman/think-cache Version ^1.0
webman/think-orm Version ^1.0
phpseclib/phpseclib Version ~3.0
psr/container Version ^1.1
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package gitfei1231/webman-api-sign contains the following files

Loading the files please wait ....