diff --git a/application/admin/controller/App.php b/application/admin/controller/App.php index e1f6503..6b59d58 100644 --- a/application/admin/controller/App.php +++ b/application/admin/controller/App.php @@ -98,11 +98,12 @@ class App extends Base { 'app_api_show' => '', ]; if (isset($postData['app_api']) && $postData['app_api']) { + $appApi = []; $data['app_api_show'] = json_encode($postData['app_api']); foreach ($postData['app_api'] as $value) { - $data['app_api'] .= implode(',', $value) . ','; + $appApi = array_merge($appApi, $value); } - $data['app_api'] = trim($data['app_api'], ','); + $data['app_api'] = implode(',', $appApi); } $res = ApiApp::create($data); if ($res === false) { @@ -149,11 +150,12 @@ class App extends Base { 'app_api_show' => '', ]; if (isset($postData['app_api']) && $postData['app_api']) { + $appApi = []; $data['app_api_show'] = json_encode($postData['app_api']); foreach ($postData['app_api'] as $value) { - $data['app_api'] .= implode(',', $value) . ','; + $appApi = array_merge($appApi, $value); } - $data['app_api'] = trim($data['app_api'], ','); + $data['app_api'] = implode(',', $appApi); } $res = ApiApp::update($data); if ($res === false) { diff --git a/application/api/behavior/ApiAuth.php b/application/api/behavior/ApiAuth.php index 671cf5b..fc50039 100644 --- a/application/api/behavior/ApiAuth.php +++ b/application/api/behavior/ApiAuth.php @@ -64,7 +64,7 @@ class ApiAuth { * Api接口合法性检测 */ private function checkAccessToken() { - $access_token = $this->request->header(''); + $access_token = $this->request->header('access-token'); if (!isset($access_token) || !$access_token) { return json(['code' => ReturnCode::ACCESS_TOKEN_TIMEOUT, 'msg' => '缺少参数access-token', 'data' => []]); } else { diff --git a/application/api/behavior/ApiPermission.php b/application/api/behavior/ApiPermission.php index ae36c69..da15119 100644 --- a/application/api/behavior/ApiPermission.php +++ b/application/api/behavior/ApiPermission.php @@ -1,6 +1,6 @@ */ @@ -8,23 +8,37 @@ namespace app\api\behavior; -use app\model\ApiFields; -use app\util\ApiLog; use app\util\ReturnCode; -use app\util\DataType; use think\Request; -use think\Validate; class ApiPermission { /** - * 默认行为函数 + * @var Request + */ + private $request; + + /** + * 接口鉴权 + * @return \think\response\Json * @author zhaoxiang - * @return \think\Request - * @throws \think\exception\DbException */ public function run() { + $this->request = Request::instance(); + $hash = $this->request->routeInfo(); + if (isset($hash['rule'][1])) { + $hash = $hash['rule'][1]; + $access_token = $this->request->header('access-token'); + if ($access_token) { + $appInfo = cache($access_token); + $allRules = explode(',', $appInfo['app_api']); + if (!in_array($hash, $allRules)) { + $data = ['code' => ReturnCode::INVALID, 'msg' => '非常抱歉,您没有权限怎么做!', 'data' => []]; + return json($data); + } + } + } } diff --git a/application/api/controller/BuildToken.php b/application/api/controller/BuildToken.php index a756a8c..9a1caa7 100644 --- a/application/api/controller/BuildToken.php +++ b/application/api/controller/BuildToken.php @@ -50,11 +50,11 @@ class BuildToken extends Base { } public function e1() { - return $this->buildSuccess('e1'); + return $this->buildSuccess(['e1']); } public function e2() { - return $this->buildSuccess('e2'); + return $this->buildSuccess(['e2']); } /** diff --git a/application/apiRoute.php b/application/apiRoute.php index e9a5824..98e6158 100644 --- a/application/apiRoute.php +++ b/application/apiRoute.php @@ -5,7 +5,7 @@ \think\Route::miss('api/Index/index'); -$afterBehavior = ['\app\api\behavior\ApiAuth', '\app\api\behavior\RequestFilter']; +$afterBehavior = ['\app\api\behavior\ApiAuth', '\app\api\behavior\ApiPermission', '\app\api\behavior\RequestFilter']; return [ '[api]' => [