后台PHP代码
/**
* 一键登陆
*/
public function phoneLogin()
{
$access_token = $_POST['access_token'];
$openid = $_POST['openid'];
if (!$access_token && !$openid)
{
$this->weberror(self::THIS_ACTION_ERROR,'参数错误');
}
$secret = '';
$params = array(
'access_token' => $access_token,
'openid' =>$openid
);
$stringSignTemp = '';
foreach ($params as $k => $v){
$stringSignTemp .= $k . '=' . $v . '&';
}
$stringSignTemp = rtrim($stringSignTemp, '&');
$sign = hash_hmac('sha256', $stringSignTemp, $secret);
$url = "https://tcb-kz54q4wey3ivqxv8bbcb6-c4fd02.service.tcloudbase.com/getPhoneNumber?sign=".$sign."&".$stringSignTemp;
$response = json_decode(file_get_contents($url),true);
if ($response)
{
$mobile = $response['phoneNumber'];
$user = M('user')->where(array('mobile'=>$mobile))->find();
if (!$user){
$data['session_id'] = session_id();
$data['login_time'] = time();
$data['reg_time'] = time();
$data['mobile'] = $mobile;
$data['username'] = $mobile;
$data['password'] = "";
$data['login_ip'] = get_client_ip();
$data['token'] = $this->createtoken();
$newid = M('user')->add($data);
if ($newid) {
$this->get_reward_goldcoin($newid,'reg_reward');//注册奖励
$_user = M('user')->where(array('mobile'=>$mobile))->find();
$this->memberlogin($_user['mobile'],$_user['password'],get_client_ip());
}
}elseif ($user){
$this->memberlogin($user['mobile'],$user['password'],get_client_ip());
}else{
session("ses_uid",NULL);
session("ses_mobile",NULL);
$this->weberror(self::THIS_ACTION_ERROR,'登陆失败');
}
}else{
$this->weberror(self::THIS_ACTION_ERROR,'获取信息失败');
}
}
云函数
// 云函数验证签名,此示例中以接受GET请求为例作演示
const crypto = require('crypto')
module.exports = async(event){
const secret = 'your-secret-string' // 自己的密钥不要直接使用示例值,且注意不要泄露
const hmac = crypto.createHmac('sha256', secret);
let params = event.queryStringParameters
const sign = params.sign
delete params.sign
const signStr = Object.keys(params).sort().map(key => {
return `${
key}=${
params[key]}`
}).join('&')
hmac.update(signStr);
if(sign!==hmac.digest('hex')){
throw new Error('非法访问')
}
const {
access_token,
openid
} = params
const res = await uniCloud.getPhoneNumber({
provider: 'univerify',
appid: 'xxx', // DCloud appid,不同于callFunction方式调用,使用云函数Url化需要传递DCloud appid参数
apiKey: 'xxx', // 在开发者中心开通服务并获取apiKey
apiSecret: 'xxx', // 在开发者中心开通服务并获取apiSecret
access_token: access_token,
openid: openid
})
// 返回手机号给自己服务器
return res
}
获取的结果:
“{“code”:0,“success”:true,“phoneNumber”:“x******”}”