jiaoyukun/NewDiverseYouthNightSchool
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

原后台特权设置api后台角色管理和权限添加

Browse Source 
api后台接口调用登录验证基类
This commit is contained in:
焦钰锟 2025-03-27 18:06:54 +08:00
parent b2966c0070
commit bf698e858e
15 changed files with 907 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
application/admin/controller/auth/Admin.php
View File

@ -187,7 +187,7 @@ class Admin extends Backend
}
$apigroup = array_intersect($this->childrenApiGroupIds, $group);
$apigroup = array_intersect($this->childrenApiGroupIds, $apigroup);
if (!$apigroup) {
exception(__('The parent group exceeds permission limit'));
}
@ -272,7 +272,7 @@ class Admin extends Backend
exception(__('The parent group exceeds permission limit'));
}
$apigroup = array_intersect($this->childrenApiGroupIds, $group);
$apigroup = array_intersect($this->childrenApiGroupIds, $apigroup);
if (!$apigroup) {
exception(__('The parent group exceeds permission limit'));
}
@ -287,7 +287,7 @@ class Admin extends Backend
$dataset = [];
foreach ($apigroup as $value) {
$dataset[] = ['uid' => $this->model->id, 'group_id' => $value];
$dataset[] = ['uid' => $row->id, 'group_id' => $value];
}
(new \app\admin\model\api\AuthGroupAccess())->saveAll($dataset);

6
application/admin/controller/auth/api/Group.php
View File

@ -36,7 +36,7 @@ class Group extends Backend
parent::_initialize();
$this->model = new AuthGroup;
$this->childrenGroupIds = $this->auth->getChildrenGroupIds(true);
$this->childrenGroupIds = $this->auth->getChildrenApiGroupIds(true);
$groupList = collection(AuthGroup::where('id', 'in', $this->childrenGroupIds)->select())->toArray();
@ -45,7 +45,7 @@ class Group extends Backend
if ($this->auth->isSuperAdmin()) {
$groupList = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0));
} else {
$groups = $this->auth->getGroups();
$groups = $this->auth->getApiGroups();
$groupIds = [];
foreach ($groups as $m => $n) {
if (in_array($n['id'], $groupIds) || in_array($n['pid'], $groupIds)) {
@ -64,7 +64,7 @@ class Group extends Backend
$this->grouplist = $groupList;
$this->groupdata = $groupName;
$this->assignconfig("admin", ['id' => $this->auth->id, 'group_ids' => $this->auth->getGroupIds()]);
$this->assignconfig("admin", ['id' => $this->auth->id, 'group_ids' => $this->auth->getApiGroupIds()]);
$this->view->assign('groupdata', $this->groupdata);
}

19
application/admin/library/Auth.php
View File

@ -637,4 +637,23 @@ class Auth extends \fast\Auth
}
/**
* 获取管理员所属于的分组ID
* @param int $uid
* @return array
*/
public function getApiGroupIds($uid = null)
{
$groups = $this->getApiGroups($uid);
$groupIds = [];
foreach ($groups as $K => $v) {
$groupIds[] = (int)$v['group_id'];
}
return $groupIds;
}
}

19
application/admin/model/Admin.php
View File

@ -20,6 +20,25 @@ class Admin extends Model
'salt'
];
/**
* 获取会员的组别
*/
public function getGroupsAttr($value, $data)
{
$group_ids = \app\admin\model\api\AuthGroupAccess::where("uid", $data['id'])->column("group_id");
if(!$group_ids)return [];
$groups = \app\admin\model\api\AuthGroup::where("id","in",$group_ids)->select();
return $groups;
}
public static function init()
{
self::beforeWrite(function ($row) {

52
application/admin/validate/ApiAuthRule.php Normal file
View File

@ -0,0 +1,52 @@
<?php
namespace app\admin\validate;
use think\Validate;
class ApiAuthRule extends Validate
{
/**
* 正则
*/
protected $regex = ['format' => '[a-z0-9_\/]+'];
/**
* 验证规则
*/
protected $rule = [
'name' => 'require|unique:ApiAuthRule',
'title' => 'require',
];
/**
* 提示消息
*/
protected $message = [
'name.format' => 'URL规则只能是小写字母、数字、下划线和/组成'
];
/**
* 字段描述
*/
protected $field = [
];
/**
* 验证场景
*/
protected $scene = [
];
public function __construct(array $rules = [], $message = [], $field = [])
{
$this->field = [
'name' => __('Name'),
'title' => __('Title'),
];
$this->message['name.format'] = __('Name only supports letters, numbers, underscore and slash');
parent::__construct($rules, $message, $field);
}
}

1
application/adminapi/common.php Normal file
View File

@ -0,0 +1 @@
<?php

6
application/adminapi/config.php Normal file
View File

@ -0,0 +1,6 @@
<?php
//配置文件
return [
'exception_handle' => '\\app\\api\\library\\ExceptionHandle',
];

102
application/adminapi/lang/zh-cn.php Normal file
View File

@ -0,0 +1,102 @@
<?php
return [
'Keep login' => '保持会话',
'Username' => '用户名',
'User id' => '会员ID',
'Nickname' => '昵称',
'Password' => '密码',
'Sign up' => '注 册',
'Sign in' => '登 录',
'Sign out' => '退 出',
'Guest' => '游客',
'Welcome' => '%s你好',
'Add' => '添加',
'Edit' => '编辑',
'Delete' => '删除',
'Move' => '移动',
'Name' => '名称',
'Status' => '状态',
'Weigh' => '权重',
'Operate' => '操作',
'Warning' => '温馨提示',
'Default' => '默认',
'Article' => '文章',
'Page' => '单页',
'OK' => '确定',
'Cancel' => '取消',
'Loading' => '加载中',
'More' => '更多',
'Normal' => '正常',
'Hidden' => '隐藏',
'Submit' => '提交',
'Reset' => '重置',
'Execute' => '执行',
'Close' => '关闭',
'Search' => '搜索',
'Refresh' => '刷新',
'First' => '首页',
'Previous' => '上一页',
'Next' => '下一页',
'Last' => '末页',
'None' => '无',
'Home' => '主页',
'Online' => '在线',
'Logout' => '退出',
'Profile' => '个人资料',
'Index' => '首页',
'Hot' => '热门',
'Recommend' => '推荐',
'Dashboard' => '控制台',
'Code' => '编号',
'Message' => '内容',
'Line' => '行号',
'File' => '文件',
'Menu' => '菜单',
'Type' => '类型',
'Title' => '标题',
'Content' => '内容',
'Append' => '追加',
'Memo' => '备注',
'Parent' => '父级',
'Params' => '参数',
'Permission' => '权限',
'Advance search' => '高级搜索',
'Check all' => '选中全部',
'Expand all' => '展开全部',
'Begin time' => '开始时间',
'End time' => '结束时间',
'Create time' => '创建时间',
'Flag' => '标志',
'Please login first' => '请登录后操作',
'Uploaded successful' => '上传成功',
'You can upload up to %d file%s' => '你最多还可以上传%d个文件',
'You can choose up to %d file%s' => '你最多还可以选择%d个文件',
'Chunk file write error' => '分片写入失败',
'Chunk file info error' => '分片文件错误',
'Chunk file merge error' => '分片合并错误',
'Chunk file disabled' => '未开启分片上传功能',
'Cancel upload' => '取消上传',
'Upload canceled' => '上传已取消',
'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制',
'Uploaded file format is limited' => '上传文件格式受限制',
'Uploaded file is not a valid image' => '上传文件不是有效的图片文件',
'Are you sure you want to cancel this upload?' => '确定取消上传?',
'Remove file' => '移除文件',
'You can only upload a maximum of %s files' => '你最多允许上传 %s 个文件',
'You can\'t upload files of this type' => '不允许上传的文件类型',
'Server responded with %s code' => '服务端响应(Code:%s)',
'File is too big (%sMiB), Max filesize: %sMiB.' => '当前上传(%sM),最大允许上传文件大小:%sM',
'Redirect now' => '立即跳转',
'Operation completed' => '操作成功!',
'Operation failed' => '操作失败!',
'Unknown data format' => '未知的数据格式!',
'Network error' => '网络错误!',
'Advanced search' => '高级搜索',
'Invalid parameters' => '未知参数',
'No results were found' => '记录未找到',
'Parameter %s can not be empty' => '参数%s不能为空',
'You have no permission' => '你没有权限访问',
'An unexpected error occurred' => '发生了一个意外错误,程序猿正在紧急处理中',
'This page will be re-directed in %s seconds' => '页面将在 %s 秒后自动跳转',
];

3
application/adminapi/lang/zh-cn/common.php Normal file
View File

@ -0,0 +1,3 @@
<?php
return [];

7
application/adminapi/lang/zh-cn/csmtable/xc_clogin_api.php Normal file
View File

@ -0,0 +1,7 @@
<?php
return [
'Captcha is incorrect' => '验证码不正确',
'Account is locked' => '账户已经被锁定',
];

39
application/adminapi/lang/zh-cn/user.php Normal file
View File

@ -0,0 +1,39 @@
<?php
return [
'User center' => '会员中心',
'Register' => '注册',
'Login' => '登录',
'Sign up successful' => '注册成功',
'Username can not be empty' => '用户名不能为空',
'Username must be 3 to 30 characters' => '用户名必须3-30个字符',
'Username must be 6 to 30 characters' => '用户名必须6-30个字符',
'Password can not be empty' => '密码不能为空',
'Password must be 6 to 30 characters' => '密码必须6-30个字符',
'Mobile is incorrect' => '手机格式不正确',
'Username already exist' => '用户名已经存在',
'Nickname already exist' => '昵称已经存在',
'Email already exist' => '邮箱已经存在',
'Mobile already exist' => '手机号已经存在',
'Username is incorrect' => '用户名不正确',
'Email is incorrect' => '邮箱不正确',
'Account is locked' => '账户已经被锁定',
'Password is incorrect' => '密码不正确',
'Account is incorrect' => '账户不正确',
'Account not exist' => '账户不存在',
'Account can not be empty' => '账户不能为空',
'Username or password is incorrect' => '用户名或密码不正确',
'You are not logged in' => '你当前还未登录',
'You\'ve logged in, do not login again' => '你已经存在,请不要重复登录',
'Profile' => '个人资料',
'Verify email' => '邮箱验证',
'Change password' => '修改密码',
'Captcha is incorrect' => '验证码不正确',
'Logged in successful' => '登录成功',
'Logout successful' => '退出成功',
'Operation failed' => '操作失败',
'Invalid parameters' => '参数不正确',
'Change password failure' => '修改密码失败',
'Change password successful' => '修改密码成功',
'Reset password successful' => '重置密码成功',
];

21
application/adminapi/lang/zh-cn/xilufitness/xilufitess.php Normal file
View File

@ -0,0 +1,21 @@
<?php
return [
'Params error' => '参数错误',
'Registration login failed' => '注册登录失败',
'Mobile' => '手机号',
'Openid' => '小程序Openid',
'Mobile is already exists' => '手机号已存在',
'Nickname' => '用户昵称',
'Avatar' => '用户头像',
'User_id' => '用户Id',
'Brand_id' => '所属品牌商',
'Order_no' => '订单号',
'Recharge_id' => '充值套餐',
'Pay_amount' => '支付金额',
'Coach_id' => '教练Id',
'Start_at' => '开始时间',
'end_at' => '结束时间',
'Report_description' => '请假事由',
];

465
application/adminapi/library/Auth.php Normal file
View File

@ -0,0 +1,465 @@
<?php
namespace app\api\library;
use app\admin\model\Admin;
use app\admin\model\api\AuthRule;
use app\common\library\Token;
use app\common\model\User;
use fast\Random;
use fast\Tree;
use think\Config;
use think\Cookie;
use think\Hook;
use think\Request;
use think\Session;
use think\Db;
use think\Exception;
use think\Validate;
class Auth
{
protected static $instance = null;
protected $_error = '';
protected $_logined = false;
protected $_user = null;
protected $_token = '';
//Token默认有效时长
protected $keeptime = 2592000;
protected $requestUri = '';
protected $rules = [];
//默认配置
protected $config = [];
protected $options = [];
protected $allowFields = ['id', 'username', 'nickname', 'mobile', 'avatar', 'email'];
public function __construct($options = [])
{
if ($config = Config::get('user')) {
$this->config = array_merge($this->config, $config);
}
$this->options = array_merge($this->config, $options);
}
/**
*
* @param array $options 参数
* @return \app\common\library\Auth
*/
public static function instance($options = [])
{
if (is_null(self::$instance)) {
self::$instance = new static($options);
}
return self::$instance;
}
/**
* 获取User模型
* @return User
*/
public function getUser()
{
return $this->_user;
}
/**
* 兼容调用user模型的属性
*
* @param string $name
* @return mixed
*/
public function __get($name)
{
return $this->_user ? $this->_user->$name : null;
}
/**
* 兼容调用user模型的属性
*/
public function __isset($name)
{
return isset($this->_user) ? isset($this->_user->$name) : false;
}
/**
* 根据Token初始化
*
* @param string $token Token
* @return boolean
*/
public function init($token)
{
if ($this->_logined) {
return true;
}
if ($this->_error) {
return false;
}
$data = Token::get($token);
if (!$data) {
return false;
}
$user_id = intval($data['user_id']);
if ($user_id > 0) {
$user = Admin::get($user_id);
if (!$user) {
$this->setError('Account not exist');
return false;
}
if ($user['status'] != 'normal') {
$this->setError('Account is locked');
return false;
}
$this->_user = $user;
$this->_logined = true;
$this->_token = $token;
//初始化成功的事件
Hook::listen("admin_init_successed", $this->_user);
return true;
} else {
$this->setError('You are not logged in');
return false;
}
}
/**
* 用户登录
*
* @param string $account 账号,用户名、邮箱、手机号
* @param string $password 密码
* @return boolean
*/
public function login($account, $password, $keeptime = NULL)
{
$field = Validate::is($account, 'email') ? 'email' : (Validate::regex($account, '/^1\d{10}$/') ? 'mobile' : 'username');
$admin = Admin::get([$field => $account]);
if (!$admin) {
$this->setError('Account is incorrect');
return false;
}
if ($admin->status != 'normal') {
$this->setError('Account is locked');
return false;
}
if (Config::get('fastadmin.login_failure_retry') && $admin->loginfailure >= 10 && time() - $admin->updatetime < 86400) {
$this->setError('Please try again after 1 day');
return false;
}
if ($admin->password != $this->getEncryptPassword($password, $admin->salt)) {
$admin->loginfailure++;
$admin->save();
$this->setError('Password is incorrect');
return false;
}
$this->keeptime = $keeptime !== NULL ? $keeptime : $this->keeptime;
//直接登录会员
return $this->direct($admin->id);
}
/**
* 退出
*
* @return boolean
*/
public function logout()
{
if (!$this->_logined) {
$this->setError('You are not logged in');
return false;
}
//设置登录标识
$this->_logined = false;
//删除Token
Token::delete($this->_token);
//退出成功的事件
Hook::listen("admin_logout_successed", $this->_user);
return true;
}
/**
* 修改密码
* @param string $newpassword 新密码
* @param string $oldpassword 旧密码
* @param bool $ignoreoldpassword 忽略旧密码
* @return boolean
*/
public function changepwd($newpassword, $oldpassword = '', $ignoreoldpassword = false)
{
if (!$this->_logined) {
$this->setError('You are not logged in');
return false;
}
//判断旧密码是否正确
if ($this->_user->password == $this->getEncryptPassword($oldpassword, $this->_user->salt) || $ignoreoldpassword) {
Db::startTrans();
try {
$salt = Random::alnum();
$newpassword = $this->getEncryptPassword($newpassword, $salt);
$this->_user->save(['loginfailure' => 0, 'password' => $newpassword, 'salt' => $salt]);
Token::delete($this->_token);
//修改密码成功的事件
Hook::listen("admin_changepwd_successed", $this->_user);
Db::commit();
} catch (Exception $e) {
Db::rollback();
$this->setError($e->getMessage());
return false;
}
return true;
} else {
$this->setError('Password is incorrect');
return false;
}
}
/**
* 直接登录账号
* @param int $user_id
* @return boolean
*/
public function direct($user_id)
{
$admin = Admin::get($user_id);
if ($admin) {
Db::startTrans();
try {
$admin->loginfailure = 0;
$admin->logintime = time();
$admin->loginip = request()->ip();
$admin->token = Random::uuid();
$admin->save();
$this->_user = $admin;
$this->_token = $admin->token;
Token::set($this->_token, $admin->id, $this->keeptime);
$this->_logined = true;
//登录成功的事件
Hook::listen("admin_login_successed", $this->_user);
Db::commit();
} catch (Exception $e) {
Db::rollback();
$this->setError($e->getMessage());
return false;
}
return true;
} else {
return false;
}
}
/**
* 获取密码加密后的字符串
* @param string $password 密码
* @param string $salt 密码盐
* @return string
*/
public function getEncryptPassword($password, $salt = '')
{
return md5(md5($password) . $salt);
}
/**
* 判断是否登录
* @return boolean
*/
public function isLogin()
{
if ($this->_logined) {
return true;
}
return false;
}
/**
* 获取当前Token
* @return string
*/
public function getToken()
{
return $this->_token;
}
/**
* 获取会员基本信息
*/
public function getUserinfo()
{
$data = $this->_user->toArray();
$allowFields = $this->getAllowFields();
$userinfo = array_intersect_key($data, array_flip($allowFields));
$userinfo = array_merge($userinfo, Token::get($this->_token));
return $userinfo;
}
/**
* 获取会员组别规则列表
* @return array|bool|\PDOStatement|string|\think\Collection
*/
public function getRuleList()
{
if ($this->rules) {
return $this->rules;
}
$group = $this->_user->groups;
if (!$group) {
return [];
}
$rules = explode(',', $group->rules);
$this->rules = AuthRule::where('status', 'normal')->where('id', 'in', $rules)->field('id,pid,rule_name,name,title,ismenu')->select();
return $this->rules;
}
/**
* 检测是否是否有对应权限
* @param string $path 控制器/方法
* @param string $module 模块 默认为当前模块
* @return boolean
*/
public function check($path = null, $module = null)
{
if (!$this->_logined) {
return false;
}
$ruleList = $this->getRuleList();
$rules = [];
foreach ($ruleList as $k => $v) {
$rules[] = $v['name'];
}
$url = ($module ? $module : request()->module()) . '/' . (is_null($path) ? $this->getRequestUri() : $path);
$url = strtolower(str_replace('.', '/', $url));
return in_array($url, $rules);
}
/**
* 获取当前请求的URI
* @return string
*/
public function getRequestUri()
{
return $this->requestUri;
}
/**
* 设置当前请求的URI
* @param string $uri
*/
public function setRequestUri($uri)
{
$this->requestUri = $uri;
}
/**
* 获取允许输出的字段
* @return array
*/
public function getAllowFields()
{
return $this->allowFields;
}
/**
* 设置允许输出的字段
* @param array $fields
*/
public function setAllowFields($fields)
{
$this->allowFields = $fields;
}
/**
* 检测当前控制器和方法是否匹配传递的数组
*
* @param array $arr 需要验证权限的数组
* @return boolean
*/
public function match($arr = [])
{
$request = Request::instance();
$arr = is_array($arr) ? $arr : explode(',', $arr);
if (!$arr) {
return false;
}
$arr = array_map('strtolower', $arr);
// 是否存在
if (in_array(strtolower($request->action()), $arr) || in_array('*', $arr)) {
return true;
}
// 没找到匹配
return false;
}
/**
* 设置会话有效时间
* @param int $keeptime 默认为永久
*/
public function keeptime($keeptime = 0)
{
$this->keeptime = $keeptime;
}
/**
* 设置错误信息
*
* @param string $error 错误信息
* @return \app\common\library\Auth
*/
public function setError($error)
{
$this->_error = $error;
return $this;
}
/**
* 获取错误信息
* @return string
*/
public function getError()
{
return $this->_error ? __($this->_error) : '';
}
}

37
application/adminapi/library/ExceptionHandle.php Normal file
View File

@ -0,0 +1,37 @@
<?php
namespace app\api\library;
use Exception;
use think\exception\Handle;
/**
* 自定义API模块的错误显示
*/
class ExceptionHandle extends Handle
{
public function render(Exception $e)
{
// 在生产环境下返回code信息
if (!\think\Config::get('app_debug')) {
$statuscode = $code = 500;
$msg = 'An error occurred';
// 验证异常
if ($e instanceof \think\exception\ValidateException) {
$code = 0;
$statuscode = 200;
$msg = $e->getError();
}
// Http异常
if ($e instanceof \think\exception\HttpException) {
$statuscode = $code = $e->getStatusCode();
}
return json(['code' => $code, 'msg' => $msg, 'time' => time(), 'data' => null], $statuscode);
}
//其它此交由系统处理
return parent::render($e);
}
}

130
application/common/controller/AdminApi.php Normal file
View File

@ -0,0 +1,130 @@
<?php
namespace app\common\controller;
use app\common\library\Auth;
use app\common\library\Virtual;
use think\Config;
use think\exception\HttpResponseException;
use think\exception\ValidateException;
use think\Hook;
use think\Lang;
use think\Loader;
use think\Request;
use think\Response;
use think\Route;
use think\Validate;
class AdminApi
{
/**
* @var Request Request 实例
*/
protected $request;
/**
* @var bool 验证失败是否抛出异常
*/
protected $failException = false;
/**
* @var bool 是否批量验证
*/
protected $batchValidate = false;
/**
* @var array 前置操作方法列表
*/
protected $beforeActionList = [];
/**
* 无需登录的方法,同时也就不需要鉴权了
* @var array
*/
protected $noNeedLogin = [];
/**
* 无需鉴权的方法,但需要登录
* @var array
*/
protected $noNeedRight = [];
/**
* 权限Auth
* @var Auth
*/
protected $auth = null;
/**
* 默认响应输出类型,支持json/xml
* @var string
*/
protected $responseType = 'json';
/**
* 构造方法
* @access public
* @param Request $request Request 对象
*/
public function __construct(Request $request = null)
{
$this->request = is_null($request) ? Request::instance() : $request;
// 控制器初始化
$this->_initialize();
// 前置操作方法
if ($this->beforeActionList) {
foreach ($this->beforeActionList as $method => $options) {
is_numeric($method) ?
$this->beforeAction($options) :
$this->beforeAction($method, $options);
}
}
}
protected $needUrlLock = [];
protected function setUrlLock($url_key="",$url_suffix="",$model=null){
if(($this->request->isPost() || (!empty($this->needUrlLock) && in_array($this->request->action(),$this->needUrlLock))) && (!empty($this->model) || $model)){
$user_id = 0;
$user = $this->auth->getUser();//登录用户
if($user)$user_id = $user['id'];
$modulename = $this->request->module();
$controllername = Loader::parseName($this->request->controller());
$actionname = strtolower($this->request->action());
$path = $modulename . '/' . str_replace('.', '/', $controllername) . '/' . $actionname;
if(!$model){
$this->model::$url_lock_key = $url_key ?: $user_id;
$this->model::$url_lock_suffix = $url_suffix ?: $path."lock-suffix";
$this->model::$url_lock = true;
}else{
$model::$url_lock_key = $url_key ?: $user_id;
$model::$url_lock_suffix = $url_suffix ?: $path."lock-suffix";
$model::$url_lock = true;
}
}
}
/**
* 初始化操作
* @access protected
*/
protected function _initialize()
{
//跨域请求检测
check_cors_request();
// 检测IP是否允许
check_ip_allowed();
//移除HTML标签
$this->request->filter('trim,strip_tags,htmlspecialchars');
}
}