diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..c7c9704 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 Zhao + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/LICENSE.txt b/LICENSE.txt deleted file mode 100644 index 574a39c..0000000 --- a/LICENSE.txt +++ /dev/null @@ -1,32 +0,0 @@ - -ThinkPHP遵循Apache2开源协议发布,并提供免费使用。 -版权所有Copyright © 2006-2016 by ThinkPHP (http://thinkphp.cn) -All rights reserved。 -ThinkPHP® 商标和著作权所有者为上海顶想信息科技有限公司。 - -Apache Licence是著名的非盈利开源组织Apache采用的协议。 -该协议和BSD类似,鼓励代码共享和尊重原作者的著作权, -允许代码修改,再作为开源或商业软件发布。需要满足 -的条件: -1. 需要给代码的用户一份Apache Licence ; -2. 如果你修改了代码,需要在被修改的文件中说明; -3. 在延伸的代码中(修改和有源代码衍生的代码中)需要 -带有原来代码中的协议,商标,专利声明和其他原来作者规 -定需要包含的说明; -4. 如果再发布的产品中包含一个Notice文件,则在Notice文 -件中需要带有本协议内容。你可以在Notice中增加自己的 -许可,但不可以表现为对Apache Licence构成更改。 -具体的协议参考:http://www.apache.org/licenses/LICENSE-2.0 - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. diff --git a/app/controller/admin/Base.php b/app/controller/admin/Base.php index ceeb5f5..5c2a030 100644 --- a/app/controller/admin/Base.php +++ b/app/controller/admin/Base.php @@ -57,7 +57,7 @@ class Base extends BaseController { * @author zhaoxiang */ public function updateUserInfo(array $data, bool $isDetail = false): void { - $apiAuth = $this->request->header('apiAuth'); + $apiAuth = $this->request->header('Api-Auth'); if ($isDetail) { AdminUserData::update($data, ['uid' => $this->userInfo['id']]); $this->userInfo['userData'] = (new AdminUserData())->where('uid', $this->userInfo['id'])->find(); diff --git a/app/controller/admin/InterfaceList.php b/app/controller/admin/InterfaceList.php index 58e701c..4bae376 100644 --- a/app/controller/admin/InterfaceList.php +++ b/app/controller/admin/InterfaceList.php @@ -150,10 +150,10 @@ class InterfaceList extends Base { $rule->app_api = implode(',', $appApiArr); $appApiShowArrOld = json_decode($rule->app_api_show, true); - $appApiShowArr = $appApiShowArrOld[$oldInfo->groupHash]; + $appApiShowArr = $appApiShowArrOld[$oldInfo->group_hash]; $appApiShowIndex = array_search($hash, $appApiShowArr); array_splice($appApiShowArr, $appApiShowIndex, 1); - $appApiShowArrOld[$oldInfo->groupHash] = $appApiShowArr; + $appApiShowArrOld[$oldInfo->group_hash] = $appApiShowArr; $rule->app_api_show = json_encode($appApiShowArrOld); $rule->save(); diff --git a/app/middleware/AdminPermission.php b/app/middleware/AdminPermission.php index 7bdbac1..c1691ad 100644 --- a/app/middleware/AdminPermission.php +++ b/app/middleware/AdminPermission.php @@ -23,8 +23,8 @@ class AdminPermission { */ public function handle($request, \Closure $next): Response { $userInfo = $request->API_ADMIN_USER_INFO; - - if (!$this->checkAuth($userInfo['id'], $request->pathinfo())) { + // rule里包含了rule(路由规则), ruoter(完整路由) + if (!$this->checkAuth($userInfo['id'], $request->rule()->getRule())) { return json([ 'code' => ReturnCode::INVALID, 'msg' => '非常抱歉,您没有权限这么做!', diff --git a/app/middleware/ApiAuth.php b/app/middleware/ApiAuth.php index 3197393..c3e6742 100644 --- a/app/middleware/ApiAuth.php +++ b/app/middleware/ApiAuth.php @@ -23,7 +23,16 @@ class ApiAuth { */ public function handle($request, \Closure $next) { $header = config('apiadmin.CROSS_DOMAIN'); - $apiHash = substr($request->pathinfo(), 4); + + $pathParam = []; + $pathArr = explode('/', $request->pathinfo()); + $pathArrLen = count($pathArr); + for ($index = 0; $index < $pathArrLen; $index += 2) { + if ($index + 1 < $pathArrLen) { + $pathParam[$pathArr[$index]] = $pathArr[$index + 1]; + } + } + $apiHash = $pathParam['api']; if ($apiHash) { $cached = Cache::has('ApiInfo:' . $apiHash); @@ -53,12 +62,13 @@ class ApiAuth { $accessToken = $request->header('Access-Token', ''); if (!$accessToken) { - if ($apiInfo['method'] == 2) { - $accessToken = $request->get('Access-Token', ''); - } - if ($apiInfo['method'] == 1) { - $accessToken = $request->post('Access-Token', ''); - } + $accessToken = $request->post('Access-Token', ''); + } + if (!$accessToken) { + $accessToken = $request->get('Access-Token', ''); + } + if (!$accessToken && !empty($pathParam['Access-Token'])) { + $accessToken = $pathParam['Access-Token']; } if (!$accessToken) { return json([