From 4b0f2cfbd2e9ffb8ee87c13bad835d7c353aac9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B2=A9=E4=BB=9488?= <> Date: Thu, 14 May 2026 12:31:46 +0800 Subject: [PATCH] =?UTF-8?q?hsm=E5=AE=8C=E5=96=84+=20=E6=97=A5=E5=BF=97?= =?UTF-8?q?=EF=BC=88=E6=9C=AA=E6=9B=B4=E6=96=B0=E6=9C=8D=E5=8A=A1=E5=99=A8?= =?UTF-8?q?=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Laravel/app/Http/Middleware/CheckSign.php | 40 +++++++++- Laravel/app/Http/Middleware/Log.php | 90 ++++++++++++++++------- Laravel/app/Lib/HSM.php | 67 ++++++++++++----- 3 files changed, 152 insertions(+), 45 deletions(-) diff --git a/Laravel/app/Http/Middleware/CheckSign.php b/Laravel/app/Http/Middleware/CheckSign.php index 85d6eca..5a17b05 100644 --- a/Laravel/app/Http/Middleware/CheckSign.php +++ b/Laravel/app/Http/Middleware/CheckSign.php @@ -5,6 +5,7 @@ use Closure; use Illuminate\Http\Request; use Illuminate\Support\Facades\DB; +use Illuminate\Support\Facades\Log; class CheckSign { @@ -24,11 +25,44 @@ public function handle(Request $request, Closure $next) $sign=$request->input('sign'); $timeDiff = abs(time() - $time); // 获取时间差的绝对值 - if ($timeDiff >= 600) return \Yz::echoError1('时间异常'); + if ($timeDiff >= 600) { + Log::error('签名验证失败-时间异常', [ + 'app_id' => $app_id, + 'time' => $time, + 'current_time' => time(), + 'time_diff' => $timeDiff, + 'nonce' => $nonce, + 'sign' => $sign, + 'url' => $request->getPathInfo() + ]); + return \Yz::echoError1('时间异常'); + } + $cha_s=DB::table('outside_user')->where(['app_id'=>$app_id])->get(); - if(!count($cha_s)==1) return \Yz::echoError1('第三方用户不存在'); + if(!count($cha_s)==1) { + Log::error('签名验证失败-第三方用户不存在', [ + 'app_id' => $app_id, + 'time' => $time, + 'nonce' => $nonce, + 'sign' => $sign, + 'url' => $request->getPathInfo(), + 'user_count' => count($cha_s) + ]); + return \Yz::echoError1('第三方用户不存在'); + } + $s_sign=strtoupper(md5($app_id.$time.$nonce.$cha_s[0]->app_secrect)); - if($sign<>$s_sign) return \Yz::echoError1('签名验证失败'); + if($sign<>$s_sign) { + Log::error('签名验证失败-签名不匹配', [ + 'app_id' => $app_id, + 'time' => $time, + 'nonce' => $nonce, + 'client_sign' => $sign, + 'server_sign' => $s_sign, + 'url' => $request->getPathInfo() + ]); + return \Yz::echoError1('签名验证失败'); + } return $next($request); } diff --git a/Laravel/app/Http/Middleware/Log.php b/Laravel/app/Http/Middleware/Log.php index 38edea2..489c18b 100644 --- a/Laravel/app/Http/Middleware/Log.php +++ b/Laravel/app/Http/Middleware/Log.php @@ -4,6 +4,7 @@ use Closure; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Log as LaravelLog; use App\Services\LogService; class Log @@ -19,38 +20,77 @@ public function handle(Request $request, Closure $next) { $insert_id=0; $insert_id=self::requestLog($request,$insert_id); //记录请求时日志,不含返回信息 - $response = $next($request); + + try { + $response = $next($request); + } catch (\Throwable $e) { + // 捕获控制器层的异常 + LaravelLog::error('Log中间件捕获异常-请求处理失败', [ + 'error' => $e->getMessage(), + 'file' => $e->getFile(), + 'line' => $e->getLine(), + 'url' => $request->getPathInfo(), + 'method' => $request->method(), + 'post_data' => $request->post(), + 'get_data' => $request->query() + ]); + throw $e; // 重新抛出异常,让Laravel异常处理器处理 + } + if($request->getPathInfo()=='/api/v1/mH5/GetPersonPdfDetailByLink'){ return $response; } - $content = $response->getContent(); - $data = json_decode($content, true); // 解码响应内容为关联数组 + try { + $content = $response->getContent(); + $data = json_decode($content, true); // 解码响应内容为关联数组 - // 在关联数组中添加 code 字段 - // $data['code'] = 200; - $data['code'] = $response->getStatusCode(); - $modifiedContent = json_encode($data,JSON_UNESCAPED_UNICODE); // 编码修改后的关联数组为 JSON 字符串 - $response->setContent($modifiedContent); + // 检查JSON解码是否成功 + if ($data === null && json_last_error() !== JSON_ERROR_NONE) { + LaravelLog::error('Log中间件-响应内容JSON解码失败', [ + 'url' => $request->getPathInfo(), + 'json_error' => json_last_error_msg(), + 'content_preview' => substr($content, 0, 500), + 'status_code' => $response->getStatusCode() + ]); + return $response; // 直接返回原始响应,不处理 + } - if(env('REQUEST_LOG') and $response->getStatusCode()==200){ //如果返回状态为200进行log + // 在关联数组中添加 code 字段 + // $data['code'] = 200; + $data['code'] = $response->getStatusCode(); + $modifiedContent = json_encode($data,JSON_UNESCAPED_UNICODE); // 编码修改后的关联数组为 JSON 字符串 + $response->setContent($modifiedContent); - $ip=self::getTrustedProxiesIp(); //真实ip - $request_header=$request->header(); //请求头 - //dd($response); - $response_data = $response->getData(); //返回data,json格式 - $post_data=$request->post(); //post请求数据 - $get_data=$request->query(); //get请求 - $request_url=$request->getPathInfo();//访问的接口地址 - $log=app()->make(LogService::class); - $log->RequestLog([ - 'ip'=>$ip, - 'response_data'=>$response_data, - 'request_header'=>$request_header, - 'post_data'=>$post_data, - 'get_data'=>$get_data, - 'request_url'=>$request_url, - ],$insert_id); + if(env('REQUEST_LOG') and $response->getStatusCode()==200){ //如果返回状态为200进行log + + $ip=self::getTrustedProxiesIp(); //真实ip + $request_header=$request->header(); //请求头 + //dd($response); + $response_data = $response->getData(); //返回data,json格式 + $post_data=$request->post(); //post请求数据 + $get_data=$request->query(); //get请求 + $request_url=$request->getPathInfo();//访问的接口地址 + $log=app()->make(LogService::class); + $log->RequestLog([ + 'ip'=>$ip, + 'response_data'=>$response_data, + 'request_header'=>$request_header, + 'post_data'=>$post_data, + 'get_data'=>$get_data, + 'request_url'=>$request_url, + ],$insert_id); + } + + } catch (\Throwable $e) { + // 捕获响应处理中的异常 + LaravelLog::error('Log中间件-响应处理失败', [ + 'error' => $e->getMessage(), + 'file' => $e->getFile(), + 'line' => $e->getLine(), + 'url' => $request->getPathInfo(), + 'trace' => $e->getTraceAsString() + ]); } diff --git a/Laravel/app/Lib/HSM.php b/Laravel/app/Lib/HSM.php index 3028ff8..b23b379 100644 --- a/Laravel/app/Lib/HSM.php +++ b/Laravel/app/Lib/HSM.php @@ -1,6 +1,7 @@ true,'data'=>hex2bin($r_data['body']['plain'])]; - }else{ - return ['status'=>false]; - } - } + $r_data=json_decode($encryptStr, true); + if($r_data && $r_data['status']==0){ + return ['status'=>true,'data'=>hex2bin($r_data['body']['plain'])]; + }else{ + return ['status'=>false]; + } + } //计算 HMAC public static function Hmac($or_str) { @@ -80,28 +81,60 @@ public function post($url, $data_string,$or_str='') curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); + curl_setopt($curl, CURLOPT_TIMEOUT, 30); // 添加超时:最大执行时间30秒 + curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10); // 添加超时:连接超时10秒 curl_setopt($curl, CURLOPT_HTTPHEADER, [ 'Content-Type: application/json; charset=utf-8', 'Content-Length: ' . strlen($data_string) ]); curl_setopt($curl, CURLOPT_POSTFIELDS, $data_string); $r = curl_exec($curl); + + // 检查curl错误 + if (curl_errno($curl)) { + $error_msg = curl_error($curl); + $error_code = curl_errno($curl); + curl_close($curl); + + // 记录到Laravel日志 + Log::error('HSM curl请求失败', [ + 'url' => $url, + 'error_code' => $error_code, + 'error_msg' => $error_msg, + 'request_data' => $or_str, + 'post_data_preview' => substr($data_string, 0, 500) + ]); + + // 返回错误信息 + return json_encode(['status' => 1, 'message' => 'curl错误: ' . $error_msg]); + } + curl_close($curl); date_default_timezone_set('PRC'); $table_name='zz_request_log_' . date('ym'); $formatted_date= date("Y-m-d H:i:s"); - DB::table($table_name)->insert([ - 'request_ip'=>'', - 'response_data'=>json_encode($r, JSON_UNESCAPED_UNICODE), - 'header_data'=>'', - 'post_data'=>$or_str.'/'.$data_string, - 'get_data'=>'', - 'request_url'=>$url, - 'create_time' => $formatted_date, - 'update_time' => $formatted_date - ]); + try { + DB::table($table_name)->insert([ + 'request_ip'=>'', + 'response_data'=>json_encode($r, JSON_UNESCAPED_UNICODE), + 'header_data'=>'', + 'post_data'=>$or_str.'/'.$data_string, + 'get_data'=>'', + 'request_url'=>$url, + 'create_time' => $formatted_date, + 'update_time' => $formatted_date + ]); + } catch (\Throwable $e) { + // 数据库日志记录失败不影响主流程,只记录到Laravel日志 + Log::error('HSM数据库日志记录失败', [ + 'error' => $e->getMessage(), + 'file' => $e->getFile(), + 'line' => $e->getLine(), + 'url' => $url + ]); + } return $r; }