From f62885ed67e0bef97cdf46c448ea4c2561ce6bc0 Mon Sep 17 00:00:00 2001 From: zhaoxiang Date: Sat, 10 Oct 2020 20:13:06 +0800 Subject: [PATCH] =?UTF-8?q?modified=20=E5=AE=8C=E5=96=84=E4=B8=AD=E9=97=B4?= =?UTF-8?q?=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controller/admin/Login.php | 162 +++++++++++++++++++++++++++++ app/middleware/AdminAuth.php | 43 ++++++++ app/middleware/AdminLog.php | 45 ++++++++ app/middleware/AdminPermission.php | 96 +++++++++++++++++ app/middleware/AdminResponse.php | 14 +++ app/middleware/ApiAuth.php | 118 +++++++++++++++++++++ app/middleware/ApiLog.php | 30 ++++++ app/middleware/ApiPermission.php | 32 ++++++ app/middleware/ApiResponse.php | 12 +++ app/middleware/RequestFilter.php | 124 ++++++++++++++++++++++ app/middleware/WikiAuth.php | 46 ++++++++ app/util/RouterTool.php | 10 +- 12 files changed, 727 insertions(+), 5 deletions(-) create mode 100644 app/controller/admin/Login.php create mode 100644 app/middleware/AdminAuth.php create mode 100644 app/middleware/AdminLog.php create mode 100644 app/middleware/AdminPermission.php create mode 100644 app/middleware/AdminResponse.php create mode 100644 app/middleware/ApiAuth.php create mode 100644 app/middleware/ApiLog.php create mode 100644 app/middleware/ApiPermission.php create mode 100644 app/middleware/ApiResponse.php create mode 100644 app/middleware/RequestFilter.php create mode 100644 app/middleware/WikiAuth.php diff --git a/app/controller/admin/Login.php b/app/controller/admin/Login.php new file mode 100644 index 0000000..99594b9 --- /dev/null +++ b/app/controller/admin/Login.php @@ -0,0 +1,162 @@ + + */ + +namespace app\controller\admin; + +use app\model\AdminAuthGroupAccess; +use app\model\AdminAuthRule; +use app\model\AdminMenu; +use app\model\AdminUser; +use app\model\AdminUserData; +use app\util\ReturnCode; +use app\util\RouterTool; +use app\util\Tools; +use think\Response; + +class Login extends Base { + + /** + * 用户登录【账号密码登录】 + * @return \think\Response + * @throws \think\Exception + * @author zhaoxiang + */ + public function index(): Response { + $username = $this->request->post('username'); + $password = $this->request->post('password'); + if (!$username) { + return $this->buildFailed(ReturnCode::LOGIN_ERROR, '缺少用户名!'); + } + if (!$password) { + return $this->buildFailed(ReturnCode::LOGIN_ERROR, '缺少密码!'); + } else { + $password = Tools::userMd5($password); + } + $userInfo = AdminUser::find(['username' => $username, 'password' => $password]); + if (!empty($userInfo)) { + if ($userInfo['status']) { + //更新用户数据 + $userData = $userInfo->userData; + $data = []; + if ($userData) { + $userData->login_times++; + $userData->last_login_ip = $this->request->ip(1); + $userData->last_login_time = time(); + $userData->save(); + } else { + $data['login_times'] = 1; + $data['uid'] = $userInfo['id']; + $data['last_login_ip'] = $this->request->ip(1); + $data['last_login_time'] = time(); + $data['head_img'] = ''; + AdminUserData::create($data); + + $userInfo['userData'] = $data; + } + } else { + return $this->buildFailed(ReturnCode::LOGIN_ERROR, '用户已被封禁,请联系管理员'); + } + } else { + return $this->buildFailed(ReturnCode::LOGIN_ERROR, '用户名密码不正确'); + } + $userInfo['access'] = $this->getAccess($userInfo['id']); + $userInfo['menu'] = $this->getAccessMenu($userInfo['id']); + + $apiAuth = md5(uniqid() . time()); + cache('Login:' . $apiAuth, json_encode($userInfo), config('apiadmin.ONLINE_TIME')); + cache('Login:' . $userInfo['id'], $apiAuth, config('apiadmin.ONLINE_TIME')); + + $userInfo['apiAuth'] = $apiAuth; + + return $this->buildSuccess($userInfo, '登录成功'); + } + + /** + * 获取用户信息 + * @return mixed + * @author zhaoxiang + */ + public function getUserInfo() { + return $this->buildSuccess($this->userInfo); + } + + /** + * 用户登出 + * @return array + * @author zhaoxiang + */ + public function logout() { + $ApiAuth = $this->request->header('ApiAuth'); + cache('Login:' . $ApiAuth, null); + cache('Login:' . $this->userInfo['id'], null); + + return $this->buildSuccess([], '登出成功'); + } + + /** + * 获取当前用户的允许菜单 + * @param int $uid + * @return array + * @throws \think\db\exception\DataNotFoundException + * @throws \think\db\exception\ModelNotFoundException + * @throws \think\exception\DbException + * @author zhaoxiang + */ + public function getAccessMenu($uid = 0) { + if ($uid == 0) { + $uid = $this->userInfo['id']; + } + $returnData = []; + $isSupper = Tools::isAdministrator($uid); + if ($isSupper) { + $access = (new AdminMenu())->where('router', '<>', '')->select(); + $returnData = Tools::listToTree(Tools::buildArrFromObj($access)); + } else { + $groups = AdminAuthGroupAccess::get(['uid' => $uid]); + if (isset($groups) && $groups->group_id) { + $access = (new AdminAuthRule())->whereIn('group_id', $groups->group_id)->select(); + $access = array_unique(array_column(Tools::buildArrFromObj($access), 'url')); + array_push($access, ""); + $menus = (new AdminMenu())->whereIn('url', $access)->where('show', 1)->select(); + $returnData = Tools::listToTree(Tools::buildArrFromObj($menus)); + RouterTool::buildVueRouter($returnData); + } + } + if ($uid == 0) { + return $this->buildSuccess($returnData); + } else { + return $returnData; + } + } + + /** + * 获取用户权限数据 + * @param $uid + * @return array + * @author zhaoxiang + */ + public function getAccess($uid) { + $isSupper = Tools::isAdministrator($uid); + if ($isSupper) { + $access = AdminMenu::all(); + $access = Tools::buildArrFromObj($access); + + return array_values(array_filter(array_column($access, 'url'))); + } else { + $groups = AdminAuthGroupAccess::get(['uid' => $uid]); + if (isset($groups) && $groups->group_id) { + $access = (new AdminAuthRule())->whereIn('group_id', $groups->group_id)->select(); + $access = Tools::buildArrFromObj($access); + + return array_values(array_unique(array_column($access, 'url'))); + } else { + return []; + } + } + } +} diff --git a/app/middleware/AdminAuth.php b/app/middleware/AdminAuth.php new file mode 100644 index 0000000..41788ed --- /dev/null +++ b/app/middleware/AdminAuth.php @@ -0,0 +1,43 @@ + + */ + public function handle($request, \Closure $next): Response { + $header = config('apiadmin.CROSS_DOMAIN'); + $ApiAuth = $request->header('apiAuth', ''); + if ($ApiAuth) { + $userInfo = cache('Login:' . $ApiAuth); + $userInfo = json_decode($userInfo, true); + if (!$userInfo || !isset($userInfo['id'])) { + return json([ + 'code' => ReturnCode::AUTH_ERROR, + 'msg' => 'ApiAuth不匹配', + 'data' => [] + ])->header($header); + } else { + $request->API_ADMIN_USER_INFO = $userInfo; + } + + return $next($request); + } else { + return json([ + 'code' => ReturnCode::AUTH_ERROR, + 'msg' => '缺少ApiAuth', + 'data' => [] + ])->header($header); + } + } +} diff --git a/app/middleware/AdminLog.php b/app/middleware/AdminLog.php new file mode 100644 index 0000000..8e1244c --- /dev/null +++ b/app/middleware/AdminLog.php @@ -0,0 +1,45 @@ + + */ + public function handle($request, \Closure $next): Response { + $userInfo = $request->API_ADMIN_USER_INFO; + $menuInfo = AdminMenu::get(['url' => $request->path()]); + + if ($menuInfo) { + $menuInfo = $menuInfo->toArray(); + } else { + + return json([ + 'code' => ReturnCode::INVALID, + 'msg' => '当前路由非法:' . $request->path(), + 'data' => [] + ])->header(config('apiadmin.CROSS_DOMAIN')); + } + + AdminUserAction::create([ + 'action_name' => $menuInfo['title'], + 'uid' => $userInfo['id'], + 'nickname' => $userInfo['nickname'], + 'add_time' => time(), + 'url' => $request->path(), + 'data' => json_encode($request->param()) + ]); + + return $next($request); + } +} diff --git a/app/middleware/AdminPermission.php b/app/middleware/AdminPermission.php new file mode 100644 index 0000000..e0deb82 --- /dev/null +++ b/app/middleware/AdminPermission.php @@ -0,0 +1,96 @@ + + */ + public function handle($request, \Closure $next): Response { + $userInfo = $request->API_ADMIN_USER_INFO; + + if (!$this->checkAuth($userInfo['id'], $request->path())) { + return json([ + 'code' => ReturnCode::INVALID, + 'msg' => '非常抱歉,您没有权限这么做!', + 'data' => [] + ])->header(config('apiadmin.CROSS_DOMAIN')); + } + + return $next($request); + } + + /** + * 检测用户权限 + * @param $uid + * @param $route + * @return bool + * @throws \think\db\exception\DataNotFoundException + * @throws \think\db\exception\ModelNotFoundException + * @throws \think\exception\DbException + * @author zhaoxiang + */ + private function checkAuth($uid, $route) { + $isSupper = Tools::isAdministrator($uid); + if (!$isSupper) { + $rules = $this->getAuth($uid); + + return in_array($route, $rules); + } else { + return true; + } + } + + /** + * 根据用户ID获取全部权限节点 + * @param $uid + * @return array + * @throws \think\db\exception\DataNotFoundException + * @throws \think\db\exception\ModelNotFoundException + * @throws \think\exception\DbException + * @author zhaoxiang + */ + private function getAuth($uid) { + $groups = AdminAuthGroupAccess::get(['uid' => $uid]); + if (isset($groups) && $groups->group_id) { + $openGroup = (new AdminAuthGroup())->whereIn('id', $groups->group_id)->where(['status' => 1])->select(); + if (isset($openGroup)) { + $openGroupArr = []; + foreach ($openGroup as $group) { + $openGroupArr[] = $group->id; + } + $allRules = (new AdminAuthRule())->whereIn('group_id', $openGroupArr)->select(); + if (isset($allRules)) { + $rules = []; + foreach ($allRules as $rule) { + $rules[] = $rule->url; + } + $rules = array_unique($rules); + + return $rules; + } else { + return []; + } + } else { + return []; + } + } else { + return []; + } + } +} diff --git a/app/middleware/AdminResponse.php b/app/middleware/AdminResponse.php new file mode 100644 index 0000000..40b8946 --- /dev/null +++ b/app/middleware/AdminResponse.php @@ -0,0 +1,14 @@ +header(Config::get('apiadmin.CROSS_DOMAIN')); + } +} diff --git a/app/middleware/ApiAuth.php b/app/middleware/ApiAuth.php new file mode 100644 index 0000000..f923a8e --- /dev/null +++ b/app/middleware/ApiAuth.php @@ -0,0 +1,118 @@ + + */ + public function handle($request, \Closure $next) { + $header = config('apiadmin.CROSS_DOMAIN'); + $apiHash = substr($request->path(), 4); + + if ($apiHash) { + $cached = Cache::has('ApiInfo:' . $apiHash); + if ($cached) { + $apiInfo = Cache::get('ApiInfo:' . $apiHash); + } else { + $apiInfo = AdminList::get(['hash' => $apiHash, 'hash_type' => 2]); + if ($apiInfo) { + $apiInfo = $apiInfo->toArray(); + Cache::rm('ApiInfo:' . $apiInfo['api_class']); + Cache::set('ApiInfo:' . $apiHash, $apiInfo); + } else { + $apiInfo = AdminList::get(['api_class' => $apiHash, 'hash_type' => 1]); + if ($apiInfo) { + $apiInfo = $apiInfo->toArray(); + Cache::rm('ApiInfo:' . $apiInfo['hash']); + Cache::set('ApiInfo:' . $apiHash, $apiInfo); + } else { + return json([ + 'code' => ReturnCode::DB_READ_ERROR, + 'msg' => '获取接口配置数据失败', + 'data' => [] + ])->header($header); + } + } + } + + $accessToken = $request->header('access-token', ''); + if (!$accessToken) { + return json([ + 'code' => ReturnCode::AUTH_ERROR, + 'msg' => '缺少必要参数access-token', + 'data' => [] + ])->header($header); + } + if ($apiInfo['access_token']) { + $appInfo = $this->doCheck($accessToken); + } else { + $appInfo = $this->doEasyCheck($accessToken); + } + if ($appInfo === false) { + return json([ + 'code' => ReturnCode::ACCESS_TOKEN_TIMEOUT, + 'msg' => 'access-token已过期', + 'data' => [] + ])->header($header); + } + + $request->APP_CONF_DETAIL = $appInfo; + $request->API_CONF_DETAIL = $apiInfo; + + return $next($request); + } else { + return json([ + 'code' => ReturnCode::AUTH_ERROR, + 'msg' => '缺少接口Hash', + 'data' => [] + ])->header($header); + } + } + + /** + * 简易鉴权,更具APP_SECRET获取应用信息 + * @param $accessToken + * @return bool|mixed + * @author zhaoxiang + */ + private function doEasyCheck($accessToken) { + $appInfo = cache('AccessToken:Easy:' . $accessToken); + if (!$appInfo) { + $appInfo = AdminApp::get(['app_secret' => $accessToken]); + if (!$appInfo) { + return false; + } else { + $appInfo = $appInfo->toArray(); + cache('AccessToken:Easy:' . $accessToken, $appInfo); + } + } + + return $appInfo; + } + + /** + * 复杂鉴权,需要先通过接口获取AccessToken + * @param $accessToken + * @return bool|mixed + * @author zhaoxiang + */ + private function doCheck($accessToken) { + $appInfo = cache('AccessToken:' . $accessToken); + if (!$appInfo) { + return false; + } else { + return $appInfo; + } + } +} diff --git a/app/middleware/ApiLog.php b/app/middleware/ApiLog.php new file mode 100644 index 0000000..0df9332 --- /dev/null +++ b/app/middleware/ApiLog.php @@ -0,0 +1,30 @@ + + */ + public function handle($request, \Closure $next) { + $response = $next($request); + $requestInfo = $request->param(); + unset($requestInfo['API_CONF_DETAIL']); + unset($requestInfo['APP_CONF_DETAIL']); + + ApiLogTool::setApiInfo($request->API_CONF_DETAIL); + ApiLogTool::setAppInfo($request->APP_CONF_DETAIL); + ApiLogTool::setRequest($requestInfo); + ApiLogTool::setResponse($response->getData(), isset($response->getData()['code']) ? $response->getData()['code'] : 'null'); + ApiLogTool::setHeader($request->header()); + ApiLogTool::save(); + + return $response; + } +} diff --git a/app/middleware/ApiPermission.php b/app/middleware/ApiPermission.php new file mode 100644 index 0000000..7faa80a --- /dev/null +++ b/app/middleware/ApiPermission.php @@ -0,0 +1,32 @@ + + */ + public function handle($request, \Closure $next) { + $header = config('apiadmin.CROSS_DOMAIN'); + $appInfo = $request->APP_CONF_DETAIL; + $apiInfo = $request->API_CONF_DETAIL; + + $allRules = explode(',', $appInfo['app_api']); + if (!in_array($apiInfo['hash'], $allRules)) { + return json([ + 'code' => ReturnCode::INVALID, + 'msg' => '非常抱歉,您没有权限这么做!', + 'data' => [] + ])->header($header); + } + + return $next($request); + } +} diff --git a/app/middleware/ApiResponse.php b/app/middleware/ApiResponse.php new file mode 100644 index 0000000..49a108b --- /dev/null +++ b/app/middleware/ApiResponse.php @@ -0,0 +1,12 @@ +header(Config::get('apiadmin.CROSS_DOMAIN')); + } +} diff --git a/app/middleware/RequestFilter.php b/app/middleware/RequestFilter.php new file mode 100644 index 0000000..6f148ed --- /dev/null +++ b/app/middleware/RequestFilter.php @@ -0,0 +1,124 @@ + + */ + public function handle($request, \Closure $next) { + $apiInfo = $request->API_CONF_DETAIL; + $data = $request->param(); + + $has = Cache::has('RequestFields:NewRule:' . $apiInfo['hash']); + if ($has) { + $newRule = cache('RequestFields:NewRule:' . $apiInfo['hash']); + } else { + $rule = AdminFields::all(['hash' => $apiInfo['hash'], 'type' => 0]); + $newRule = $this->buildValidateRule($rule); + cache('RequestFields:NewRule:' . $apiInfo['hash'], $newRule); + } + + if ($newRule) { + $validate = Validate::make($newRule); + if (!$validate->check($data)) { + return json(['code' => ReturnCode::PARAM_INVALID, 'msg' => $validate->getError(), 'data' => []]); + } + } + + return $next($request); + } + + /** + * 将数据库中的规则转换成TP_Validate使用的规则数组 + * @param array $rule + * @return array + * @author zhaoxiang + */ + public function buildValidateRule($rule = array()) { + $newRule = []; + if ($rule) { + foreach ($rule as $value) { + if ($value['is_must']) { + $newRule[$value['field_name'] . '|' . $value['info']][] = 'require'; + } + switch ($value['data_type']) { + case DataType::TYPE_INTEGER: + $newRule[$value['field_name'] . '|' . $value['info']][] = 'number'; + if ($value['range']) { + $range = htmlspecialchars_decode($value['range']); + $range = json_decode($range, true); + if (isset($range['min'])) { + $newRule[$value['field_name'] . '|' . $value['info']]['egt'] = $range['min']; + } + if (isset($range['max'])) { + $newRule[$value['field_name'] . '|' . $value['info']]['elt'] = $range['max']; + } + } + break; + case DataType::TYPE_STRING: + if ($value['range']) { + $range = htmlspecialchars_decode($value['range']); + $range = json_decode($range, true); + if (isset($range['min'])) { + $newRule[$value['field_name'] . '|' . $value['info']]['min'] = $range['min']; + } + if (isset($range['max'])) { + $newRule[$value['field_name'] . '|' . $value['info']]['max'] = $range['max']; + } + } + break; + case DataType::TYPE_ENUM: + if ($value['range']) { + $range = htmlspecialchars_decode($value['range']); + $range = json_decode($range, true); + $newRule[$value['field_name'] . '|' . $value['info']]['in'] = implode(',', $range); + } + break; + case DataType::TYPE_FLOAT: + $newRule[$value['field_name'] . '|' . $value['info']][] = 'float'; + if ($value['range']) { + $range = htmlspecialchars_decode($value['range']); + $range = json_decode($range, true); + if (isset($range['min'])) { + $newRule[$value['field_name'] . '|' . $value['info']]['egt'] = $range['min']; + } + if (isset($range['max'])) { + $newRule[$value['field_name'] . '|' . $value['info']]['elt'] = $range['max']; + } + } + break; + case DataType::TYPE_ARRAY: + $newRule[$value['field_name']][] = 'array'; + if ($value['range']) { + $range = htmlspecialchars_decode($value['range']); + $range = json_decode($range, true); + if (isset($range['min'])) { + $newRule[$value['field_name'] . '|' . $value['info']]['min'] = $range['min']; + } + if (isset($range['max'])) { + $newRule[$value['field_name'] . '|' . $value['info']]['max'] = $range['max']; + } + } + break; + case DataType::TYPE_MOBILE: + $newRule[$value['field_name'] . '|' . $value['info']]['regex'] = '/^1[3456789]\d{9}$/'; + break; + } + } + } + + return $newRule; + } +} diff --git a/app/middleware/WikiAuth.php b/app/middleware/WikiAuth.php new file mode 100644 index 0000000..f1dc0be --- /dev/null +++ b/app/middleware/WikiAuth.php @@ -0,0 +1,46 @@ + + */ + public function handle($request, \Closure $next) { + $header = config('apiadmin.CROSS_DOMAIN'); + $ApiAuth = $request->header('apiAuth', ''); + if ($ApiAuth) { + $userInfo = cache('Login:' . $ApiAuth); + if (!$userInfo) { + $userInfo = cache('WikiLogin:' . $ApiAuth); + } else { + $userInfo = json_decode($userInfo, true); + $userInfo['app_id'] = -1; + } + if (!$userInfo || !isset($userInfo['id'])) { + return json([ + 'code' => ReturnCode::AUTH_ERROR, + 'msg' => 'ApiAuth不匹配', + 'data' => [] + ])->header($header); + } else { + $request->API_WIKI_USER_INFO = $userInfo; + } + + return $next($request); + } else { + return json([ + 'code' => ReturnCode::AUTH_ERROR, + 'msg' => '缺少ApiAuth', + 'data' => [] + ])->header($header); + } + } +} diff --git a/app/util/RouterTool.php b/app/util/RouterTool.php index dbcbde0..d6ded80 100644 --- a/app/util/RouterTool.php +++ b/app/util/RouterTool.php @@ -91,17 +91,17 @@ class RouterTool { * @author zhaoxiang */ private static function getAdminMiddleware(array $menu): string { - $middle = ['AdminResponse']; + $middle = ['app\middleware\AdminResponse::class']; if ($menu['log']) { - array_unshift($middle, 'AdminLog'); + array_unshift($middle, 'app\middleware\AdminLog::class'); } if ($menu['permission']) { - array_unshift($middle, 'AdminPermission'); + array_unshift($middle, 'app\middleware\AdminPermission::class'); } if ($menu['auth']) { - array_unshift($middle, 'AdminAuth'); + array_unshift($middle, 'app\middleware\AdminAuth::class'); } - return '->middleware(["' . implode('", "', $middle) . '"]);'; + return '->middleware([' . implode(', ', $middle) . ']);'; } }