update middleware

app/Http/Middleware/Authenticate.php

@@ -43,7 +43,7 @@ class Authenticate
             return response()->json($error)->setStatusCode(401);
         }
         $user = $this->auth->user();
-        if (!verifySign($request->get('sign'), $request->all(), md5($user['id']))) {
+        if (!verifySign($request->get('sign'), $request->all(), config('customer.app_secret'))) {
             $error = [
                 'message' => '数据验签失败',
                 'code' => 401,

app/Http/Middleware/JwtAuthMiddleware.php

@@ -22,14 +22,6 @@ class JwtAuthMiddleware
 
         try {
             $user = JWTAuth::parseToken()->authenticate();
-            if (!verifySign($request->get('sign'), $request->all(), md5($user['id']))) {
-                $error = [
-                    'message' => '数据验签失败',
-                    'code' => 401,
-                ];
-                return response()->json($error)->setStatusCode(401);
-            }
-
         } catch (TokenExpiredException $e) {
             $error = [
                 'message' => 'Token is Expired',

app/Http/Middleware/SignAuthMiddleware.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+
+class SignAuthMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @param  \Closure $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+
+        try {
+            if (!verifySign($request->get('sign'), $request->all(), config('customer.app_secret'))) {
+                $error = [
+                    'message' => '数据验签失败',
+                    'code' => 401,
+                ];
+                return response()->json($error)->setStatusCode(401);
+            }
+
+        } catch (\Exception $e) {
+            $error = [
+                'message' => $e->getMessage(),
+                'code' => 401,
+            ];
+            return response()->json($error)->setStatusCode(401);
+        }
+        return $next($request);
+    }
+}

bootstrap/app.php

@@ -28,6 +28,7 @@ $app->withEloquent();
 $app->configure('api');
 $app->configure('auth');
 $app->configure('jwt');
+$app->configure('customer');
 /*
 |--------------------------------------------------------------------------
 | Register Container Bindings
@@ -62,7 +63,8 @@ $app->singleton(
 
 $app->routeMiddleware([
     'auth' => App\Http\Middleware\Authenticate::class,
-    'jwt.chxq_auth' => App\Http\Middleware\JwtAuthMiddleware::class,
+    'chxq_jwt_auth' => App\Http\Middleware\JwtAuthMiddleware::class,
+    'chxq_sign' => App\Http\Middleware\SignAuthMiddleware::class,
 ]);
 
 /*

config/customer.php

@@ -0,0 +1,5 @@
+<?php
+//此文件为apollo配置文件模板，禁止修改移动
+return [
+    'app_secret' => 'aaaaaaaaaaa'
+];

routes/api.php

@@ -21,8 +21,12 @@ $api->version('v1', [
     $api->get('/pickupNode/index','ConfigPickupNodeController@index');
     //获取某自提点
     $api->post('/pickupNode/getPickupNode','ConfigPickupNodeController@getPickupNode');
+    //登录+验签
+    $api->group(['middleware' => ['chxq_jwt_auth','chxq_sign']], function ($api) {
 
-    $api->group(['middleware' => 'jwt.chxq_auth'], function ($api) {
+    });
+    //仅验签
+    $api->group(['middleware' => 'chxq_sign'], function ($api) {
 
     });
 });