mirror of
https://gitee.com/apiadmin/ApiAdmin.git
synced 2025-04-06 03:58:00 +08:00
modified 完成后台接口鉴权
This commit is contained in:
zhaoxiang
parent
0b00e6f4d8
commit
4cf658625f
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/**
|
||||
* 处理app_id接入接口权限
|
||||
* 处理后台接口请求权限
|
||||
* @since 2017-07-25
|
||||
* @author zhaoxiang <zhaoxiang051405@gmail.com>
|
||||
*/
|
||||
@ -8,20 +8,95 @@
|
||||
namespace app\admin\behavior;
|
||||
|
||||
|
||||
use app\model\ApiAuthGroup;
|
||||
use app\model\ApiAuthGroupAccess;
|
||||
use app\model\ApiAuthRule;
|
||||
use app\util\ReturnCode;
|
||||
use app\util\Tools;
|
||||
use think\Request;
|
||||
|
||||
class ApiPermission {
|
||||
|
||||
/**
|
||||
* 默认行为函数
|
||||
* @author zhaoxiang <zhaoxiang051405@gmail.com>
|
||||
* @return \think\Request
|
||||
* 用户权限检测
|
||||
* @return \think\response\Json
|
||||
* @throws \think\db\exception\DataNotFoundException
|
||||
* @throws \think\db\exception\ModelNotFoundException
|
||||
* @throws \think\exception\DbException
|
||||
* @author zhaoxiang <zhaoxiang051405@gmail.com>
|
||||
*/
|
||||
public function run() {
|
||||
$request = Request::instance();
|
||||
$route = $request->routeInfo();
|
||||
$route = $route['route'];
|
||||
$header = config('apiAdmin.CROSS_DOMAIN');
|
||||
$userToken = $request->header('Authorization', '');
|
||||
$userInfo = cache($userToken);
|
||||
$userInfo = json_decode($userInfo, true);
|
||||
if (!$this->checkAuth($userInfo['id'], $route['route'])) {
|
||||
$data = ['code' => ReturnCode::INVALID, 'msg' => '非常抱歉,您没有权限怎么做!', 'data' => []];
|
||||
|
||||
return json($data, 200, $header);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 检测用户权限
|
||||
* @param $uid
|
||||
* @param $route
|
||||
* @return bool
|
||||
* @throws \think\db\exception\DataNotFoundException
|
||||
* @throws \think\db\exception\ModelNotFoundException
|
||||
* @throws \think\exception\DbException
|
||||
* @author zhaoxiang <zhaoxiang051405@gmail.com>
|
||||
*/
|
||||
private function checkAuth($uid, $route) {
|
||||
$isSupper = Tools::isAdministrator($uid);
|
||||
if (!$isSupper) {
|
||||
$rules = $this->getAuth($uid);
|
||||
|
||||
return in_array($route, $rules);
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* 根据用户ID获取全部权限节点
|
||||
* @param $uid
|
||||
* @return array
|
||||
* @throws \think\db\exception\DataNotFoundException
|
||||
* @throws \think\db\exception\ModelNotFoundException
|
||||
* @throws \think\exception\DbException
|
||||
* @author zhaoxiang <zhaoxiang051405@gmail.com>
|
||||
*/
|
||||
private function getAuth($uid) {
|
||||
$groups = ApiAuthGroupAccess::get(['uid' => $uid]);
|
||||
if (isset($groups) && $groups->groupId) {
|
||||
$openGroup = (new ApiAuthGroup())->whereIn('id', $groups->groupId)->where(['status' => 1])->select();
|
||||
if (isset($openGroup)) {
|
||||
$openGroupArr = [];
|
||||
foreach ($openGroup as $group) {
|
||||
$openGroupArr[] = $group->id;
|
||||
}
|
||||
$allRules = (new ApiAuthRule())->whereIn('groupId', $openGroupArr)->select();
|
||||
if (isset($allRules)) {
|
||||
$rules = [];
|
||||
foreach ($allRules as $rule) {
|
||||
$rules[] = $rule->url;
|
||||
}
|
||||
$rules = array_unique($rules);
|
||||
|
||||
return $rules;
|
||||
} else {
|
||||
return [];
|
||||
}
|
||||
} else {
|
||||
return [];
|
||||
}
|
||||
} else {
|
||||
return [];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ class Menu extends Base {
|
||||
* @author zhaoxiang <zhaoxiang051405@gmail.com>
|
||||
*/
|
||||
public function index() {
|
||||
$list = (new ApiMenu)->where([])->order('sort', 'DESC')->select();
|
||||
$list = (new ApiMenu)->where([])->order('sort', 'ASC')->select();
|
||||
$list = $this->buildArrFromObj($list);
|
||||
$list = formatTree(listToTree($list));
|
||||
|
||||
@ -73,6 +73,9 @@ class Menu extends Base {
|
||||
*/
|
||||
public function edit() {
|
||||
$postData = $this->request->post();
|
||||
if ($postData['url']) {
|
||||
$postData['url'] = 'admin/' . $postData['url'];
|
||||
}
|
||||
$res = ApiMenu::update($postData);
|
||||
if ($res === false) {
|
||||
return $this->buildFailed(ReturnCode::DB_SAVE_ERROR, '操作失败');
|
||||
|
||||
@ -14,7 +14,7 @@ return [
|
||||
'APP_NAME' => 'ApiAdmin',
|
||||
|
||||
//鉴权相关
|
||||
'USER_ADMINISTRATOR' => [1, 2],
|
||||
'USER_ADMINISTRATOR' => [1],
|
||||
|
||||
//安全秘钥
|
||||
'AUTH_KEY' => 'I&TC{pft>L,C`wFQ>&#ROW>k{Kxlt1>ryW(>r<#R',
|
||||
|
||||
@ -26,6 +26,13 @@ class Tools {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 二次封装的密码加密
|
||||
* @param $str
|
||||
* @param string $auth_key
|
||||
* @return string
|
||||
* @author zhaoxiang <zhaoxiang051405@gmail.com>
|
||||
*/
|
||||
public static function userMd5($str, $auth_key = '') {
|
||||
if (!$auth_key) {
|
||||
$auth_key = config('apiAdmin.AUTH_KEY');
|
||||
@ -34,4 +41,39 @@ class Tools {
|
||||
return '' === $str ? '' : md5(sha1($str) . $auth_key);
|
||||
}
|
||||
|
||||
}
|
||||
/**
|
||||
* 判断当前用户是否是超级管理员
|
||||
* @param string $uid
|
||||
* @return bool
|
||||
* @author zhaoxiang <zhaoxiang051405@gmail.com>
|
||||
*/
|
||||
public static function isAdministrator($uid = '') {
|
||||
if (!empty($uid)) {
|
||||
$adminConf = config('apiAdmin.USER_ADMINISTRATOR');
|
||||
if (is_array($adminConf)) {
|
||||
if (is_array($uid)) {
|
||||
$m = array_intersect($adminConf, $uid);
|
||||
if (count($m)) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
if (in_array($uid, $adminConf)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (is_array($uid)) {
|
||||
if (in_array($adminConf, $uid)) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
if ($uid == $adminConf) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user