继续浏览精彩内容
慕课网APP
程序员的梦工厂
打开
继续
感谢您的支持,我会继续努力的
赞赏金额会直接到老师账户
将二维码发送给自己后长按识别
微信支付
支付宝支付

百度云API服务端鉴权总结

九州编程
关注TA
已关注
手记 475
粉丝 42
获赞 203

最近在研究百度云的一些服务,要对接百度云上的服务有SDK对接和API鉴权对接两种方式。

我结合自己的业务场景,选择了API鉴权的方式对接,处理API接口鉴权时花了不少时间。
总结一下,方便大家对接:

Signer.php:签名工具类,鉴权签名的核心方法都在这里
Utils.php:封装的工具类,鉴权,返回json数据等都在这里
Account.php:示例Controller,请求百度云接口

使用PHP的TP5框架,代码仅供参考,思路可以供大家借鉴,如有不当之处,欢迎指正

签名工具类
Signer.php

<?php

class SignerException extends Exception
{
    function __construct($message)
    {
        parent::__construct($message, 999);
    }
}

class Signer
{
    private $ak;
    private $sk;
    private $version = "1";
    private $timestamp;
    private $expiration = 1800;
    private $method;
    private $uri;
    private $params = array();
    private $headers = array();
    private $needLog = false;

    function __construct($accessKey, $secretKey)
    {
        $this->ak = $accessKey;
        $this->sk = $secretKey;
        $date = new DateTime('now');
        $date->setTimezone(new DateTimeZone('UTC'));
        $this->timestamp = $date->format('Y-m-d\TH:i:s\Z');
    }

    public function setVersion($version)
    {
        $this->version = $version;
    }

    public function setExpiration($expiration)
    {
        $this->expiration = $expiration;
    }

    public function setMethod($method)
    {
        if (!empty($method)) {
            $this->method = strtoupper($method);
        }
    }

    public function setTimestamp($timestamp)
    {
        $this->timestamp = $timestamp;
    }

    public function setUri($uri)
    {
        $this->uri = $uri;
    }

    public function setParams($params)
    {
        $this->params = $this->normalizeParam($params);
    }

    public function setSignHeaders($headers)
    {
        $this->headers = $this->normalizeHeaders($headers);
    }

    public function beLog($needLog)
    {
        $this->needLog = $needLog;
    }

    public function genAuthorization()
    {
        $signature = $this->genSignature();
        $authStr = "bce-auth-v" . $this->version . "/" .
            $this->ak . "/" . $this->timestamp . "/" .
            $this->expiration . "/" . $this->getSignedHeaderNames() . "/" . $signature;
        return $authStr;
    }

    public function genSignature()
    {
        if (empty($this->method)) {
            throw new SignerException("method is null or empty");
        }
        $signingKey = $this->genSigningKey();
        $this->signerLog("signingKey:" . $signingKey, __LINE__, __FILE__);
        $authStr = $this->method . "\n" .
            $this->getCanonicalURI() . "\n" .
            $this->getCanonicalParam() . "\n" .
            $this->getCanonicalHeaders();
        $this->signerLog("auth str:" . $authStr, __LINE__, __FILE__);
        return $this->sha256($signingKey, $authStr);
    }

    public function genSigningKey()
    {
        if (empty($this->ak)) {
            throw new SignerException("access key is null or empty");
        }
        if (empty($this->sk)) {
            throw new SignerException("secret key is null or empty");
        }
        if (empty($this->version)) {
            throw new SignerException("version is null or empty");
        }
        if (empty($this->timestamp)) {
            throw new SignerException("timestamp is null or empty");
        }
        if (empty($this->expiration)) {
            throw new SignerException("expiration is null or empty");
        }
        $authStr = "bce-auth-v" . $this->version . "/" . $this->ak . "/" .
            $this->timestamp . "/" . $this->expiration;
        return $this->sha256($this->sk, $authStr);
    }

    public function getCanonicalParam()
    {
        if (empty($this->params)) {
            return "";
        }
        $arryLen = count($this->params);
        $canonicalParams = "";
        foreach ($this->params as $key => $value) {
            if (is_array($value)) {
                $num = count($value);
                if (count($value) == 0) {
                    $canonicalParams = $canonicalParams . $key . "=";
                } else {
                    foreach ($value as $item) {
                        $canonicalParams = $canonicalParams . $key . "=" . $item;
                        if ($num > 1) {
                            $canonicalParams = $canonicalParams . "&";
                            $num--;
                        }
                    }
                }
            } else {
                $canonicalParams = $canonicalParams . $key . "=" . $value;
            }
            if ($arryLen > 1) {
                $canonicalParams = $canonicalParams . "&";
                $arryLen--;
            }
        }
        return $canonicalParams;
    }

    public function getCanonicalURI()
    {
        if (empty($this->uri)) {
            throw new SignerException("uri is null or empty");
        }
        $newUri = $this->dataEncode($this->uri, true);
        if (strpos($newUri, "/") === 0) {
            return $newUri;
        }
        return "/" . $newUri;
    }

    public function getCanonicalHeaders()
    {
        if (empty($this->headers) || !array_key_exists("host", $this->headers)) {
            throw new SignerException("host not in headers");
        }
        $canonicalHeaders = "";
        $strArry = array();
        foreach ($this->headers as $key => $value) {
            if (empty($value)) {
                continue;
            }
            $strArry[] = $this->dataEncode($key, false) . ":" . $value;
        }
        $arryLen = count($strArry);
        for ($i = 0; $i < $arryLen; $i++) {
            if ($i < $arryLen - 1) {
                $canonicalHeaders = $canonicalHeaders . $strArry[$i] . "\n";
                continue;
            }
            $canonicalHeaders = $canonicalHeaders . $strArry[$i];
        }
        return $canonicalHeaders;
    }

    private function sha256($key, $data)
    {
        return hash_hmac('sha256', $data, $key);
    }

    private function dataEncode($data, $isPath)
    {
        if (empty($data)) {
            return "";
        }
        $encode = mb_detect_encoding($data, array("ASCII", "UTF-8", "GB2312", "GBK", "BIG5"));
        if ($encode != "UTF-8") {
            $data = $code1 = mb_convert_encoding($data, 'utf-8', $encode);
        }
        $encodeStr = rawurlencode($data);
        if ($isPath) {
            $encodeStr = str_replace("%2F", "/", $encodeStr);
        }
        return $encodeStr;
    }

    private function normalizeHeaders($headers)
    {
        $newArray = array();
        if (empty($headers)) {
            return $newArray;
        }
        foreach ($headers as $key => $value) {
            $newKey = strtolower($key);
            if (empty($newKey)) {
                continue;
            }
            $newArray[$newKey] = $this->dataEncode(trim($value), false);
        }
        ksort($newArray);
        return $newArray;
    }

    private function normalizeParam($params)
    {
        $newArray = array();
        if (empty($params)) {
            return $newArray;
        }
        foreach ($params as $key => $value) {
            if (empty($key) || strtolower($key) == "authorization") {
                continue;
            }
            if (is_array($value)) {
                $newSubArray = array();
                foreach ($value as $item) {
                    $newSubArray[] = $this->dataEncode($item, false);
                }
                sort($newSubArray);
                $newArray[$this->dataEncode($key, false)] = $newSubArray;
            } else {
                $newArray[$this->dataEncode($key, false)] = $this->dataEncode($value, false);
            }
        }
        ksort($newArray);
        return $newArray;
    }

    private function getSignedHeaderNames()
    {
        $arryLen = count($this->headers);
        $headerNames = "";
        foreach ($this->headers as $key => $value) {
            $headerNames = $headerNames . $key;
            if ($arryLen > 1) {
                $headerNames = $headerNames . ";";
                $arryLen--;
            }
        }
        return $headerNames;
    }

    private function signerLog($content, $line, $file)
    {
        if ($this->needLog) {
            error_log($file . ":" . $line . ":[" . $content . "]\n", 3, "./signer_log");
        }
    }
}

?>

封装的工具类,集成了常用的方法
Utils.php

<?php

/**
 * Created by PhpStorm.
 * User: 王中阳
 * Date: 2019/7/24
 * Time: 9:45
 */
require 'Signer.php';
define('AK', "your ak");
define('SK', "your sk");
define('HOST', "sem.baidubce.com"); //按百度要求换内容
define('BASE_URL', "http://sem.baidubce.com/");//按百度要求换内容
define('HTTP_Method', "POST");//按百度要求换内容

class Utils
{
    //公共header  注意:我对接的是百度信息流推广api,header应根据百度云各服务的要求进行修改
    static function Header()
    {
        return [
            'opUsername' => 'xxxxxxx',
            'opPassword' => 'xxxxxxx',
            'tgUsername' => 'xxxxxxx',
            'tgPassword' => 'xxxxxxx',
            'bceUser' => 'xxxxxxx',
        ];
    }

    //请求百度
    static function curl_post($url, $body, $auth)
    {
        //处理请求体
        $files = [
            'header' => self::Header(),
            'body' => $body
        ];
        $files = json_encode($files, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_URL, $url);


        curl_setopt($ch, CURLOPT_POSTFIELDS, $files);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_HTTPHEADER, array(
                'Content-Type: application/json',
                'host:sem.baidubce.com',  //改成你的数据
                'authorization:' . $auth,
                'accept-encoding:gzip, deflate',
                'accept:*/*'
            )
        );
        $response = curl_exec($ch);
        $request = curl_getinfo($ch, CURLINFO_HEADER_OUT);
        $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        self::result($httpCode, $response);
    }

    //校验权限
    static function gen_auth($uri = "")
    {
        $headers = array();
        $headers['host'] = HOST;
        $signer = new \Signer(AK, SK);
        $signer->setMethod(HTTP_Method);
        $signer->setUri($uri);
        $signer->setSignHeaders($headers);
        try {
            $signature = $signer->genAuthorization();
            return $signature;
        } catch (SignerException $e) {
            echo $e->getMessage();
            return;
        }
    }

    //返回结果
    static public function result($errno = 0, $data = '')
    {
        header("Content-type: application/json;charset=utf-8");

        $errno = intval($errno);

        //注意:这里可能不满足你的项目 根据百度返回结果做修改 或者不用我这种处理方式
        //json转数组
        $data = json_decode($data, true);
        if (isset($data['header']['failures'][0])) {
            $message = $data['header']['failures'][0]['message'];
        } else {
            $message = 'success';
        }

        $json = json_encode($data['body']['data'][0]);
        $result = array(
            'errno' => 1,
            'message' => $message,
            'data' => json_encode($data['body']['data'][0]),//处理百度 返回结果
        );
        echo json_encode($result, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
        exit;
    }

    /**
     * 时间 日期
     */
    static public function ymd($time)
    {
        return date("Y-m-d", $time);
    }
}
复制代码
业务层controller:百度api在请求接口的同时做权限校验
Account.php
<?php
namespace app\index\controller;

require 'Utils.php';

class Account
{
    /**
     * 获得账号信息
     */
    public function info()
    {
        $uri = "v1/feed/cloud/AccountFeedService/getAccountFeed";
        $auth = \Utils::gen_auth($uri);
        $url = BASE_URL . $uri;

        $body = [
            'accountFeedFields' => [
                'userId',
                'balance',
                'budget',
                'balancePackage',
                'userStat',
                'uaStatus',
                'validFlows',
            ],
        ];
        //返回数据集成在Utils中
        \Utils::curl_post($url, $body, $auth);
    }

作者:王中阳Go
链接:https://juejin.cn/post/6954910340991680549
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。

打开App,阅读手记
0人推荐
发表评论
随时随地看视频慕课网APP