实时下线接口完善（增加请求安全校验）

74559f62 · 吴贤德 · 1f0745c1 · 74559f62 · 74559f62 · 74559f62
Commit 74559f62 authored Sep 04, 2019 by 吴贤德
4 changed files
--- a/Docs/实时下线接口说明.txt
+++ b/Docs/实时下线接口说明.txt
+
+媒资实时下线接口
+
+ 请求:
+    GET http://api.hotel.wasu.tv/api/center/media_offline?spid=1&mid=33431345
+
+ 输入:
+    spid :  合作方标识(我们提供,每个合作方标识不一样)
+    mid :   媒资标识代码(经纬cms中的媒资id)
+
+ 输出:
+
+    样例  :   {"code":0,"msg":"ok"}
+    code :  0-成功,1001-传入的媒资参数有问题,1002,2001-下线失败
+    msg  :  结果说明
\ No newline at end of file
--- a/Docs/实时下线接口说明1.txt
+++ b/Docs/实时下线接口说明1.txt
+
+媒资实时下线接口
+
+ 请求:
+    GET http://api.hotel.wasu.tv/api/center/media_offline?spid=1&mid=33431345&sw_time=1523345555&sw_sign=xxxxx
+
+ 输入:
+    spid :  合作方标识(我们提供,每个合作方标识不一样)
+    mid :   媒资标识代码(经纬cms中的媒资id)
+    sw_time :   请求时间戳
+    sw_sign :   请求签名 md5(spid&mid&sw_time&key)
+                如:
+                    md5(1&33431345&1523345555&key)
+                    key : 我们提供(每个spid对应不同的key)
+
+ 输出:
+
+    样例  :   {"code":0,"msg":"ok"}
+    code :  0-成功
+            101-请求过期
+            102-签名验证失败
+            1001-传入的媒资参数有问题
+            1002-sp info err
+            2001-下线失败
+    msg  :  结果说明
\ No newline at end of file
--- a/Docs/小帅CMS同步数据.xls
+++ b/Docs/小帅CMS同步数据.xls
--- a/SooonerHotel/App/Lib/Action/Api/CenterAction.class.php
+++ b/SooonerHotel/App/Lib/Action/Api/CenterAction.class.php
@@ -9,6 +9,21 @@
 */
 class CenterAction extends Action
 {
+    function valid($sw_time,$sw_sign,$my_sign)
+    {
+        $result["code"]=0;
+        $ts = time() - $sw_time;
+        if ($ts<=-600||$ts>=600){
+            $result["code"]=101;
+            $result["msg"]="timeout!";
+        }else{
+            if ($sw_sign!=$my_sign){
+                $result["code"]=102;
+                $result["msg"]="sign err!";
+            }
+        }
+        return $result;
+    }
    /**
     * 系统配置接口
     */
@@ -55,44 +70,63 @@ class CenterAction extends Action
     *  spid :  合作方标识(我们提供,每个合作方标识不一样)
     *  mid :   媒资标识代码(经纬cms中的媒资id)
     *  sw_time :   请求时间戳
-     *  sw_sign :   请求签名 md5(uri+key) 如:
-     *              uri :/api/center/media_offline?spid=1&mid=33431345&sw_time=1523345555
-     *              key : 我们提供(每个spid对应不同的key)
+     *  sw_sign :   请求签名 md5(spid&mid&sw_time&key)
     * 返回说明:
     *  {"code":0,"msg":"ok"}
-     *  code : 0-成功,1001-传入的媒资参数有问题,2001-下线失败
+     *  code : 0-成功,101,1001-传入的媒资参数有问题,2001-下线失败
     */
    public function media_offline(){
        $spid = $_GET["spid"];
-        $mcode = $_GET["mid"];
-        $status = 1;
-
+        $mid = $_GET["mid"];
+        $sw_time = $_GET["sw_time"];
+        $sw_sign =$_GET["sw_sign"];
+
+        $status = 2;
+
+        $modelSP=D("Conf");
+        $whereSP["sp_id"]=$spid;
+        $whereSP["type_code"]="api_key";
+        $spConf=$modelSP->field("v")->where($whereSP)->find();
+        $key = $spConf["v"];
+
+        if ($key) {
+            $pre_sign = "$spid&$mid&$sw_time&$key";
+//            echo "pre:".$pre_sign;
+            $my_sign = md5($pre_sign);
+            $result = $this->valid($sw_time,$sw_sign,$my_sign);
+            if ($result["code"]==0) {//valid ok
                $model = D("Media");
-        $where["code"]=$mcode;
-        $where["sp_id"]=$spid;
+                $where["code"] = $mid;
+                $where["sp_id"] = $spid;
                $tmp = $model->field("id")->where($where)->find();
-        $id= $tmp["id"];
-        if($id) {
+                $id = $tmp["id"];
+                if ($id) {
+
                    //下线云端片库
-            $data["id"]=$id;
-            $data["status"]=$status;
-            $data["updatetime"]=date('Y-m-d H:i:s');
-            $r =$model->save($data);
+                    $data["id"] = $id;
+                    $data["status"] = $status;
+                    $data["updatetime"] = date('Y-m-d H:i:s');
+                    $r = $model->save($data);

                    //下线酒店片库
                    $tb = "sh_hotel_media_map_$spid";
-            $sql = "update $tb set status=$status,updatetime='".$data["updatetime"]."' where media_id=$id";
+                    $sql = "update $tb set status=$status,updatetime='" . $data["updatetime"] . "' where media_id=$id";
                    $r = M("")->execute($sql);
-            if ($r){
-                $result["code"]=0;
-                $result["msg"]="ok";
-            }else{
-                $result["code"]=2001;
-                $result["msg"]="offline failture!";
+                    if ($r) {
+                        $result["code"] = 0;
+                        $result["msg"] = "ok";
+                    } else {
+                        $result["code"] = 2001;
+                        $result["msg"] = "offline failture!";
+                    }
+                } else {
+                    $result["code"] = 1001;
+                    $result["msg"] = "media info unexpect!";
+                }
            }
        }else{
-            $result["code"]=1001;
-            $result["msg"]="media info unexpect!";
+            $result["code"]=1002;
+            $result["msg"]="sp info unexpect";
        }

        echo json_encode($result);
@@ -268,7 +302,7 @@ class CenterAction extends Action
            . ",mw.year,mw.type,mw.score,mw.region,mw.actor,mw.director"
            . ",hm.code hotelId,hm.status,hm.status_inject statusInject"
            . " FROM (SELECT hm.media_id,h.code,hm.status,hm.status_inject FROM sh_hotel_media_map_$spid hm,sh_hotel h"
-            . " WHERE hm.updatetime BETWEEN '$start' AND '$end' AND h.id=hm.hotel_id ORDER BY hm.updatetime,hm.media_id ASC LIMIT $limit_from,$page_size) hm"
+            . " WHERE hm.hotel_id=3 AND hm.updatetime BETWEEN '$start' AND '$end' AND h.id=hm.hotel_id ORDER BY hm.updatetime,hm.media_id ASC LIMIT $limit_from,$page_size) hm"
            . " JOIN sh_media_wasu mw ON mw.id=hm.media_id";

 //        echo $sql;exit;