validSign($request); if (!$status) { return response()->json(['code' => 0, 'msg' => $message], 400); } return $next($request); } //校验签名 function validSign($request) { try{ $postData = $request->all(); $signature = $request->header('X-Signature'); // 获取请求头中的签名 if (empty($signature)) { return [false,'签名错误']; } $user_key = Hashids::decode($request->input('user_key', null)); if (empty($user_key)) { return [false,'用户信息异常']; } $user_id = $user_key[0]; $signature = base64_decode($signature); ksort($postData); unset($postData['idcard_front']); unset($postData['idcard_back']); unset($postData['user_with_idcard']); $data = http_build_query($postData); // 用 & 和 = 拼接为字符串 ,中文字符要urlencode $pu_key = AgentApi::where('user_id', $user_id)->value('public_key'); if (empty($pu_key)) { return [false,'秘钥信息异常']; } $pu_keys = "-----BEGIN PUBLIC KEY-----\n$pu_key\n-----END PUBLIC KEY-----"; if(!openssl_verify($data, $signature, $pu_keys, OPENSSL_ALGO_SHA256)){ return [false,'签名错误']; } return [true,'验证成功']; }catch (\Exception $e){ return [false,'验证失败']; } } }