CN113010238A

CN113010238A - Permission determination method, device and system for micro application call interface

Info

Publication number: CN113010238A
Application number: CN202110310755.1A
Authority: CN
Inventors: 袁潇锋; 关宇坤; 李冲
Original assignee: China Construction Bank Corp
Current assignee: China Construction Bank Corp
Priority date: 2021-03-23
Filing date: 2021-03-23
Publication date: 2021-06-22

Abstract

The invention discloses a method, device and system for determining the authority of a micro-application calling interface, and relates to the technical field of mobile interconnection. A specific implementation of the method includes: obtaining a first timestamp corresponding to the client authority data table, and obtaining a second timestamp corresponding to the server authority data table from a server; judging according to the first timestamp and the second timestamp Whether to update the client permission data table; if so, send a permission update request to the server to obtain the server permission data table, and determine the permission result corresponding to the micro-application calling interface according to the server permission data table, according to the server permission data table to update the client permissions data table. This embodiment improves the security of the called interface, reduces the cost of determining the authority and the maintenance cost of the calling interface, improves the fault tolerance rate of the processing method, improves the scalability of the calling interface, simplifies the process of determining the authority, and improves the user experience. experience.

Description

Permission determination method, device and system for micro-application calling interface

技术领域technical field

本发明涉及移动互联技术领域，尤其涉及一种微应用调用接口的权限确定方法、装置和系统。The invention relates to the technical field of mobile interconnection, and in particular, to a method, device and system for determining the authority of a micro-application calling interface.

背景技术Background technique

微服务架构下，每个微应用都需要对访问进行鉴权，每个微应用都需要明确当前访问用户以及其权限。在微服务架构下，要考虑外部应用接入的场景、用户-服务的鉴权、服务-服务的鉴权等多种鉴权场景。Under the microservice architecture, each microapplication needs to authenticate access, and each microapplication needs to identify the current access user and its permissions. Under the microservice architecture, various authentication scenarios such as external application access scenarios, user-service authentication, and service-service authentication should be considered.

现有方法中微应用调用接口的权限确定方法主要有：一，所有微应用都有调用全部API的权限，具体的调用由开发者根据需求去控制；二，把所有的微应用分为两部分：内部微应用和外部微应用。内部微应用可以调用所有的API，外部微应用只能调用部分API，进而根据微应用属性去区分内部微应用和外部微应用；三，构造“用户-角色-权限”的授权模型，利用该模型将用户通过角色与权限进行关联，以针对角色的批量用户权限设置。In the existing methods, the methods for determining the authority of the micro-application calling interface mainly include: 1. All micro-applications have the authority to call all APIs, and the specific calls are controlled by developers according to their needs; 2. All micro-applications are divided into two parts : Internal Microapps and External Microapps. Internal micro-applications can call all APIs, while external micro-applications can only call some APIs, and then differentiate internal micro-applications and external micro-applications according to the micro-application attributes; third, construct an authorization model of "user-role-permission", and use this model Associate users with permissions through roles to set bulk user permissions for roles.

现有技术中至少存在如下问题：There are at least the following problems in the prior art:

现有的微应用调用接口的权限确定方法中调用接口的安全性较低，权限确定成本较高，处理方法的容错率较低，调用接口的维护成本高，调用接口的可拓展性差，权限确定流程复杂，用户体验差。In the existing authorization determination method of the calling interface of the micro-application, the security of the calling interface is low, the cost of authorization determination is high, the fault tolerance rate of the processing method is low, the maintenance cost of the calling interface is high, the scalability of the calling interface is poor, and the authorization determination The process is complicated and the user experience is poor.

发明内容SUMMARY OF THE INVENTION

有鉴于此，本发明实施例提供一种微应用调用接口的权限确定方法、装置和系统，能够提高所调用接口的安全性，降低权限确定成本和调用接口的维护成本，提高处理方法的容错率，提升调用接口的可拓展性，简化权限确定流程，提升用户体验。In view of this, the embodiments of the present invention provide a method, device and system for determining the authority of a micro-application calling interface, which can improve the security of the called interface, reduce the cost of authority determination and the maintenance cost of the calling interface, and improve the fault tolerance rate of the processing method. , to improve the scalability of the calling interface, simplify the authorization determination process, and improve the user experience.

为实现上述目的，根据本发明实施例的第一方面，提供了一种微应用调用接口的权限确定方法，应用于客户端，包括：In order to achieve the above object, according to the first aspect of the embodiments of the present invention, a method for determining permissions of a micro-application calling interface is provided, which is applied to a client and includes:

获取客户端权限数据表对应的第一时间戳，并从服务端获取服务端权限数据表对应的第二时间戳；Obtain the first timestamp corresponding to the client permission data table, and obtain the second timestamp corresponding to the server permission data table from the server;

根据第一时间戳和第二时间戳判断是否对客户端权限数据表进行更新；其中，第二时间戳是管理系统对服务端权限数据表进行操作时对应的时间戳；Judging whether to update the client authority data table according to the first timestamp and the second timestamp; wherein, the second timestamp is the timestamp corresponding to when the management system operates the server authority data table;

若是，向服务端发送权限更新请求，以获取服务端权限数据表，根据服务端权限数据表确定微应用调用接口所对应的权限结果，根据服务端权限数据表对客户端权限数据表进行更新。If so, send a permission update request to the server to obtain the server permission data table, determine the permission result corresponding to the micro-application calling interface according to the server permission data table, and update the client permission data table according to the server permission data table.

进一步地，在根据服务端权限数据表对客户端权限数据表进行更新的步骤之后，方法还包括：Further, after the step of updating the client authority data table according to the server authority data table, the method further includes:

获取更新客户端权限数据表时对应的更新时间戳；Obtain the corresponding update timestamp when updating the client permission data table;

以更新时间戳替换第一时间戳。Replace the first timestamp with the update timestamp.

进一步地，在获取客户端权限数据表对应的第一时间戳的步骤之前，方法还包括：Further, before the step of acquiring the first timestamp corresponding to the client authority data table, the method further includes:

将调用接口信息发送至管理系统，以使得：管理系统根据第一业务需求和调用接口信息设置接口调用权限，并将接口调用权限发送至服务端；服务端根据接口调用权限确定服务端权限数据表，并记录当前时间戳为第二时间戳。Send the calling interface information to the management system, so that: the management system sets the interface calling authority according to the first business requirement and the calling interface information, and sends the interface calling authority to the server; the server determines the server authority data table according to the interface calling authority , and record the current timestamp as the second timestamp.

根据本发明实施例的第二方面，提供了一种微应用调用接口的权限确定方法，应用于服务端，包括：According to a second aspect of the embodiments of the present invention, a method for determining permissions for a micro-application calling interface is provided, applied to a server, including:

响应于客户端发送的第二时间戳获取请求，将服务端权限数据表对应的第二时间戳发送至客户端；In response to the second timestamp acquisition request sent by the client, the second timestamp corresponding to the server permission data table is sent to the client;

接收微应用基于客户端发送的权限更新请求，其中，权限更新请求是客户端根据第二时间戳和客户端权限数据表对应的第一时间戳，确定需要对客户端权限数据表进行更新后生成的；Receive a permission update request sent by the micro-application based on the client, wherein the permission update request is generated after the client determines that the client permission data table needs to be updated according to the second timestamp and the first timestamp corresponding to the client permission data table of;

将服务端权限数据表发送至客户端，以使得微应用根据服务端权限数据表确定微应用调用接口所对应的权限结果，并对客户端权限数据表进行更新；其中，服务端权限数据表根据管理系统发送的接口调用权限确定的。Send the server-side permission data table to the client, so that the micro-application determines the permission result corresponding to the micro-application calling interface according to the server-side permission data table, and updates the client-side permission data table; wherein, the server-side permission data table is based on The interface calling authority sent by the management system is determined.

进一步地，根据管理系统发送的接口调用权限确定服务端权限数据表的步骤，还包括：Further, the step of determining the server authority data table according to the interface calling authority sent by the management system also includes:

接收管理系统发送的接口调用权限；其中，接口调用权限是管理系统根据第一业务需求和微应用发送的调用接口信息设置的；Receive the interface invocation authority sent by the management system; wherein, the interface invocation authority is set by the management system according to the first business requirement and the invocation interface information sent by the micro-application;

根据接口调用权限确定服务端权限数据表，并记录当前时间戳为第二时间戳。Determine the server permission data table according to the interface calling permission, and record the current timestamp as the second timestamp.

根据本发明实施例的第三方面，提供了一种微应用调用接口的权限确定方法，应用于管理系统，包括：According to a third aspect of the embodiments of the present invention, there is provided a method for determining the authority of a micro-application calling interface, which is applied to a management system, including:

接收至少一个微应用发送的调用接口信息；Receive call interface information sent by at least one micro-application;

根据第一业务需求和至少一个微应用发送的调用接口信息设置接口调用权限；Setting the interface invocation authority according to the first business requirement and invocation interface information sent by at least one micro-application;

将接口调用权限发送至服务端，以使得：服务端接收到微应用基于客户端发送的权限更新请求后，向微应用发送服务端权限数据表，微应用根据服务端权限数据表确定微应用调用接口所对应的权限结果；其中，服务端权限数据表是服务端根据接口调用权限进行确定的。Send the interface call permission to the server, so that: after the server receives the permission update request sent by the micro-application based on the client, it sends the server-side permission data table to the micro-application, and the micro-application determines the micro-application call according to the server-side permission data table The permission result corresponding to the interface; wherein, the server permission data table is determined by the server according to the interface calling permission.

进一步地，调用接口信息包括接口编号、接口功能特征和微应用编号；根据第一业务需求和至少一个微应用发送的调用接口信息设置接口调用权限，还包括：Further, the invocation interface information includes an interface number, interface functional characteristics and a micro-application number; the interface invocation authority is set according to the first business requirement and the invocation interface information sent by at least one micro-application, and further includes:

根据接口编号和接口功能特征对调用接口进行分组；Group the calling interfaces according to the interface number and interface functional characteristics;

根据分组结果和业务需求批量设置微应用编号对应的接口调用权限。Set the API call permissions corresponding to the micro-app IDs in batches according to the grouping results and business requirements.

进一步地，调用接口信息还包括微应用属性；在将接口调用权限发送至服务端的步骤之前，方法还包括：Further, the calling interface information also includes micro-application attributes; before the step of sending the interface calling authority to the server, the method further includes:

根据微应用属性确定微应用类型，根据微应用类型确定微应用编号对应的接口调用权限。The micro-application type is determined according to the micro-application attribute, and the interface calling authority corresponding to the micro-application number is determined according to the micro-application type.

进一步地，根据第一业务需求和至少一个微应用发送的调用接口信息设置接口调用权限，还包括：Further, setting the interface invocation authority according to the first service requirement and invocation interface information sent by at least one micro-application, further includes:

根据业务需求和调用接口信息中的接口编号判断所调用的接口是否为目标接口；Determine whether the called interface is the target interface according to the business requirements and the interface number in the calling interface information;

若是，根据第一业务需求和接口编号对应的接口功能特征，对目标接口的不同接口功能分别设置接口调用权限。If so, according to the first service requirement and the interface function feature corresponding to the interface number, the interface calling authority is respectively set for different interface functions of the target interface.

进一步地，还包括：Further, it also includes:

接收第二业务需求，根据第二业务需求对调用接口以及调用接口对应的接口调用权限进行更新。The second business requirement is received, and the calling interface and the interface calling authority corresponding to the calling interface are updated according to the second business requirement.

根据本发明实施例的第四方面，提供了一种微应用调用接口的权限确定装置，设置于客户端，包括：According to a fourth aspect of the embodiments of the present invention, a device for determining permissions for a micro-application calling interface is provided, which is set on a client and includes:

时间戳获取模块，用于获取客户端权限数据表对应的第一时间戳，并从服务端获取服务端权限数据表对应的第二时间戳；a timestamp obtaining module, configured to obtain the first timestamp corresponding to the client permission data table, and obtain the second timestamp corresponding to the server permission data table from the server;

判断模块，用于根据第一时间戳和第二时间戳判断是否对客户端权限数据表进行更新；其中，第二时间戳是管理系统对服务端权限数据表进行操作时对应的时间戳；The judgment module is used to judge whether to update the client authority data table according to the first time stamp and the second time stamp; wherein, the second time stamp is the corresponding time stamp when the management system operates the server authority data table;

权限确定模块，在需要对客户端权限数据表进行更新的情况下，用于向服务端发送权限更新请求，以获取服务端权限数据表，根据服务端权限数据表确定微应用调用接口所对应的权限结果，根据服务端权限数据表对客户端权限数据表进行更新。The permission determination module is used to send a permission update request to the server when the client permission data table needs to be updated to obtain the server permission data table, and determine the corresponding micro application calling interface according to the server permission data table. According to the permission result, the client permission data table is updated according to the server permission data table.

根据本发明实施例的第五方面，提供了一种微应用调用接口的权限确定装置，设置于服务端，包括：According to a fifth aspect of the embodiments of the present invention, a device for determining permissions for a micro-application calling interface is provided, which is set on a server and includes:

第一发送模块，用于响应于客户端发送的第二时间戳获取请求，将服务端权限数据表对应的第二时间戳发送至客户端；a first sending module, configured to send the second timestamp corresponding to the server permission data table to the client in response to the second timestamp acquisition request sent by the client;

请求接收模块，用于接收微应用基于客户端发送的权限更新请求，其中，权限更新请求是客户端根据第二时间戳和客户端权限数据表对应的第一时间戳，确定需要对客户端权限数据表进行更新后生成的；The request receiving module is configured to receive a permission update request sent by the micro-application based on the client, wherein the permission update request is that the client determines that the client needs the permission according to the second timestamp and the first timestamp corresponding to the client permission data table Generated after the data table is updated;

第二发送模块，用于将服务端权限数据表发送至客户端，以使得微应用根据服务端权限数据表确定微应用调用接口所对应的权限结果，并对客户端权限数据表进行更新；其中，服务端权限数据表根据管理系统发送的接口调用权限确定的。The second sending module is configured to send the server-side permission data table to the client, so that the micro-application determines the permission result corresponding to the micro-application calling interface according to the server-side permission data table, and updates the client-side permission data table; wherein , the server permission data table is determined according to the interface calling permission sent by the management system.

根据本发明实施例的第六方面，提供了一种微应用调用接口的权限确定装置，设置于管理系统，包括：According to a sixth aspect of the embodiments of the present invention, a device for determining permissions for a micro-application calling interface is provided, which is set in a management system and includes:

调用接口信息接收模块，用于接收至少一个微应用发送的调用接口信息；a call interface information receiving module, configured to receive call interface information sent by at least one micro-application;

权限设置模块，用于根据第一业务需求和至少一个微应用发送的调用接口信息设置接口调用权限；a permission setting module, configured to set the interface calling permission according to the first business requirement and the calling interface information sent by the at least one micro-application;

权限发送模块，用于将接口调用权限发送至服务端，以使得：服务端接收到微应用基于客户端发送的权限更新请求后，向微应用发送服务端权限数据表，微应用根据服务端权限数据表确定微应用调用接口所对应的权限结果；其中，服务端权限数据表是服务端根据接口调用权限进行确定的。The permission sending module is used to send the interface calling permission to the server, so that: after the server receives the permission update request sent by the micro application based on the client, it sends the server permission data table to the micro application, and the micro application according to the server permission The data table determines the permission result corresponding to the calling interface of the micro-application; wherein, the server permission data table is determined by the server according to the interface calling permission.

根据本发明实施例的第七方面，提供了一种微应用调用接口的权限确定系统，包括客户端、服务端和管理系统；其中，According to a seventh aspect of the embodiments of the present invention, a system for determining permissions for a micro-application calling interface is provided, including a client, a server, and a management system; wherein,

客户端，用于获取客户端权限数据表对应的第一时间戳，并从服务端获取服务端权限数据表对应的第二时间戳；根据第一时间戳和第二时间戳判断是否对客户端权限数据表进行更新；其中，第二时间戳是管理系统对服务端权限数据表进行操作时对应的时间戳；若是，向服务端发送权限更新请求，以获取服务端权限数据表，根据服务端权限数据表确定微应用调用接口所对应的权限结果，根据服务端权限数据表对客户端权限数据表进行更新；The client is used to obtain the first timestamp corresponding to the client permission data table, and obtain the second timestamp corresponding to the server permission data table from the server; according to the first timestamp and the second timestamp, determine whether the client The permission data table is updated; wherein, the second timestamp is the timestamp corresponding to when the management system operates the server permission data table; if so, send a permission update request to the server to obtain the server permission data table, according to the server The permission data table determines the permission result corresponding to the calling interface of the micro-application, and updates the client permission data table according to the server permission data table;

服务端，用于响应于客户端发送的第二时间戳获取请求，将服务端权限数据表对应的第二时间戳发送至客户端；接收微应用基于客户端发送的权限更新请求；将服务端权限数据表发送至客户端；The server is used to send the second timestamp corresponding to the permission data table of the server to the client in response to the second timestamp acquisition request sent by the client; receive the permission update request sent by the micro-application based on the client; The permission data table is sent to the client;

管理系统，用于接收至少一个微应用发送的调用接口信息；根据第一业务需求和至少一个微应用发送的调用接口信息设置接口调用权限；将接口调用权限发送至服务端。The management system is configured to receive invocation interface information sent by at least one micro-application; set the interface invocation authority according to the first service requirement and the invocation interface information sent by the at least one micro-application; and send the interface invocation authority to the server.

根据本发明实施例的第八方面，提供了一种电子设备，包括：According to an eighth aspect of the embodiments of the present invention, an electronic device is provided, including:

一个或多个处理器；one or more processors;

存储装置，用于存储一个或多个程序，storage means for storing one or more programs,

当一个或多个程序被一个或多个处理器执行，使得一个或多个处理器实现如上述任一种微应用调用接口的权限确定方法。When one or more programs are executed by one or more processors, the one or more processors implement any one of the above-mentioned methods for determining permission of a micro-application calling interface.

根据本发明实施例的第九方面，提供了一种计算机可读介质，其上存储有计算机程序，该程序被处理器执行时实现如上述任一种微应用调用接口的权限确定方法。According to a ninth aspect of the embodiments of the present invention, there is provided a computer-readable medium on which a computer program is stored, and when the program is executed by a processor, implements any of the above methods for determining permission of a micro-application calling interface.

上述发明中的一个实施例具有如下优点或有益效果：因为采用获取客户端权限数据表对应的第一时间戳，并从服务端获取服务端权限数据表对应的第二时间戳；根据第一时间戳和第二时间戳判断是否对客户端权限数据表进行更新；其中，第二时间戳是管理系统对服务端权限数据表进行操作时对应的时间戳；若是，向服务端发送权限更新请求，以获取服务端权限数据表，根据服务端权限数据表确定微应用调用接口所对应的权限结果，根据服务端权限数据表对客户端权限数据表进行更新的技术手段，所以克服了现有的微应用调用接口的权限确定方法中存在调用接口的安全性较低，权限确定成本较高，处理方法的容错率较低，调用接口的维护成本高，调用接口的可拓展性差，权限确定流程复杂，用户体验差的技术问题，进而达到提高所调用接口的安全性，降低权限确定成本和调用接口的维护成本，提高处理方法的容错率，提升调用接口的可拓展性，简化权限确定流程，提升用户体验的技术效果。An embodiment of the above invention has the following advantages or beneficial effects: because the first time stamp corresponding to the client authority data table is obtained, and the second time stamp corresponding to the server authority data table is obtained from the server; The stamp and the second timestamp determine whether to update the client authority data table; wherein, the second timestamp is the timestamp corresponding to when the management system operates the server authority data table; if so, send a permission update request to the server, In order to obtain the server-side permission data table, determine the permission result corresponding to the micro-application calling interface according to the server-side permission data table, and update the client-side permission data table according to the technical means of the server-side permission data table, so it overcomes the existing micro-application In the authorization determination method of the application calling interface, the security of the calling interface is low, the cost of authorization determination is high, the fault tolerance rate of the processing method is low, the maintenance cost of the calling interface is high, the scalability of the calling interface is poor, and the authorization determination process is complicated. The technical problem of poor user experience, thereby improving the security of the called interface, reducing the cost of authorization determination and the maintenance cost of the calling interface, improving the fault tolerance rate of the processing method, improving the scalability of the calling interface, simplifying the authorization determination process, and improving the user Experience the technical effects.

上述的非惯用的可选方式所具有的进一步效果将在下文中结合具体实施方式加以说明。Further effects of the above non-conventional alternatives will be described below in conjunction with specific embodiments.

附图说明Description of drawings

附图用于更好地理解本发明，不构成对本发明的不当限定。其中：The accompanying drawings are used for better understanding of the present invention and do not constitute an improper limitation of the present invention. in:

图1是根据本发明第一实施例提供的微应用调用接口的权限确定方法的主要流程的示意图；1 is a schematic diagram of the main flow of a method for determining permissions for a micro-application calling interface provided according to a first embodiment of the present invention;

图2是根据本发明第二实施例提供的微应用调用接口的权限确定方法的主要流程的示意图；2 is a schematic diagram of the main flow of a method for determining permissions for a micro-application calling interface provided according to a second embodiment of the present invention;

图3是根据本发明第三实施例提供的微应用调用接口的权限确定方法的主要流程的示意图；3 is a schematic diagram of the main flow of a method for determining the authority of a micro-application calling interface provided according to a third embodiment of the present invention;

图4是根据本发明第四实施例提供的微应用调用接口的权限确定装置的主要模块的示意图；4 is a schematic diagram of main modules of an apparatus for determining authority of a micro-application calling interface provided according to a fourth embodiment of the present invention;

图5是根据本发明第五实施例提供的微应用调用接口的权限确定装置的主要模块的示意图；5 is a schematic diagram of main modules of an apparatus for determining authority of a micro-application calling interface provided according to a fifth embodiment of the present invention;

图6是根据本发明第六实施例提供的微应用调用接口的权限确定装置的主要模块的示意图；6 is a schematic diagram of main modules of an apparatus for determining authority of a micro-application calling interface provided according to a sixth embodiment of the present invention;

图7是根据本发明第七实施例提供的微应用调用接口的权限确定系统的主要框架的交互示意图；7 is an interactive schematic diagram of a main framework of a system for determining permissions for a micro-application calling interface provided according to a seventh embodiment of the present invention;

图8是本发明实施例可以应用于其中的示例性系统架构图；FIG. 8 is an exemplary system architecture diagram to which an embodiment of the present invention may be applied;

图9是适于用来实现本发明实施例的终端设备或服务器的计算机系统的结构示意图。FIG. 9 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.

具体实施方式Detailed ways

以下结合附图对本发明的示范性实施例做出说明，其中包括本发明实施例的各种细节以助于理解，应当将它们认为仅仅是示范性的。因此，本领域普通技术人员应当认识到，可以对这里描述的实施例做出各种改变和修改，而不会背离本发明的范围和精神。同样，为了清楚和简明，以下的描述中省略了对公知功能和结构的描述。Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, which include various details of the embodiments of the present invention to facilitate understanding and should be considered as exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted from the following description for clarity and conciseness.

图1是根据本发明第一实施例提供的微应用调用接口的权限确定方法的主要流程的示意图；如图1所示，本发明实施例提供的微应用调用接口的权限确定方法主要应用于客户端，包括：FIG. 1 is a schematic diagram of the main process of the method for determining the authority of the micro-application calling interface provided according to the first embodiment of the present invention; as shown in FIG. 1 , the method for determining the authority of the micro-application calling interface provided by the embodiment of the present invention is mainly applied to customers end, including:

步骤S101，获取客户端权限数据表对应的第一时间戳，并从服务端获取服务端权限数据表对应的第二时间戳；其中，第二时间戳是管理系统对服务端权限数据表进行操作时对应的时间戳。Step S101, obtaining a first timestamp corresponding to the client authority data table, and obtaining a second timestamp corresponding to the server authority data table from the server; wherein, the second timestamp is that the management system operates on the server authority data table corresponding timestamp.

具体地，根据本发明实施例，上述客户端权限数据表对应的第一时间戳是客户端操作该数据表时对应的时间戳，包括客户端操作包括存储操作和更新操作。Specifically, according to the embodiment of the present invention, the first timestamp corresponding to the above-mentioned client permission data table is the timestamp corresponding to when the client operates the data table, including the client operation including the storage operation and the update operation.

步骤S102，根据第一时间戳和第二时间戳判断是否对客户端权限数据表进行更新。若是，需要对客户端权限数据表进行更新；若否，则表示不需要对客户端权限数据表进行更新。Step S102: Determine whether to update the client authority data table according to the first timestamp and the second timestamp. If so, the client authority data table needs to be updated; if not, it means that the client authority data table does not need to be updated.

具体地，根据本发明实施例，若不需要对客户端权限数据表进行更新，则表明客户端权限数据表为最新权限数据，可直接根据客户端本地存储的客户端权限数据表确定微应用调用接口所对应的权限结果，再根据服务端权限数据表对客户端权限数据表进行更新。Specifically, according to the embodiment of the present invention, if the client permission data table does not need to be updated, it indicates that the client permission data table is the latest permission data, and the micro-application call can be determined directly according to the client permission data table stored locally on the client The permission result corresponding to the interface, and then update the client permission data table according to the server permission data table.

通过上述设置，客户端本地存储有微应用调用接口对应的权限数据表，在确定微应用调用接口权限结果时，只需根据客户端操作该数据表的时间戳与服务端对应的权限数据表的操作时间戳进行比对，即可快速在确定权限结果，避免了现有方法中每次均从服务端获取最新权限数据，占用较多服务器资源的情形，进而提升了确定权限结果的效率，降低了数据传输对服务器资源的占用。With the above settings, the client locally stores the permission data table corresponding to the micro-application calling interface. When determining the result of the micro-application calling interface permission, only the timestamp of the client operating the data table and the permission data table corresponding to the server are needed. By comparing the operation timestamps, the authority result can be quickly determined, avoiding the situation that the latest authority data is obtained from the server every time in the existing method, which occupies a lot of server resources, thereby improving the efficiency of determining the authority result and reducing the It reduces the occupation of server resources by data transmission.

进一步地，根据本发明实施例，根据第一时间戳和第二时间戳判断是否对客户端权限数据表进行更新，还包括：Further, according to the embodiment of the present invention, judging whether to update the client authority data table according to the first timestamp and the second timestamp further includes:

判断第一时间戳是否早于第二时间戳，若是，则需要对客户端权限数据表进行更新；若否，则不需要对客户端权限数据表进行更新。It is judged whether the first timestamp is earlier than the second timestamp, and if so, the client authority data table needs to be updated; if not, the client authority data table does not need to be updated.

其中，若第一时间戳早于第二时间戳，表明客户端存储或更新客户端权限数据表之后，服务端权限数据表进行了更新操作，在这种情况下，需要从服务端获取最新的服务端权限数据表对客户端权限数据表进行更新，才能保证所确定的权限结果的时效性，达到简化权限确定流程，提升用户体验的技术效果。Among them, if the first timestamp is earlier than the second timestamp, it indicates that after the client stores or updates the client permission data table, the server permission data table has been updated. The server-side permission data table is updated to the client-side permission data table, so as to ensure the timeliness of the determined permission results, simplify the permission determination process, and improve the technical effect of user experience.

步骤S103，向服务端发送权限更新请求，以获取服务端权限数据表，根据服务端权限数据表确定微应用调用接口所对应的权限结果，根据服务端权限数据表对客户端权限数据表进行更新。Step S103: Send a permission update request to the server to obtain the server permission data table, determine the permission result corresponding to the micro-application calling interface according to the server permission data table, and update the client permission data table according to the server permission data table .

通过上述设置，仅在服务端权限数据表进行更新后(根据第二时间戳与第一时间戳的比较可以判断服务端权限数据表是否发生了更新)，才从服务端获取权限数据表，否则，可直接根据客户端本地存储的客户端权限数据表确定权限结果。Through the above settings, the authority data table is obtained from the server only after the server authority data table is updated (it can be determined whether the server authority data table has been updated according to the comparison between the second timestamp and the first timestamp), otherwise , the permission result can be determined directly according to the client permission data table stored locally on the client.

进一步地，根据本发明实施例，在根据服务端权限数据表对客户端权限数据表进行更新的步骤之后，上述方法还包括：获取更新客户端权限数据表时对应的更新时间戳；以更新时间戳替换第一时间戳。Further, according to the embodiment of the present invention, after the step of updating the client authority data table according to the server authority data table, the above method further includes: obtaining an update time stamp corresponding to the updating of the client authority data table; The stamp replaces the first timestamp.

若需要重新获取服务端权限数据表，则在更新客户端权限数据表时，对第一时间戳进行更新，以便于后续调用时，均根据权限数据表的最近操作所对应的时间戳，判断是否需要对客户端权限数据表进行更新。If it is necessary to re-acquire the server-side permission data table, when updating the client-side permission data table, update the first timestamp, so that when subsequent calls are made, it is determined whether or not it is based on the timestamp corresponding to the latest operation of the permission data table. The client permissions data table needs to be updated.

优选地，根据本发明实施例，在获取客户端权限数据表对应的第一时间戳的步骤之前，上述方法还包括：将调用接口信息发送至管理系统，以使得：管理系统根据第一业务需求和调用接口信息设置接口调用权限，并将接口调用权限发送至服务端；服务端根据接口调用权限确定服务端权限数据表，并记录当前时间戳为第二时间戳。Preferably, according to the embodiment of the present invention, before the step of acquiring the first timestamp corresponding to the client authority data table, the above method further includes: sending the calling interface information to the management system, so that the management system can meet the first service requirements according to the first service requirements. Set the interface calling permission with the calling interface information, and send the interface calling permission to the server; the server determines the server permission data table according to the interface calling permission, and records the current timestamp as the second timestamp.

通过上述设置，利用管理系统对微应用统一设置调用接口权限，保障了所调用接口的安全性，降低权限确定成本和调用接口的维护成本。Through the above settings, the management system is used to uniformly set the calling interface authority for the micro-application, which ensures the security of the called interface and reduces the cost of determining the authority and the maintenance cost of the calling interface.

根据本发明实施例的技术方案，因为采用获取客户端权限数据表对应的第一时间戳，并从服务端获取服务端权限数据表对应的第二时间戳；根据第一时间戳和第二时间戳判断是否对客户端权限数据表进行更新；其中，第二时间戳是管理系统对服务端权限数据表进行操作时对应的时间戳；若是，向服务端发送权限更新请求，以获取服务端权限数据表，根据服务端权限数据表确定微应用调用接口所对应的权限结果，根据服务端权限数据表对客户端权限数据表进行更新的技术手段，所以克服了现有的微应用调用接口的权限确定方法中存在调用接口的安全性较低，权限确定成本较高，处理方法的容错率较低，调用接口的维护成本高，调用接口的可拓展性差，权限确定流程复杂，用户体验差的技术问题，进而达到提高所调用接口的安全性，降低权限确定成本和调用接口的维护成本，提高处理方法的容错率，提升调用接口的可拓展性，简化权限确定流程，提升用户体验的技术效果。According to the technical solution of the embodiment of the present invention, because the first timestamp corresponding to the client permission data table is obtained, and the second timestamp corresponding to the server permission data table is obtained from the server; according to the first timestamp and the second time Stamp to determine whether to update the client permission data table; wherein, the second timestamp is the timestamp corresponding to when the management system operates the server permission data table; if so, send a permission update request to the server to obtain the server permission Data table, according to the server-side permission data table to determine the permission result corresponding to the micro-application calling interface, and the technical means to update the client-side permission data table according to the server-side permission data table, so it overcomes the existing permission of the micro-application calling interface In the determination method, the security of the call interface is low, the cost of authorization determination is high, the fault tolerance rate of the processing method is low, the maintenance cost of the call interface is high, the scalability of the call interface is poor, the authorization determination process is complicated, and the user experience is poor. In order to improve the security of the called interface, reduce the cost of authorization determination and the maintenance cost of the calling interface, improve the fault tolerance rate of the processing method, improve the scalability of the calling interface, simplify the authorization determination process, and improve the technical effect of user experience.

图2是根据本发明第二实施例提供的微应用调用接口的权限确定方法的主要流程的示意图；如图2所示，本发明实施例提供的微应用调用接口的权限确定方法应用于服务端，主要包括：FIG. 2 is a schematic diagram of the main process of the method for determining the authority of the micro-application calling interface provided according to the second embodiment of the present invention; as shown in FIG. 2 , the method for determining the authority of the micro-application calling interface provided by the embodiment of the present invention is applied to the server ,mainly include:

步骤S201，响应于客户端发送的第二时间戳获取请求，将服务端权限数据表对应的第二时间戳发送至客户端。Step S201, in response to the second timestamp acquisition request sent by the client, sending the second timestamp corresponding to the server permission data table to the client.

具体地，根据本发明实施例，具体地，根据本发明实施例，上述客户端权限数据表对应的第一时间戳是客户端操作该数据表时对应的时间戳，包括客户端操作包括存储操作和更新操作。在客户端欲确定微应用对应的调用接口权限时，客户端需要向服务端发送第二时间戳获取请求，以从服务端获取服务端权限数据表对应的第二时间戳。用于根据客户端权限数据表对应的第一时间戳和上述第二时间戳判断是否需要对客户端权限数据表进行更新。Specifically, according to the embodiment of the present invention, specifically, according to the embodiment of the present invention, the first timestamp corresponding to the above-mentioned client permission data table is the timestamp corresponding to when the client operates the data table, including the client operation including the storage operation and update operations. When the client wants to determine the calling interface permission corresponding to the micro-application, the client needs to send a second timestamp obtaining request to the server, so as to obtain the second timestamp corresponding to the server permission data table from the server. It is used to determine whether the client authority data table needs to be updated according to the first timestamp corresponding to the client authority data table and the above-mentioned second timestamp.

步骤S202，接收微应用基于客户端发送的权限更新请求，其中，权限更新请求是客户端根据第二时间戳和客户端权限数据表对应的第一时间戳，确定需要对客户端权限数据表进行更新后生成的。Step S202: Receive a permission update request sent by the micro-application based on the client, wherein the permission update request is that the client determines that the client permission data table needs to be updated according to the second timestamp and the first timestamp corresponding to the client permission data table. generated after the update.

根据本发明实施例，在客户端根据第一时间戳和第二时间戳判断需要对客户端权限数据表进行更新时，客户端需要向服务端发送权限更新请求，以最新的服务端权限数据表，以用于确定微应用权限结果，并对本地存储的客户端权限数据表进行更新。According to the embodiment of the present invention, when the client determines that the client authority data table needs to be updated according to the first timestamp and the second timestamp, the client needs to send an authority update request to the server to update the server authority data table with the latest , which is used to determine the micro-app permission result and update the locally stored client permission data table.

步骤S203，将服务端权限数据表发送至客户端，以使得微应用根据服务端权限数据表确定微应用调用接口所对应的权限结果，并对客户端权限数据表进行更新；其中，服务端权限数据表根据管理系统发送的接口调用权限确定的。Step S203, sending the server-side permission data table to the client, so that the micro-application determines the permission result corresponding to the calling interface of the micro-application according to the server-side permission data table, and updates the client-side permission data table; The data table is determined according to the interface calling authority sent by the management system.

进一步地，根据本发明实施例，上述根据管理系统发送的接口调用权限确定服务端权限数据表的步骤，还包括：接收管理系统发送的接口调用权限；其中，接口调用权限是管理系统根据第一业务需求和微应用发送的调用接口信息设置的；Further, according to the embodiment of the present invention, the above-mentioned step of determining the server authority data table according to the interface calling authority sent by the management system further includes: receiving the interface calling authority sent by the management system; wherein, the interface calling authority is the management system according to the first Set by business requirements and the calling interface information sent by the micro-application;

通过上述设置，利用管理系统对微应用统一设置调用接口权限，保障了所调用接口的安全性，降低权限确定成本和调用接口的维护成本。根据本发明实施例的一具体实施方式，管理系统可以独立于服务器之外，也可以设置于服务器之内。Through the above settings, the management system is used to uniformly set the calling interface authority for the micro-application, which ensures the security of the called interface and reduces the cost of determining the authority and the maintenance cost of the calling interface. According to a specific implementation of the embodiment of the present invention, the management system may be independent of the server, or may be set within the server.

根据本发明实施例的技术方案，因为采用响应于客户端发送的第二时间戳获取请求，将服务端权限数据表对应的第二时间戳发送至客户端；接收微应用基于客户端发送的权限更新请求，其中，权限更新请求是客户端根据第二时间戳和客户端权限数据表对应的第一时间戳，确定需要对客户端权限数据表进行更新后生成的；将服务端权限数据表发送至客户端，以使得微应用根据服务端权限数据表确定微应用调用接口所对应的权限结果，并对客户端权限数据表进行更新；其中，服务端权限数据表根据管理系统发送的接口调用权限确定的技术手段，所以克服了现有的微应用调用接口的权限确定方法中存在调用接口的安全性较低，权限确定成本较高，处理方法的容错率较低，调用接口的维护成本高，调用接口的可拓展性差，权限确定流程复杂，用户体验差的技术问题，进而达到提高所调用接口的安全性，降低权限确定成本和调用接口的维护成本，提高处理方法的容错率，提升调用接口的可拓展性，简化权限确定流程，提升用户体验的技术效果。According to the technical solution of the embodiment of the present invention, the second timestamp corresponding to the server permission data table is sent to the client in response to the second timestamp acquisition request sent by the client; the receiving micro-application is based on the permission sent by the client An update request, wherein the authority update request is generated after the client determines that the client authority data table needs to be updated according to the second timestamp and the first timestamp corresponding to the client authority data table; send the server authority data table to the client, so that the micro-application determines the permission result corresponding to the micro-application calling interface according to the server-side permission data table, and updates the client-side permission data table; wherein, the server-side permission data table is based on the interface calling permission sent by the management system. Therefore, it overcomes the low security of the calling interface in the existing authorization determination method of the calling interface of the micro-application, the high cost of authorization determination, the low fault tolerance rate of the processing method, and the high maintenance cost of the calling interface. The scalability of the calling interface is poor, the authorization determination process is complicated, and the user experience is poor, which can improve the security of the called interface, reduce the cost of authorization determination and the maintenance cost of the calling interface, improve the fault tolerance rate of the processing method, and improve the calling interface. The scalability of the system simplifies the authorization determination process and improves the technical effect of the user experience.

图3是根据本发明第三实施例提供的微应用调用接口的权限确定方法的主要流程的示意图；如图3所示，本发明实施例提供的微应用调用接口的权限确定方法应用于管理系统，主要包括：FIG. 3 is a schematic diagram of the main flow of the method for determining the authority of the micro-application calling interface provided according to the third embodiment of the present invention; as shown in FIG. 3 , the method for determining the authority of the micro-application calling interface provided by the embodiment of the present invention is applied to the management system ,mainly include:

步骤S301，接收至少一个微应用发送的调用接口信息。Step S301: Receive call interface information sent by at least one micro-application.

具体地，根据本发明实施例，上述调用接口信息包括接口编号、接口功能特征和微应用编号；根据第一业务需求和至少一个微应用发送的调用接口信息设置接口调用权限，还包括：根据接口编号和接口功能特征对调用接口进行分组；根据分组结果和业务需求批量设置微应用编号对应的接口调用权限。Specifically, according to the embodiment of the present invention, the above-mentioned invocation interface information includes an interface number, interface functional characteristics and a micro-application number; setting the interface invocation authority according to the first service requirement and the invocation interface information sent by at least one micro-application, further includes: according to the interface The calling interfaces are grouped according to the number and interface function characteristics; the interface calling permissions corresponding to the micro-application number are set in batches according to the grouping results and business requirements.

通过上述设置，管理系统获取多个微应用发送的调用接口信息，进而根据接口编号、接口功能特征以及业务需求等对微应用对应的调用接口的权限进行批量设置，保障了所调用接口的安全性，降低了权限确定成本和调用接口的维护成本。Through the above settings, the management system obtains the calling interface information sent by multiple micro-applications, and then sets the permissions of the calling interfaces corresponding to the micro-applications in batches according to the interface number, interface functional characteristics and business requirements, etc., which ensures the security of the called interfaces. , which reduces the cost of authorization determination and the maintenance cost of calling interfaces.

步骤S302，根据第一业务需求和至少一个微应用发送的调用接口信息设置接口调用权限。Step S302, setting the interface calling authority according to the first service requirement and the calling interface information sent by at least one micro-application.

进一步地，根据本发明实施例，上述调用接口信息还包括微应用属性；在将接口调用权限发送至服务端的步骤之前，方法还包括：根据微应用属性确定微应用类型，根据微应用类型确定微应用编号对应的接口调用权限。Further, according to the embodiment of the present invention, the above-mentioned calling interface information further includes the micro-application attribute; before the step of sending the interface calling authority to the server, the method further includes: determining the micro-application type according to the micro-application attribute, and determining the micro-application type according to the micro-application type. The API call permission corresponding to the application ID.

通过上述设置，可针对微应用类型确定接口调用权限，避免开发者通过管理系统设置调用权限时，由于操作失误，将特殊类型的微应用对应的调用权限设置错误。根据本发明实施例，构建微应用管理端名单，属于该名单内的微应用统一设置或者不设置相对应的调用接口权限，提高所调用接口的安全性。Through the above settings, the interface invocation authority can be determined according to the type of the micro-application, so as to avoid setting the invocation authority corresponding to a special type of micro-application incorrectly due to an operation error when the developer sets the invocation authority through the management system. According to the embodiment of the present invention, a list of micro-application management terminals is constructed, and the micro-applications in the list are uniformly set or not set with corresponding calling interface permissions, so as to improve the security of the called interface.

优选地，根据本发明实施例，上述根据第一业务需求和至少一个微应用发送的调用接口信息设置接口调用权限，还包括：根据业务需求和调用接口信息中的接口编号判断所调用的接口是否为目标接口；若是，根据第一业务需求和接口编号对应的接口功能特征，对目标接口的不同接口功能分别设置接口调用权限。Preferably, according to the embodiment of the present invention, the above-mentioned setting of the interface invocation authority according to the first service requirement and the invocation interface information sent by the at least one micro-application further includes: judging whether the invoked interface is based on the service requirement and the interface number in the invocation interface information. is the target interface; if so, according to the first service requirement and the interface function characteristics corresponding to the interface number, the interface calling authority is respectively set for different interface functions of the target interface.

根据本发明实施例的一具体实施方式，微应用可以添加所能使用的特殊API(Application Program Interface，应用程序接口)，在添加特殊API(即上述目标接口)的时候，需要设置特殊API是否需要校验参数权限。如需校验参数权限，需要同时配置所需校验的参数key和允许参数值。According to a specific implementation of the embodiment of the present invention, a micro-application can add a special API (Application Program Interface) that can be used. When adding a special API (that is, the above-mentioned target interface), it is necessary to set whether the special API is required Verify parameter permissions. To verify parameter permissions, you need to configure the parameter key and allowable parameter value to be verified at the same time.

如跳转指定渠道客户端API：openClientFunction，假设在API登记时分配的接口id为1002，此API有channel字段需要校验参数权限，目前提供的参数是：1：手机银行；2：企业银行；3：支付渠道c；4：支付渠道d；5：支付渠道e；6：支付渠道f。For example, if you jump to the specified channel client API: openClientFunction, assuming that the interface id assigned during API registration is 1002, this API has the channel field and needs to verify the parameter permission. The currently provided parameters are: 1: Mobile Banking; 2: Corporate Banking; 3: payment channel c; 4: payment channel d; 5: payment channel e; 6: payment channel f.

对某一个微应用只配置这个API的特殊使用权限时候，如果只允许使用参数1、5(即仅为该微应用设置该API的两个接口功能特征所对应的调用权限)，则配置最终生成的权限校验数据为：When only configuring the special permission to use this API for a micro-application, if only parameters 1 and 5 are allowed (that is, the calling permission corresponding to the two interface features of the API is only set for the micro-application), the configuration will be finally generated. The permission check data is:

{{

“1002”：{“channel”:[“1”,”5”]}"1002": {"channel":["1","5"]}

}}

示例性地，根据本发明实施例，上述还包括：接收第二业务需求，根据第二业务需求对调用接口以及调用接口对应的接口调用权限进行更新。Exemplarily, according to the embodiment of the present invention, the above further includes: receiving the second service requirement, and updating the calling interface and the interface calling authority corresponding to the calling interface according to the second service requirement.

通过上述设置，开发人员可根据实时更新的业务需求(即上述第二业务需求)对调用接口API进行增、删、改操作；还可以对各个API对应的调用权限进行调整，提升了调用接口的可拓展性。Through the above settings, developers can add, delete, and modify the calling interface APIs according to the real-time updated business requirements (that is, the above-mentioned second business requirements); they can also adjust the calling permissions corresponding to each API, which improves the calling interface. Scalability.

步骤S303，将接口调用权限发送至服务端，以使得：服务端接收到微应用基于客户端发送的权限更新请求后，向微应用发送服务端权限数据表，微应用根据服务端权限数据表确定微应用调用接口所对应的权限结果；其中，服务端权限数据表是服务端根据接口调用权限进行确定的。Step S303, sending the interface calling permission to the server, so that: after receiving the permission update request sent by the micro-application based on the client, the server sends the server-side permission data table to the micro-application, and the micro-application determines according to the server-side permission data table The permission result corresponding to the micro-app calling interface; wherein, the server-side permission data table is determined by the server-side according to the interface calling permission.

根据本发明实施例的技术方案，因为采用接收至少一个微应用发送的调用接口信息；根据第一业务需求和至少一个微应用发送的调用接口信息设置接口调用权限；将接口调用权限发送至服务端，以使得：服务端接收到微应用基于客户端发送的权限更新请求后，向微应用发送服务端权限数据表，微应用根据服务端权限数据表确定微应用调用接口所对应的权限结果；其中，服务端权限数据表是服务端根据接口调用权限进行确定的技术手段，所以克服了现有的微应用调用接口的权限确定方法中存在调用接口的安全性较低，权限确定成本较高，处理方法的容错率较低，调用接口的维护成本高，调用接口的可拓展性差，权限确定流程复杂，用户体验差的技术问题，进而达到提高所调用接口的安全性，降低权限确定成本和调用接口的维护成本，提高处理方法的容错率，提升调用接口的可拓展性，简化权限确定流程，提升用户体验的技术效果。According to the technical solution of the embodiment of the present invention, because of the adoption of receiving the calling interface information sent by at least one micro-application; setting the interface calling authority according to the first service requirement and the calling interface information sent by the at least one micro-application; sending the interface calling authority to the server , so that: after receiving the permission update request sent by the micro-application based on the client, the server sends the server-side permission data table to the micro-application, and the micro-application determines the permission result corresponding to the micro-application calling interface according to the server-side permission data table; wherein , the server-side permission data table is a technical means for the server to determine according to the interface calling permission, so it overcomes the low security of the calling interface in the existing permission determination method of the micro-application calling interface, and the cost of determining the permission is high. The fault tolerance rate of the method is low, the maintenance cost of the calling interface is high, the scalability of the calling interface is poor, the authorization determination process is complicated, and the user experience is poor. It reduces the maintenance cost, improves the fault tolerance rate of the processing method, improves the scalability of the calling interface, simplifies the authorization determination process, and improves the technical effect of the user experience.

图4是根据本发明第四实施例提供的微应用调用接口的权限确定装置的主要模块的示意图；如图4所示，本发明实施例提供的微应用调用接口的权限确定装置400，设置于客户端，主要包括：4 is a schematic diagram of the main modules of the apparatus for determining the authority of the micro-application calling interface provided according to the fourth embodiment of the present invention; as shown in FIG. 4 , the apparatus 400 for determining the authority of the micro-application calling interface provided by the embodiment of the present invention is set in Clients, mainly including:

时间戳获取模块401，用于获取客户端权限数据表对应的第一时间戳，并从服务端获取服务端权限数据表对应的第二时间戳。The timestamp obtaining module 401 is configured to obtain the first timestamp corresponding to the client permission data table, and obtain the second timestamp corresponding to the server permission data table from the server.

判断模块402，用于根据第一时间戳和第二时间戳判断是否对客户端权限数据表进行更新；其中，第二时间戳是管理系统对服务端权限数据表进行操作时对应的时间戳。The judgment module 402 is configured to judge whether to update the client authority data table according to the first time stamp and the second time stamp; wherein the second time stamp is a corresponding time stamp when the management system operates the server authority data table.

进一步地，根据本发明实施例，上述判断模块402，还用于：判断第一时间戳是否早于第二时间戳，若是，则需要对客户端权限数据表进行更新；若否，则不需要对客户端权限数据表进行更新。Further, according to the embodiment of the present invention, the above judgment module 402 is further configured to: judge whether the first time stamp is earlier than the second time stamp, if so, the client authority data table needs to be updated; if not, it is not necessary Updates to Client Permissions data table.

权限确定模块403，在需要对客户端权限数据表进行更新的情况下，用于向服务端发送权限更新请求，以获取服务端权限数据表，根据服务端权限数据表确定微应用调用接口所对应的权限结果，根据服务端权限数据表对客户端权限数据表进行更新。The permission determination module 403 is used to send a permission update request to the server when the client permission data table needs to be updated, so as to obtain the server permission data table, and determine the corresponding interface of the micro-application calling interface according to the server permission data table According to the permission result of the server, update the client permission data table according to the server permission data table.

进一步地，根据本发明实施例，上述微应用调用接口的权限确定装置400还包括时间戳更新模块，在根据服务端权限数据表对客户端权限数据表进行更新的步骤之后，用于：获取更新客户端权限数据表时对应的更新时间戳；以更新时间戳替换第一时间戳。Further, according to the embodiment of the present invention, the apparatus 400 for determining the authority of the micro-application calling interface further includes a timestamp updating module, which is used to: obtain the update after the step of updating the client authority data table according to the server authority data table The update timestamp corresponding to the client permission data table; replace the first timestamp with the update timestamp.

优选地，根据本发明实施例，上述微应用调用接口的权限确定装置400还包括调用接口信息发送模块，在获取客户端权限数据表对应的第一时间戳的步骤之前，用于：将调用接口信息发送至管理系统，以使得：管理系统根据第一业务需求和调用接口信息设置接口调用权限，并将接口调用权限发送至服务端；服务端根据接口调用权限确定服务端权限数据表，并记录当前时间戳为第二时间戳。Preferably, according to the embodiment of the present invention, the apparatus 400 for determining the authority of the micro-application calling interface further includes a calling interface information sending module, which is used to: before the step of acquiring the first timestamp corresponding to the client authority data table: send the calling interface The information is sent to the management system, so that: the management system sets the interface calling authority according to the first business requirement and the calling interface information, and sends the interface calling authority to the server; the server determines the server authority data table according to the interface calling authority, and records The current timestamp is the second timestamp.

图5是根据本发明第五实施例提供的微应用调用接口的权限确定装置的主要模块的示意图；如图5所示，本发明实施例提供的微应用调用接口的权限确定装置500，设置于服务端，主要包括：FIG. 5 is a schematic diagram of the main modules of the apparatus for determining the authority of the micro-application calling interface provided according to the fifth embodiment of the present invention; as shown in FIG. 5 , the apparatus 500 for determining the authority of the micro-application calling interface provided by the embodiment of the present invention is set in The server side mainly includes:

第一发送模块501，用于响应于客户端发送的第二时间戳获取请求，将服务端权限数据表对应的第二时间戳发送至客户端。The first sending module 501 is configured to send the second timestamp corresponding to the server permission data table to the client in response to the second timestamp acquisition request sent by the client.

请求接收模块502，用于接收微应用基于客户端发送的权限更新请求，其中，权限更新请求是客户端根据第二时间戳和客户端权限数据表对应的第一时间戳，确定需要对客户端权限数据表进行更新后生成的。The request receiving module 502 is configured to receive a permission update request sent by the micro-application based on the client, wherein the permission update request is that the client determines that the client needs to update the client according to the second timestamp and the first timestamp corresponding to the client permission data table. Generated after the permissions data table is updated.

第二发送模块503，用于将服务端权限数据表发送至客户端，以使得微应用根据服务端权限数据表确定微应用调用接口所对应的权限结果，并对客户端权限数据表进行更新；其中，服务端权限数据表根据管理系统发送的接口调用权限确定的。The second sending module 503 is configured to send the server-side permission data table to the client, so that the micro-application determines the permission result corresponding to the micro-application calling interface according to the server-side permission data table, and updates the client-side permission data table; Wherein, the server authority data table is determined according to the interface calling authority sent by the management system.

进一步地，根据本发明实施例，上述微应用调用接口的权限确定装置500还包括服务端权限数据表确定模块，用于：接收管理系统发送的接口调用权限；其中，接口调用权限是管理系统根据第一业务需求和微应用发送的调用接口信息设置的；根据接口调用权限确定服务端权限数据表，并记录当前时间戳为第二时间戳。Further, according to the embodiment of the present invention, the apparatus 500 for determining the authority of the micro-application calling interface further includes a server-side authority data table determining module, which is used for: receiving the interface calling authority sent by the management system; wherein, the interface calling authority is the management system according to The first business requirement and the calling interface information sent by the micro-application are set; the server-side permission data table is determined according to the interface calling permission, and the current timestamp is recorded as the second timestamp.

图6是根据本发明第六实施例提供的微应用调用接口的权限确定装置的主要模块的示意图；如图6所示，本发明实施例提供的微应用调用接口的权限确定装置600，设置于管理系统，主要包括：FIG. 6 is a schematic diagram of the main modules of the apparatus for determining the authority of the micro-application calling interface provided according to the sixth embodiment of the present invention; as shown in FIG. 6 , the apparatus 600 for determining the authority of the micro-application calling interface provided by the embodiment of the present invention is set in Management system, mainly including:

调用接口信息接收模块601，用于接收至少一个微应用发送的调用接口信息。The call interface information receiving module 601 is configured to receive call interface information sent by at least one micro-application.

权限设置模块602，用于根据第一业务需求和至少一个微应用发送的调用接口信息设置接口调用权限。The permission setting module 602 is configured to set the interface calling permission according to the first service requirement and the calling interface information sent by the at least one micro-application.

进一步地，根据本发明实施例，上述微应用调用接口的权限确定装置600还包括微应用类型确定模块，上述调用接口信息还包括微应用属性；在将接口调用权限发送至服务端的步骤之前，方法还包括：根据微应用属性确定微应用类型，根据微应用类型确定微应用编号对应的接口调用权限。Further, according to the embodiment of the present invention, the apparatus 600 for determining the authority of the micro-application invocation interface further includes a micro-application type determination module, and the above-mentioned invocation interface information also includes the micro-application attribute; before the step of sending the interface invocation authority to the server, the method It also includes: determining the micro-application type according to the micro-application attribute, and determining the interface calling authority corresponding to the micro-application number according to the micro-application type.

权限发送模块603，用于将接口调用权限发送至服务端，以使得：服务端接收到微应用基于客户端发送的权限更新请求后，向微应用发送服务端权限数据表，微应用根据服务端权限数据表确定微应用调用接口所对应的权限结果；其中，服务端权限数据表是服务端根据接口调用权限进行确定的。The permission sending module 603 is configured to send the interface calling permission to the server, so that: after the server receives the permission update request sent by the micro application based on the client, it sends the server permission data table to the micro application, and the micro application according to the server The permission data table determines the permission result corresponding to the calling interface of the micro-application; wherein, the server permission data table is determined by the server according to the interface calling permission.

图7是根据本发明第七实施例提供的微应用调用接口的权限确定系统的主要框架的示意图；如图7所示，本发明实施例提供的微应用调用接口的权限确定系统700主要包括：7 is a schematic diagram of the main framework of a system for determining the authority of a micro-application calling interface provided according to the seventh embodiment of the present invention; as shown in FIG. 7 , the system 700 for determining the authority of a micro-application calling interface provided by the embodiment of the present invention mainly includes:

管理端，执行步骤S1，由管理人员录入权限数据更改信息；S2，根据权限数据更改信息对服务端权限数据表进行更新。At the management end, step S1 is performed, and the administrator enters the permission data modification information; S2, the server end permission data table is updated according to the permission data modification information.

根据本发明实施例，在执行步骤S1之前，管理端还用于：用于接收至少一个微应用发送的调用接口信息；根据第一业务需求和至少一个微应用发送的调用接口信息设置接口调用权限；将接口调用权限发送至服务端，以使得，服务端生成服务端权限数据表。According to the embodiment of the present invention, before step S1 is performed, the management terminal is further configured to: receive the calling interface information sent by at least one micro-application; set the interface calling authority according to the first service requirement and the calling interface information sent by the at least one micro-application ; Send the interface calling permission to the server, so that the server generates the server permission data table.

客户端，执行步骤S3，向服务端发送权限更新请求；步骤S5，根据服务端发送服务端权限数据表确定权限结果。The client, executes step S3, sends a permission update request to the server; step S5, determines the permission result according to the server permission data table sent by the server.

根据本发明实施例，在执行步骤S3之前，客户端还用于：获取客户端权限数据表对应的第一时间戳，并从服务端获取服务端权限数据表对应的第二时间戳；根据第一时间戳和第二时间戳判断是否对客户端权限数据表进行更新；其中，第二时间戳是管理系统对服务端权限数据表进行操作时对应的时间戳；在判断结果为需要更新时，再执行步骤S3；若判断结果为不需要更新，则直接根据客户端权限数据表确定权限结果。According to the embodiment of the present invention, before step S3 is performed, the client is further configured to: obtain the first timestamp corresponding to the client authority data table, and obtain the second timestamp corresponding to the server authority data table from the server; A timestamp and a second timestamp determine whether to update the client authority data table; wherein, the second timestamp is the timestamp corresponding to when the management system operates the server authority data table; when the judgment result is that updating is required, Step S3 is executed again; if the judgment result is that no update is required, the authority result is directly determined according to the client authority data table.

服务端，执行步骤S4，响应于微应用基于客户端发送的权限更新请求，向客户端发送更新后的服务端权限数据表。The server performs step S4, and sends the updated server permission data table to the client in response to the permission update request sent by the micro-application based on the client.

根据本发明实施例，在执行步骤S4之前，服务端还用于：响应于客户端发送的第二时间戳获取请求，将服务端权限数据表对应的第二时间戳发送至客户端，以使得客户端根据第一时间戳和第二时间戳判断是否需要对客户端权限数据表进行更新。According to the embodiment of the present invention, before step S4 is performed, the server is further configured to: in response to the second timestamp acquisition request sent by the client, send the second timestamp corresponding to the server permission data table to the client, so that The client determines whether the client authority data table needs to be updated according to the first timestamp and the second timestamp.

图8示出了可以应用本发明实施例的微应用调用接口的权限确定方法或微应用调用接口的权限确定装置(根据具体案件调整)的示例性系统架构800。FIG. 8 shows an exemplary system architecture 800 to which the method for determining the authority of the micro-application calling interface or the apparatus for determining the authority of the micro-application calling interface (adjusted according to specific cases) according to an embodiment of the present invention can be applied.

如图8所示，系统架构800可以包括终端设备801、802、803，网络804和服务器805(此架构仅仅是示例，具体架构中包含的组件可以根据申请具体情况调整)。网络804用以在终端设备801、802、803和服务器805之间提供通信链路的介质。网络804可以包括各种连接类型，例如有线、无线通信链路或者光纤电缆等等。As shown in FIG. 8, the system architecture 800 may include terminal devices 801, 802, 803, a network 804 and a server 805 (this architecture is only an example, and the components included in the specific architecture can be adjusted according to the specific application). The network 804 is a medium used to provide a communication link between the terminal devices 801 , 802 , 803 and the server 805 . Network 804 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.

用户可以使用终端设备801、802、803通过网络804与服务器805交互，以接收或发送消息等。终端设备801、802、803上可以安装有各种通讯客户端应用，例如购物类应用、网页浏览器应用、搜索类应用、即时通信工具、邮箱客户端、社交平台软件等(仅为示例)。The user can use the terminal devices 801, 802, 803 to interact with the server 805 through the network 804 to receive or send messages and the like. Various communication client applications may be installed on the terminal devices 801 , 802 and 803 , such as shopping applications, web browser applications, search applications, instant messaging tools, email clients, social platform software, etc. (only examples).

终端设备801、802、803可以是具有显示屏并且支持网页浏览的各种电子设备，包括但不限于智能手机、平板电脑、膝上型便携计算机和台式计算机等等。The terminal devices 801, 802, 803 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop computers, desktop computers, and the like.

服务器805可以是提供各种服务的服务器，例如对用户利用终端设备801、802、803所(进行权限确定/进行数据处理)的服务器(仅为示例)。该服务器可以对接收到的第一时间戳、第二时间戳等数据进行分析等处理，并将处理结果(例如服务端权限数据表、权限结果--仅为示例)反馈给终端设备。The server 805 may be a server that provides various services, such as a server (only an example) for users to use the terminal devices 801 , 802 , and 803 (for authorization determination/data processing). The server can analyze and process the received data such as the first timestamp and the second timestamp, and feed back the processing results (for example, the server permission data table and permission results—just an example) to the terminal device.

需要说明的是，本发明实施例所提供的微应用调用接口的权限确定方法一般由服务器805执行，相应地，微应用调用接口的权限确定装置一般设置于服务器805中。It should be noted that the method for determining the authority of the micro-application calling interface provided by the embodiment of the present invention is generally executed by the server 805 .

应该理解，图8中的终端设备、网络和服务器的数目仅仅是示意性的。根据实现需要，可以具有任意数目的终端设备、网络和服务器。It should be understood that the numbers of terminal devices, networks and servers in FIG. 8 are merely illustrative. There can be any number of terminal devices, networks and servers according to implementation needs.

下面参考图9，其示出了适于用来实现本发明实施例的终端设备或服务器的计算机系统900的结构示意图。图9示出的终端设备或服务器仅仅是一个示例，不应对本发明实施例的功能和使用范围带来任何限制。Referring to FIG. 9 below, it shows a schematic structural diagram of a computer system 900 suitable for implementing a terminal device or a server according to an embodiment of the present invention. The terminal device or server shown in FIG. 9 is only an example, and should not impose any limitations on the functions and scope of use of the embodiments of the present invention.

如图9所示，计算机系统900包括中央处理单元(CPU)901，其可以根据存储在只读存储器(ROM)902中的程序或者从存储部分908加载到随机访问存储器(RAM)903中的程序而执行各种适当的动作和处理。在RAM 903中，还存储有系统900操作所需的各种程序和数据。CPU 901、ROM 902以及RAM 903通过总线904彼此相连。输入/输出(I/O)接口905也连接至总线904。As shown in FIG. 9, a computer system 900 includes a central processing unit (CPU) 901, which can be loaded into a random access memory (RAM) 903 according to a program stored in a read only memory (ROM) 902 or a program from a storage section 908 Instead, various appropriate actions and processes are performed. In the RAM 903, various programs and data necessary for the operation of the system 900 are also stored. The CPU 901 , the ROM 902 , and the RAM 903 are connected to each other through a bus 904 . An input/output (I/O) interface 905 is also connected to bus 904 .

以下部件连接至I/O接口905：包括键盘、鼠标等的输入部分906；包括诸如阴极射线管(CRT)、液晶显示器(LCD)等以及扬声器等的输出部分907；包括硬盘等的存储部分908；以及包括诸如LAN卡、调制解调器等的网络接口卡的通信部分909。通信部分909经由诸如因特网的网络执行通信处理。驱动器910也根据需要连接至I/O接口905。可拆卸介质911，诸如磁盘、光盘、磁光盘、半导体存储器等等，根据需要安装在驱动器910上，以便于从其上读出的计算机程序根据需要被安装入存储部分908。The following components are connected to the I/O interface 905: an input section 906 including a keyboard, a mouse, etc.; an output section 907 including a cathode ray tube (CRT), a liquid crystal display (LCD), etc., and a speaker, etc.; a storage section 908 including a hard disk, etc. ; and a communication section 909 including a network interface card such as a LAN card, a modem, and the like. The communication section 909 performs communication processing via a network such as the Internet. A drive 910 is also connected to the I/O interface 905 as needed. A removable medium 911, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., is mounted on the drive 910 as needed so that a computer program read therefrom is installed into the storage section 908 as needed.

特别地，根据本发明公开的实施例，上文参考流程图描述的过程可以被实现为计算机软件程序。例如，本发明公开的实施例包括一种计算机程序产品，其包括承载在计算机可读介质上的计算机程序，该计算机程序包含用于执行流程图所示的方法的程序代码。在这样的实施例中，该计算机程序可以通过通信部分909从网络上被下载和安装，和/或从可拆卸介质911被安装。在该计算机程序被中央处理单元(CPU)901执行时，执行本发明的系统中限定的上述功能。In particular, the processes described above with reference to the flowcharts may be implemented as computer software programs in accordance with the disclosed embodiments of the present invention. For example, embodiments disclosed herein include a computer program product comprising a computer program carried on a computer-readable medium, the computer program containing program code for performing the method illustrated in the flowchart. In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 909, and/or installed from the removable medium 911. When the computer program is executed by the central processing unit (CPU) 901, the above-described functions defined in the system of the present invention are executed.

需要说明的是，本发明所示的计算机可读介质可以是计算机可读信号介质或者计算机可读存储介质或者是上述两者的任意组合。计算机可读存储介质例如可以是——但不限于——电、磁、光、电磁、红外线、或半导体的系统、装置或器件，或者任意以上的组合。计算机可读存储介质的更具体的例子可以包括但不限于：具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机访问存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑磁盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。在本发明中，计算机可读存储介质可以是任何包含或存储程序的有形介质，该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。而在本发明中，计算机可读的信号介质可以包括在基带中或者作为载波一部分传播的数据信号，其中承载了计算机可读的程序代码。这种传播的数据信号可以采用多种形式，包括但不限于电磁信号、光信号或上述的任意合适的组合。计算机可读的信号介质还可以是计算机可读存储介质以外的任何计算机可读介质，该计算机可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。计算机可读介质上包含的程序代码可以用任何适当的介质传输，包括但不限于：无线、电线、光缆、RF等等，或者上述的任意合适的组合。It should be noted that the computer-readable medium shown in the present invention may be a computer-readable signal medium or a computer-readable storage medium, or any combination of the above two. The computer-readable storage medium can be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus or device, or a combination of any of the above. More specific examples of computer readable storage media may include, but are not limited to, electrical connections with one or more wires, portable computer disks, hard disks, random access memory (RAM), read only memory (ROM), erasable Programmable read only memory (EPROM or flash memory), fiber optics, portable compact disk read only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing. In the present invention, a computer-readable storage medium may be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In the present invention, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, carrying computer-readable program code therein. Such propagated data signals may take a variety of forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing. A computer-readable signal medium can also be any computer-readable medium other than a computer-readable storage medium that can transmit, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device . Program code embodied on a computer readable medium may be transmitted using any suitable medium including, but not limited to, wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

附图中的流程图和框图，图示了按照本发明各种实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上，流程图或框图中的每个方框可以代表一个模块、程序段、或代码的一部分，上述模块、程序段、或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意，在有些作为替换的实现中，方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如，两个接连地表示的方框实际上可以基本并行地执行，它们有时也可以按相反的顺序执行，这依所涉及的功能而定。也要注意的是，框图或流程图中的每个方框、以及框图或流程图中的方框的组合，可以用执行规定的功能或操作的专用的基于硬件的系统来实现，或者可以用专用硬件与计算机指令的组合来实现。The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code that contains one or more logical functions for implementing the specified functions executable instructions. It should also be noted that, in some alternative implementations, the functions noted in the blocks may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It is also noted that each block of the block diagrams or flowchart illustrations, and combinations of blocks in the block diagrams or flowchart illustrations, can be implemented in special purpose hardware-based systems that perform the specified functions or operations, or can be implemented using A combination of dedicated hardware and computer instructions is implemented.

描述于本发明实施例中所涉及到的模块可以通过软件的方式实现，也可以通过硬件的方式来实现。所描述的模块也可以设置在处理器中，例如，可以描述为：一种处理器包括时间戳获取模块、判断模块和权限确定模块。其中，这些模块的名称在某种情况下并不构成对该模块本身的限定，例如，时间戳获取模块还可以被描述为“用于获取客户端权限数据表对应的第一时间戳，并从服务端获取服务端权限数据表对应的第二时间戳的模块”。The modules involved in the embodiments of the present invention may be implemented in a software manner, and may also be implemented in a hardware manner. The described module can also be set in the processor, for example, it can be described as: a processor includes a time stamp acquisition module, a judgment module and an authority determination module. Among them, the names of these modules do not constitute a limitation of the module itself under certain circumstances. For example, the timestamp obtaining module can also be described as "used to obtain the first timestamp corresponding to the client permission data table, and from the A module for the server to obtain the second timestamp corresponding to the server's permission data table".

作为另一方面，本发明还提供了一种计算机可读介质，该计算机可读介质可以是上述实施例中描述的设备中所包含的；也可以是单独存在，而未装配入该设备中。上述计算机可读介质承载有一个或者多个程序，当上述一个或者多个程序被一个该设备执行时，使得该设备包括：获取客户端权限数据表对应的第一时间戳，并从服务端获取服务端权限数据表对应的第二时间戳；根据第一时间戳和第二时间戳判断是否对客户端权限数据表进行更新；其中，第二时间戳是管理系统对服务端权限数据表进行操作时对应的时间戳；若是，向服务端发送权限更新请求，以获取服务端权限数据表，根据服务端权限数据表确定微应用调用接口所对应的权限结果，根据服务端权限数据表对客户端权限数据表进行更新。As another aspect, the present invention also provides a computer-readable medium, which may be included in the device described in the above embodiments; or may exist alone without being assembled into the device. The above-mentioned computer-readable medium carries one or more programs, and when the above-mentioned one or more programs are executed by a device, the device includes: obtaining the first timestamp corresponding to the client authority data table, and obtaining the first timestamp from the server The second timestamp corresponding to the server-side authority data table; it is judged whether to update the client-side authority data table according to the first timestamp and the second timestamp; wherein, the second timestamp is when the management system operates the server-side authority data table If it is, send a permission update request to the server to obtain the server permission data table, determine the permission result corresponding to the micro-application calling interface according to the server permission data table, and update the client according to the server permission data table. Permissions data table to be updated.

上述具体实施方式，并不构成对本发明保护范围的限制。本领域技术人员应该明白的是，取决于设计要求和其他因素，可以发生各种各样的修改、组合、子组合和替代。任何在本发明的精神和原则之内所作的修改、等同替换和改进等，均应包含在本发明保护范围之内。The above-mentioned specific embodiments do not constitute a limitation on the protection scope of the present invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may occur depending on design requirements and other factors. Any modifications, equivalent replacements and improvements made within the spirit and principle of the present invention shall be included within the protection scope of the present invention.

Claims

1. A permission determination method of a micro application call interface is applied to a client and comprises the following steps:

acquiring a first time stamp corresponding to a client side authority data table, and acquiring a second time stamp corresponding to a server side authority data table from a server side;

judging whether to update the client permission data table according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when operating the server side authority data table;

if yes, sending an authority updating request to the server to obtain the server authority data table, determining an authority result corresponding to a micro application calling interface according to the server authority data table, and updating the client authority data table according to the server authority data table.

2. The permission determination method of a micro application call interface according to claim 1, wherein after the step of updating the client permission data table according to the server permission data table, the method further comprises:

acquiring a corresponding update timestamp when the client permission data table is updated;

replacing the first timestamp with the update timestamp.

3. The permission determination method of a micro application call interface according to claim 1, wherein before the step of obtaining the first timestamp corresponding to the client permission data table, the method further comprises:

sending the call interface information to a management system such that: the management system sets interface calling authority according to a first service requirement and the calling interface information, and sends the interface calling authority to the server side; and the server side determines a server side authority data table according to the interface calling authority and records the current timestamp as the second timestamp.

4. A permission determination method of a micro application call interface is applied to a server side and comprises the following steps:

responding to a second timestamp acquisition request sent by the client, and sending a second timestamp corresponding to the server side permission data table to the client;

receiving a permission updating request sent by a micro application based on the client, wherein the permission updating request is generated after the client determines that the client permission data table needs to be updated according to the second time stamp and a first time stamp corresponding to the client permission data table;

sending the server side authority data table to the client side, so that the micro application determines an authority result corresponding to a micro application calling interface according to the server side authority data table, and updating the client side authority data table; and the server side authority data table is determined according to the interface calling authority sent by the management system.

5. The permission determination method for the micro application call interface according to claim 4, wherein the step of determining the server side permission data table according to the interface call permission sent by the management system further comprises:

receiving an interface calling authority sent by a management system; the management system is used for setting the interface calling authority according to a first service requirement and calling interface information sent by the micro application;

and determining a server side authority data table according to the interface calling authority, and recording the current timestamp as a second timestamp.

6. A permission determination method of a micro application call interface is applied to a management system and comprises the following steps:

receiving calling interface information sent by at least one micro application;

setting interface calling authority according to a first service requirement and calling interface information sent by the at least one micro application;

sending the interface calling authority to a server so as to: after receiving a permission updating request sent by a micro application based on a client, a server side permission data table is sent to the micro application, and the micro application determines a permission result corresponding to a micro application calling interface according to the server side permission data table; and the server side authority data table is determined by the server side according to the interface calling authority.

7. The permission determination method of a micro application call interface according to claim 6, wherein the call interface information includes an interface number, an interface function feature, and a micro application number; the setting of the interface calling authority according to the first service requirement and the calling interface information sent by the at least one micro application further comprises:

grouping calling interfaces according to the interface numbers and the interface functional characteristics;

and setting interface calling authorities corresponding to the micro application numbers in batches according to grouping results and the service requirements.

8. The permission determination method of a micro application call interface according to claim 6, wherein the call interface information further includes a micro application attribute; before the step of sending the interface call authority to the server, the method further includes:

determining the type of the micro application according to the micro application attribute, and determining the interface calling authority corresponding to the micro application number according to the type of the micro application.

9. The method for determining permission of a calling interface of a micro application according to claim 6, wherein the setting of the interface calling permission according to the first service requirement and the calling interface information sent by the at least one micro application further comprises:

judging whether the called interface is a target interface or not according to the service requirement and the interface number in the calling interface information;

if so, respectively setting interface calling authorities for different interface functions of the target interface according to the first service requirement and the interface function characteristics corresponding to the interface numbers.

10. The permission determination method of a micro application call interface according to claim 6, further comprising:

and receiving a second service requirement, and updating the calling interface and the interface calling authority corresponding to the calling interface according to the second service requirement.

11. An authority determination device for a micro application call interface, which is arranged at a client, comprises:

the time stamp obtaining module is used for obtaining a first time stamp corresponding to the client side authority data table and obtaining a second time stamp corresponding to the server side authority data table from the server side;

the judging module is used for judging whether to update the client permission data table according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when operating the server side authority data table;

and the permission determining module is used for sending a permission updating request to the server side to acquire the server side permission data table under the condition that the client side permission data table needs to be updated, determining a permission result corresponding to a micro application calling interface according to the server side permission data table, and updating the client side permission data table according to the server side permission data table.

12. The utility model provides a permission confirming device of micro application call interface which characterized in that sets up in the server side, includes:

the first sending module is used for responding to a second timestamp acquisition request sent by the client and sending a second timestamp corresponding to the server side permission data table to the client;

the request receiving module is used for receiving a permission updating request sent by the micro application based on the client, wherein the permission updating request is generated after the client determines that the client permission data table needs to be updated according to the second time stamp and a first time stamp corresponding to the client permission data table;

the second sending module is used for sending the server side authority data table to the client side, so that the micro application determines an authority result corresponding to a micro application calling interface according to the server side authority data table and updates the client side authority data table; and the server side authority data table is determined according to the interface calling authority sent by the management system.

13. An authority determination device for a micro application call interface, provided in a management system, includes:

the calling interface information receiving module is used for receiving calling interface information sent by at least one micro application;

the permission setting module is used for setting interface calling permission according to the first service requirement and calling interface information sent by the at least one micro application;

the permission sending module is used for sending the interface calling permission to a server so as to enable: after receiving a permission updating request sent by a micro application based on a client, a server side permission data table is sent to the micro application, and the micro application determines a permission result corresponding to a micro application calling interface according to the server side permission data table; and the server side authority data table is determined by the server side according to the interface calling authority.

14. A permission determining system of a micro application calling interface is characterized by comprising a client, a server and a management system; wherein,

the client is used for acquiring a first time stamp corresponding to the client permission data table and acquiring a second time stamp corresponding to the server permission data table from the server; judging whether to update the client permission data table according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when operating the server side authority data table; if so, sending an authority updating request to the server to acquire the server authority data table, determining an authority result corresponding to a micro application calling interface according to the server authority data table, and updating the client authority data table according to the server authority data table;

the server is used for responding to a second timestamp acquisition request sent by the client and sending a second timestamp corresponding to the server authority data table to the client; receiving a permission updating request sent by a micro application based on the client; sending the server side authority data table to the client side;

the management system is used for receiving calling interface information sent by at least one micro application; setting interface calling authority according to a first service requirement and calling interface information sent by the at least one micro application; and sending the interface calling authority to a server.

15. An electronic device, comprising:

one or more processors;

a storage device for storing one or more programs,

when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-3, 4-5, 6-10.

16. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method of any one of claims 1-3, 4-5, 6-10.