Merge branch 'master' of gitee.com:apiadmin/ApiAdmin

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Zhao
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

LICENSE.txt

@@ -1,32 +0,0 @@
-
-ThinkPHP遵循Apache2开源协议发布，并提供免费使用。
-版权所有Copyright © 2006-2016 by ThinkPHP (http://thinkphp.cn)
-All rights reserved。
-ThinkPHP® 商标和著作权所有者为上海顶想信息科技有限公司。
-
-Apache Licence是著名的非盈利开源组织Apache采用的协议。
-该协议和BSD类似，鼓励代码共享和尊重原作者的著作权，
-允许代码修改，再作为开源或商业软件发布。需要满足
-的条件： 
-1． 需要给代码的用户一份Apache Licence ；
-2． 如果你修改了代码，需要在被修改的文件中说明；
-3． 在延伸的代码中（修改和有源代码衍生的代码中）需要
-带有原来代码中的协议，商标，专利声明和其他原来作者规
-定需要包含的说明；
-4． 如果再发布的产品中包含一个Notice文件，则在Notice文
-件中需要带有本协议内容。你可以在Notice中增加自己的
-许可，但不可以表现为对Apache Licence构成更改。 
-具体的协议参考：http://www.apache.org/licenses/LICENSE-2.0
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.

app/controller/admin/Base.php

@@ -57,7 +57,7 @@ class Base extends BaseController {
      * @author zhaoxiang <zhaoxiang051405@gmail.com>
      */
     public function updateUserInfo(array $data, bool $isDetail = false): void {
-        $apiAuth = $this->request->header('apiAuth');
+        $apiAuth = $this->request->header('Api-Auth');
         if ($isDetail) {
             AdminUserData::update($data, ['uid' => $this->userInfo['id']]);
             $this->userInfo['userData'] = (new AdminUserData())->where('uid', $this->userInfo['id'])->find();

app/controller/admin/InterfaceList.php

@@ -150,10 +150,10 @@ class InterfaceList extends Base {
                 $rule->app_api = implode(',', $appApiArr);
 
                 $appApiShowArrOld = json_decode($rule->app_api_show, true);
-                $appApiShowArr = $appApiShowArrOld[$oldInfo->groupHash];
+                $appApiShowArr = $appApiShowArrOld[$oldInfo->group_hash];
                 $appApiShowIndex = array_search($hash, $appApiShowArr);
                 array_splice($appApiShowArr, $appApiShowIndex, 1);
-                $appApiShowArrOld[$oldInfo->groupHash] = $appApiShowArr;
+                $appApiShowArrOld[$oldInfo->group_hash] = $appApiShowArr;
                 $rule->app_api_show = json_encode($appApiShowArrOld);
 
                 $rule->save();

app/middleware/AdminPermission.php

@@ -23,8 +23,8 @@ class AdminPermission {
      */
     public function handle($request, \Closure $next): Response {
         $userInfo = $request->API_ADMIN_USER_INFO;
-
-        if (!$this->checkAuth($userInfo['id'], $request->pathinfo())) {
+        // rule里包含了rule(路由规则), ruoter(完整路由)
+        if (!$this->checkAuth($userInfo['id'], $request->rule()->getRule())) {
             return json([
                 'code' => ReturnCode::INVALID,
                 'msg'  => '非常抱歉，您没有权限这么做！',

app/middleware/ApiAuth.php

@@ -23,7 +23,16 @@ class ApiAuth {
      */
     public function handle($request, \Closure $next) {
         $header = config('apiadmin.CROSS_DOMAIN');
-        $apiHash = substr($request->pathinfo(), 4);
+
+        $pathParam = [];
+        $pathArr = explode('/', $request->pathinfo());
+        $pathArrLen = count($pathArr);
+        for ($index = 0; $index < $pathArrLen; $index += 2) {
+            if ($index + 1 < $pathArrLen) {
+                $pathParam[$pathArr[$index]] = $pathArr[$index + 1];
+            }
+        }
+        $apiHash = $pathParam['api'];
 
         if ($apiHash) {
             $cached = Cache::has('ApiInfo:' . $apiHash);
@@ -53,12 +62,13 @@ class ApiAuth {
 
             $accessToken = $request->header('Access-Token', '');
             if (!$accessToken) {
-                if ($apiInfo['method'] == 2) {
-                    $accessToken = $request->get('Access-Token', '');
-                }
-                if ($apiInfo['method'] == 1) {
-                    $accessToken = $request->post('Access-Token', '');
-                }
+                $accessToken = $request->post('Access-Token', '');
+            }
+            if (!$accessToken) {
+                $accessToken = $request->get('Access-Token', '');
+            }
+            if (!$accessToken && !empty($pathParam['Access-Token'])) {
+                $accessToken = $pathParam['Access-Token'];
             }
             if (!$accessToken) {
                 return json([