$api->post('url','UsersController@store'); //用户注册
php artisan make:controller name; php artisan make:request name
Cache::get($request->verification_key); 获取缓存
if(!缓存){return $this->response->error('验证码已失效', 422);}
if (!hash_equals($verifyData['code'], $request->verification_code)){//返回验证码匹配失败,hash_equals可避开时序破解验证码}
User:create(['name']=>$request->name,..,...,)
Cache::forget($request->..);
模拟获取key
模拟用户注册提交
数据库检测用户
中间件api.throttle控制调用频率
$api->version('v1', [
'namespace' => 'App\Http\Controllers\Api',
], function($api) {
$api->group([
'middleware' => 'api.throttle',
'limit' => 1,
'expires' => 1,
], function($api) {
// 短信验证码
$api->post('verificationCodes', 'VerificationCodesController@store')
->name('api.verificationCodes.store');
// 用户注册
$api->post('users', 'UsersController@store')
->name('api.users.store');
});
});
测试
config配置
'rate_limits' => [
// 访问频率限制,次数/分钟
'access' => [
'expires' => env('RATE_LIMITS_EXPIRES', 1),
'limit' => env('RATE_LIMITS', 60),
],
// 登录相关,次数/分钟
'sign' => [
'expires' => env('SIGN_RATE_LIMITS_EXPIRES', 1),
'limit' => env('SIGN_RATE_LIMITS', 10),
],
],
api 配置 ‘limit’ => config(‘api.rate_limits.sign.limit’),
View Comments
谢谢大佬指导
api必须加密做限制
[aru_52]好