Z-Blog Wiki Z-Blog Wiki

Z-Blog官方文库

用户工具

站点工具

您在这里: Z-Blog & Z-BlogPHP » 应用中心 » 开发者应用验证调用 » callback » 验证服务端
appcenter:verification:callback:server

目录

验证服务端

验证系统会对验证结果加密后,通知到开发者设置的回调地址。HTTP方法为POST,Content-Type为application/zblogverify。

Body的加密方式为:RSA(base64(AES_KEY) + '.' + base64(AES_IV) + '.' + HS256(realData) + '.' + timestamp) + '.' + AES(realData)

RSA公钥和HMAC-SHA256密钥见示例代码。

明文数据格式

{
	"id": "65fbe736-aa01-4d60-946a-64da5e1bccd7", /* 本次校验的唯一ID,每一次校验返回值都不同 */
	"from": "initiative", /* 校验来源 */
	"error": {
		"number": 0, /* 错误编号 */
		"message": "OK", /* 错误信息 */
		"verified": true, /* 是否验证成功 */
		"cracking": false, /* 疑似破解 */
		"user": {
			"message": "面向用户的错误信息" 
		}
	},
	"appId": "应用ID",
	"host": "网站", 
	"user": {
		"id": "应用中心ID",
		"username": "用户账号" 
	},
        "modified": "应用最后修改日期(时间戳)",
	"license": {
		"appId": "授权文件保存的应用ID", 
		"userId": "授权文件保存的用户ID", 
		"timestamp": "授权文件生成时间戳" 
	}
}

示例代码

PHP

以下代码仅能运行于PHP 5.3+。请注意,以下代码不对重放攻击做出保证,在入库前请先确认ID是否唯一。 

<?php
function getVerifyData($data) {
	$publicKey = openssl_pkey_get_public('-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH4uiMZYWy1sOXuq4YAA
MtyrAtUcWHOXalSAmtDs1FA2H8fTBbEF+gnvg83Byp/mIvHMIaXc7RPIniwoMgDo
Xo3H0GquBEOH4YoufIqfRFGFwnBw7V1KNv9Iw4XpmBYEboD5HT4PLuoUvSP78iWK
7kMMsYsYOVi7EPn8DbPZbvxnrDXkJmkj3l8YhGWtAjbFU7XgyEKEKBTes9fcxWSW
GCdd1jV9oXcV9EQRkRr50wMvydgIWAAWvcVZ5zzK4sZelZDaGz7yEXG/Q1F1Xp3e
GcC057CQoaEzuTQILUCypiNeQpKdzGXxwyp+Q6DAYITjyFBjQ5WbQiSaZtCPV5D9
lwIDAQAB
-----END PUBLIC KEY-----');
	$rsaDecrypted = '';
	$explodeData = explode('.', $data);
	$rsaEncrypted = $explodeData[0];
	$aesEncrypted = $explodeData[1];
	openssl_public_decrypt(base64_decode($rsaEncrypted), $rsaDecrypted, $publicKey);
	$aesInfo = explode('.', $rsaDecrypted);
	$aesKey = base64_decode($aesInfo[0]);
	$aesIv = base64_decode($aesInfo[1]);
	$hash = $aesInfo[2];
	$data = openssl_decrypt(base64_decode($aesEncrypted), 'aes-256-cbc', $aesKey, OPENSSL_RAW_DATA, $aesIv);
	if (hash_hmac('sha256', $data, 'zblogverification') === $hash) {
		return json_decode($data, false);
	} else {
		throw new Exception('Hash error!');
	}
}
 
$object = getVerifyData(file_get_contents('php://input'));
 
if ($object->error->verified) {
	echo '验证通过';
}
 
var_dump($object);

测试数据

PpBHLt70jUUpA1TdP38tm68bVWxRKDA69GqR04PA6on3lcGAwz2s8Dj4qMvCuMosI67b1JNFVELfMmxt1RfKQsSS2vLtIVdblDbmZCBptNd5IYNx2qFZFQQ5Hju3bhwR9VDW8fcy63bEOpWVYxAEhQXT3ztaLZn63gJhpDemA06Emxv6VJgxfe9uLTX31FCDfg6yd+JQwAIVuh5HMFJoaLYVIZxSEoUrGXDGjt59Wryw2encyuf38qYxvYmf5w63xA+8eYYsERniT2qZGedKClWohHfXuN0B+lThS09oCf0NjbH+WDZcaAT8UlYERVpgLCL+3/VsJxArZuw93KfrlA==.5cDLuSbOnDZVNmEzHCLRtykNilD5VIQqGYai8vmaxljONFjCNDKQIFJ7n4LEZMzp8Bm9VXJx0Qen6cMpPOwVh/iOWJvs9RudeWplBrHk9g46Oy0kcYtnW1i5Egf19uhSk+ku2a0G/E9PSLc+AhwzsKL5NHHodE8tXAA1EzDrq1y49FPBfv6ZVLD4McWATVEYs4A7UBhnfdOiQmkvZxCldWQ78KKUZJcp/K+slhQQAuBW/bcaRpV2b2QbuHa5OCg+UX3rkDPpzDcg761Tn1jJviREkppIKTZHKtlYpYU6ZDDyXxxexqw+dVJQHL71vD9rPeB16dLIaDttbTG+vz6cF7ANM502rRUaazRIY+0Y0Ctwnq9PgHBnZ9AMrw54gulI72E3gwkaLrXXbeEnl7WxSN3D0U8V9NYjjTC7QCmSVfepO4Syl4IMBd5JT/mouIrjrM94qkOwXpAGM91K6Vs3iYZKYVdFSStJySN0sZs81eJe8k+syLY1HeMZQI5HcE+XhgAV07/pf3TDdIXrQNQnkcIDbGg8cWRwZ24aLb68TAm+2ZLL29W87doqe5xkBC3rL0jWt8jtlEx4rZAgzyltOg==

服务端插件

你可以直接使用如上代码自行搭建服务端系统,也可以直接使用插件,并在应用中心后台填写回调地址即可:https://bbs.zblogcn.com/thread-94905-1-1.html

appcenter/verification/callback/server.txt · 最后更改: 2018/04/22 21:39 由 捷闪站长网

页面工具

除额外注明的地方外,本维基上的内容按下列许可协议发布: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki