如何解决如何使用 oauth1.0 处理 POST 请求? Oauth1.0 POST 方法不起作用
我在 oauth1.0 中使用 PHP 发出 POST 请求很麻烦。它完美地运行 GET 请求。你能帮我哪里做错了吗?
<?PHP
namespace App\Helpers;
use App\Models\ZoeyAccount;
use Illuminate\Support\Facades\Crypt;
class ZoeyAPI
{
private $consumerKey;
private $consumerSecret;
private $oauth_token;
private $oauth_token_secret;
private $signatureMethod = 'HMAC-SHA1';
private $oauthVersion = '1.0';
private $http_status = "";
private $domain;
public function __construct(ZoeyAccount $zoey)
{
$this->consumerKey = Crypt::decryptString($zoey->zoey_consumer_key); //"50cb87587445ac1b97452789fd4e4193";
$this->consumerSecret = Crypt::decryptString($zoey->zoey_consumer_secret); //"080d95d6ec75753616254c524eb774a0";
$this->oauth_token = Crypt::decryptString($zoey->zoey_token); //"99a0aca606607e2c09adf88cb66303ad";
$this->oauth_token_secret = Crypt::decryptString($zoey->zoey_token_secret); //"18e2318c30e531f737c187ca3c43b6cd";
$this->domain = $zoey->zoey_domain;
}
public function ZoeyAPICall($method,$endpoint,$arguments,$post_data=[])
{
$url = $this->domain . "/api/rest/" . $endpoint;
if (!empty($arguments)) {
$query = http_build_query($arguments);
$baseUrl = $url . "?" . $query;
} else {
$baseUrl = $url;
}
$nonse = $this->getToken(42);
$timestamp = time();
$oauth_params = [
"oauth_consumer_key" => $this->consumerKey,"oauth_nonce" => $nonse,"oauth_signature_method" => $this->signatureMethod,"oauth_timestamp" => $timestamp,"oauth_token" => $this->oauth_token,"oauth_version" => $this->oauthVersion
];
$head= $oauth_params;
ksort($head);
if(!empty($arguments)){
$params = array_merge($oauth_params,$arguments);
}else{
$params = $oauth_params;
}
if (!empty($post_data)) {
$params=array_merge($params,$post_data);
}
ksort($params);
$params['oauth_signature'] = $this->createSignature($method,$url,$params,$this->oauth_token_secret);
$oauthHeader = $this->generateOauthHeader($head);
$response = $this->curlHttp($method,$baseUrl,$oauthHeader,$post_data);
return $response;
}
public function curlHttp($httpRequestMethod,$post_data = [])
{
$ch = curl_init();
$headers = array(
"Authorization: OAuth " . $oauthHeader,"Content-type: application/x-www-form-urlencoded"
);
$options = [
CURLOPT_HTTPHEADER => $headers,CURLOPT_HEADER => false,CURLOPT_URL => $url,CURLOPT_ENCODING => '',CURLOPT_MAXREDirs => 10,CURLOPT_TIMEOUT => 0,CURLOPT_FOLLOWLOCATION => true,CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,CURLOPT_RETURNTRANSFER => true,CURLOPT_SSL_VERIFYPEER => false,CURLOPT_DNS_USE_GLOBAL_CACHE => false,CURLOPT_DNS_CACHE_TIMEOUT => 2,CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,];
if (strtolower($httpRequestMethod) == 'post' || strtolower($httpRequestMethod) == 'put') {
$options[CURLOPT_CUSTomrEQUEST] = $httpRequestMethod;
}
if (!empty($post_data)) {
$options[CURLOPT_POSTFIELDS] = json_encode($post_data);
}
curl_setopt_array($ch,$options);
if (!$response = curl_exec($ch)) {
$response = curl_error($ch);
}
$this->http_status = curl_getinfo($ch,CURLINFO_HTTP_CODE);
curl_close($ch);
return $response;
}
public function generateOauthHeader($params)
{
foreach ($params as $k => $v) {
$oauthParamArray[] = $k . '="' . rawurlencode($v) . '"';
}
$oauthHeader = implode(',',$oauthParamArray);
return $oauthHeader;
}
public function createSignature($httpRequestMethod,$tokenSecret = "",$extraParams=[])
{
$strParams = rawurlencode(http_build_query($params));
$baseString = $httpRequestMethod . "&" . rawurlencode($url) . "&" . $strParams;
$signKey = $this->generateSignatureKey($tokenSecret);
$oauthSignature = base64_encode(hash_hmac('sha1',$baseString,$signKey,true));
return $oauthSignature;
}
public function generateSignatureKey($tokenSecret)
{
$signKey = rawurlencode($this->consumerSecret) . "&";
if (!empty($tokenSecret)) {
$signKey = $signKey . rawurlencode($tokenSecret);
}
return $signKey;
}
public function getToken($length)
{
$token = "";
$codeAlphabet = "ABCDEFGHIJKLMnopQRSTUVWXYZ";
$codeAlphabet .= "abcdefghijklmnopqrstuvwxyz";
$codeAlphabet .= "0123456789";
$max = strlen($codeAlphabet) - 1;
for ($i = 0; $i < $length; $i++) {
$token .= $codeAlphabet[$this->cryptoRandSecure(0,$max)];
}
return $token;
}
public function cryptoRandSecure($min,$max)
{
$range = $max - $min;
if ($range < 1) {
return $min; // not so random...
}
$log = ceil(log($range,2));
$bytes = (int) ($log / 8) + 1; // length in bytes
$bits = (int) $log + 1; // length in bits
$filter = (int) (1 << $bits) - 1; // set all lower bits to 1
do {
$rnd = hexdec(bin2hex(openssl_random_pseudo_bytes($bytes)));
$rnd = $rnd & $filter; // discard irrelevant bits
} while ($rnd >= $range);
return $min + $rnd;
}
}
这是我面临“无效签名”问题的代码。
/* Post shipping Order */
public function PostShippingData($OrgID,$PostData)
{
try {
$post_data = $PostData;
$res = $this->postJson($OrgID,"POST","sales2/orders/shipment",[],$post_data);
return $res;
} catch (Exception $e) {
\Log::error($e->getMessage());
}
}
// POST in JSON format
public function postJson($OrgID,$method,$arguments = [],$post_data = [])
{
// POST it,return the API's response
return json_decode($this->ZoeyAPICall($OrgID,$post_data));
}
public function jsonValidator($json)
{
if (!empty($json)) {
@json_decode($json);
return (json_last_error() === JSON_ERROR_NONE);
}
return false;
}
通过传递帖子数据调用 "PostShippingData"
方法。
$shippingData=["orderIncrementId"=> "120000065","itemsQty"=>[
"311"=> "2"
],"comment"=> "Created By API","email"=> "1","includeComment"=> "1"];
$response=$this->zoey->PostShippingData($OrgID,$shippingData);
dd( $response);
这里我总是在 dd( $response);
中收到“无效签名”
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。