diff --git a/application/admin/controller/Menu.php b/application/admin/controller/Menu.php index 938b2ec..c94f496 100644 --- a/application/admin/controller/Menu.php +++ b/application/admin/controller/Menu.php @@ -23,7 +23,7 @@ class Menu extends Base { public function index() { $list = (new AdminMenu)->where([])->order('sort', 'ASC')->select(); $list = Tools::buildArrFromObj($list); - $list = formatTree(listToTree($list)); + $list = Tools::formatTree(Tools::listToTree($list)); return $this->buildSuccess([ 'list' => $list diff --git a/application/admin/controller/Miss.php b/application/admin/controller/Miss.php index c4171ae..4f7a164 100644 --- a/application/admin/controller/Miss.php +++ b/application/admin/controller/Miss.php @@ -2,11 +2,10 @@ namespace app\admin\controller; use app\util\ReturnCode; -use think\facade\Request; class Miss extends Base { public function index() { - if (Request::instance()->isOptions()) { + if ($this->request->isOptions()) { return $this->buildSuccess([]); } else { return $this->buildFailed(ReturnCode::INVALID, '接口地址异常', []); diff --git a/application/http/middleware/AdminAuth.php b/application/http/middleware/AdminAuth.php index fae9399..f231365 100644 --- a/application/http/middleware/AdminAuth.php +++ b/application/http/middleware/AdminAuth.php @@ -2,9 +2,38 @@ namespace app\http\middleware; -class AdminAuth -{ - public function handle($request, \Closure $next) - { +use app\util\ReturnCode; + +class AdminAuth { + + /** + * ApiAuth鉴权 + * @param \think\facade\Request $request + * @param \Closure $next + * @return mixed|\think\response\Json + * @author zhaoxiang + */ + public function handle($request, \Closure $next) { + $header = config('apiadmin.CROSS_DOMAIN'); + $ApiAuth = $request->header('ApiAuth', ''); + if ($ApiAuth) { + $userInfo = cache('Login:' . $ApiAuth); + $userInfo = json_decode($userInfo, true); + if (!$userInfo || !isset($userInfo['id'])) { + return json([ + 'code' => ReturnCode::AUTH_ERROR, + 'msg' => 'ApiAuth不匹配', + 'data' => [] + ])->header($header); + } + + return $next($request); + } else { + return json([ + 'code' => ReturnCode::AUTH_ERROR, + 'msg' => '缺少ApiAuth', + 'data' => [] + ])->header($header); + } } } diff --git a/application/http/middleware/AdminPermission.php b/application/http/middleware/AdminPermission.php index 1259ea2..e73ba68 100644 --- a/application/http/middleware/AdminPermission.php +++ b/application/http/middleware/AdminPermission.php @@ -2,9 +2,106 @@ namespace app\http\middleware; -class AdminPermission -{ - public function handle($request, \Closure $next) - { +use app\model\AdminAuthGroup; +use app\model\AdminAuthGroupAccess; +use app\model\AdminAuthRule; +use app\util\ReturnCode; +use app\util\Tools; + +class AdminPermission { + + /** + * 用户权限检测 + * @param \think\facade\Request $request + * @param \Closure $next + * @return mixed|\think\response\Json + * @throws \think\db\exception\DataNotFoundException + * @throws \think\db\exception\ModelNotFoundException + * @throws \think\exception\DbException + * @author zhaoxiang + */ + public function handle($request, \Closure $next) { + $ApiAuth = $request->header('ApiAuth'); + $userInfo = cache('Login:' . $ApiAuth); + + if (!$userInfo) { + return json([ + 'code' => ReturnCode::INVALID, + 'msg' => '非常抱歉,您的登录状态已丢失或已过期!', + 'data' => [] + ])->header(config('apiAdmin.CROSS_DOMAIN')); + } + + $userInfo = json_decode($userInfo, true); + if (!$this->checkAuth($userInfo['id'], $request->path())) { + return json([ + 'code' => ReturnCode::INVALID, + 'msg' => '非常抱歉,您没有权限这么做!', + 'data' => [] + ])->header(config('apiAdmin.CROSS_DOMAIN')); + } + + return $next($request); } + + /** + * 检测用户权限 + * @param $uid + * @param $route + * @return bool + * @throws \think\db\exception\DataNotFoundException + * @throws \think\db\exception\ModelNotFoundException + * @throws \think\exception\DbException + * @author zhaoxiang + */ + private function checkAuth($uid, $route) { + $isSupper = Tools::isAdministrator($uid); + if (!$isSupper) { + $rules = $this->getAuth($uid); + + return in_array($route, $rules); + } else { + return true; + } + + } + + /** + * 根据用户ID获取全部权限节点 + * @param $uid + * @return array + * @throws \think\db\exception\DataNotFoundException + * @throws \think\db\exception\ModelNotFoundException + * @throws \think\exception\DbException + * @author zhaoxiang + */ + private function getAuth($uid) { + $groups = AdminAuthGroupAccess::get(['uid' => $uid]); + if (isset($groups) && $groups->groupId) { + $openGroup = (new AdminAuthGroup())->whereIn('id', $groups->groupId)->where(['status' => 1])->select(); + if (isset($openGroup)) { + $openGroupArr = []; + foreach ($openGroup as $group) { + $openGroupArr[] = $group->id; + } + $allRules = (new AdminAuthRule())->whereIn('groupId', $openGroupArr)->select(); + if (isset($allRules)) { + $rules = []; + foreach ($allRules as $rule) { + $rules[] = $rule->url; + } + $rules = array_unique($rules); + + return $rules; + } else { + return []; + } + } else { + return []; + } + } else { + return []; + } + } + } diff --git a/application/http/middleware/AdminResponse.php b/application/http/middleware/AdminResponse.php index 8228bc8..3f79fc5 100644 --- a/application/http/middleware/AdminResponse.php +++ b/application/http/middleware/AdminResponse.php @@ -2,9 +2,10 @@ namespace app\http\middleware; -class AdminResponse -{ - public function handle($request, \Closure $next) - { +use think\facade\Config; + +class AdminResponse { + public function handle($request, \Closure $next) { + return $next($request)->header(Config::get('apiadmin.CROSS_DOMAIN')); } } diff --git a/application/util/Tools.php b/application/util/Tools.php index f91fab7..e91ac0c 100644 --- a/application/util/Tools.php +++ b/application/util/Tools.php @@ -112,4 +112,58 @@ class Tools { } return $list; } + + /** + * 把返回的数据集转换成Tree + * @param $list + * @param string $pk + * @param string $pid + * @param string $child + * @param string $root + * @return array + */ + public static function listToTree($list, $pk='id', $pid = 'fid', $child = '_child', $root = '0') { + $tree = array(); + if(is_array($list)) { + $refer = array(); + foreach ($list as $key => $data) { + $refer[$data[$pk]] = &$list[$key]; + } + foreach ($list as $key => $data) { + $parentId = $data[$pid]; + if ($root == $parentId) { + $tree[] = &$list[$key]; + }else{ + if (isset($refer[$parentId])) { + $parent = &$refer[$parentId]; + $parent[$child][] = &$list[$key]; + } + } + } + } + return $tree; + } + + public static function formatTree($list, $lv = 0, $title = 'name'){ + $formatTree = array(); + foreach($list as $key => $val){ + $title_prefix = ''; + for( $i=0;$i<$lv;$i++ ){ + $title_prefix .= "|---"; + } + $val['lv'] = $lv; + $val['namePrefix'] = $lv == 0 ? '' : $title_prefix; + $val['showName'] = $lv == 0 ? $val[$title] : $title_prefix.$val[$title]; + if(!array_key_exists('_child', $val)){ + array_push($formatTree, $val); + }else{ + $child = $val['_child']; + unset($val['_child']); + array_push($formatTree, $val); + $middle = self::formatTree($child, $lv+1, $title); //进行下一层递归 + $formatTree = array_merge($formatTree, $middle); + } + } + return $formatTree; + } } diff --git a/config/app.php b/config/app.php index 3653eeb..bde326a 100644 --- a/config/app.php +++ b/config/app.php @@ -97,7 +97,7 @@ return [ // 是否开启路由延迟解析 'url_lazy_route' => false, // 是否强制使用路由 - 'url_route_must' => false, + 'url_route_must' => true, // 合并路由规则 'route_rule_merge' => false, // 路由是否完全匹配 diff --git a/route/route.php b/route/route.php index 253b6d6..3c2c251 100644 --- a/route/route.php +++ b/route/route.php @@ -11,11 +11,12 @@ use think\facade\Route; -Route::rule('admin/Login/index','admin/Login/index','post'); -Route::rule('admin/Index/upload','admin/Index/upload','post'); -Route::rule('admin/Login/logout','admin/Login/logout','get'); Route::group('admin', function () { + Route::rule('Login/index','admin/Login/index','post'); + Route::rule('Index/upload','admin/Index/upload','post'); + Route::rule('Login/logout','admin/Login/logout','get'); + //大部分控制器的路由都以分组的形式写到这里 Route::group('Menu', [ 'index' => [ @@ -38,7 +39,7 @@ Route::group('admin', function () { 'admin/Menu/del', ['method' => 'get'] ] - ]); + ])->middleware('AdminPermission');; Route::group('User', [ 'index' => [ 'admin/User/index', @@ -68,7 +69,7 @@ Route::group('admin', function () { 'admin/User/del', ['method' => 'get'] ], - ]); + ])->middleware('Auth'); Route::group('Auth', [ 'index' => [ 'admin/Auth/index', @@ -102,7 +103,7 @@ Route::group('admin', function () { 'admin/Auth/getRuleList', ['method' => 'get'] ] - ]); + ])->middleware('Auth'); Route::group('App', [ 'index' => [ 'admin/App/index', @@ -132,7 +133,7 @@ Route::group('admin', function () { 'admin/App/del', ['method' => 'get'] ] - ]); + ])->middleware('Auth'); Route::group('InterfaceList', [ 'index' => [ 'admin/InterfaceList/index', @@ -162,7 +163,7 @@ Route::group('admin', function () { 'admin/InterfaceList/getHash', ['method' => 'get'] ] - ]); + ])->middleware('Auth'); Route::group('Fields', [ 'index' => [ 'admin/Fields/index', @@ -192,7 +193,7 @@ Route::group('admin', function () { 'admin/Fields/upload', ['method' => 'post'] ] - ]); + ])->middleware('Auth'); Route::group('InterfaceGroup', [ 'index' => [ 'admin/InterfaceGroup/index', @@ -218,7 +219,7 @@ Route::group('admin', function () { 'admin/InterfaceGroup/del', ['method' => 'get'] ] - ]); + ])->middleware('Auth'); Route::group('AppGroup', [ 'index' => [ 'admin/AppGroup/index', @@ -244,7 +245,7 @@ Route::group('admin', function () { 'admin/AppGroup/del', ['method' => 'get'] ] - ]); + ])->middleware('Auth'); Route::group('Log', [ 'index' => [ 'admin/Log/index', @@ -254,7 +255,9 @@ Route::group('admin', function () { 'admin/Log/del', ['method' => 'get'] ] - ]); - Route::miss('admin/Miss/index'); -})->middleware('Auth'); + ])->middleware('Auth'); + + //MISS路由定义 + Route::miss('admin/Miss/index'); +})->middleware('AdminResponse');