619 lines
16 KiB
PHP
619 lines
16 KiB
PHP
<?php
|
|
|
|
namespace app\adminapi\library;
|
|
|
|
use app\admin\model\Admin;
|
|
use app\admin\model\api\AuthRule;
|
|
use app\adminapi\model\AuthGroup;
|
|
use app\adminapi\model\AuthGroupAccess;
|
|
use app\common\library\Token;
|
|
use app\common\model\User;
|
|
use fast\Random;
|
|
use fast\Tree;
|
|
use think\Config;
|
|
use think\Cookie;
|
|
use think\Hook;
|
|
use think\Request;
|
|
use think\Session;
|
|
|
|
|
|
use think\Db;
|
|
use think\Exception;
|
|
|
|
use think\Validate;
|
|
|
|
class Auth
|
|
{
|
|
protected static $instance = null;
|
|
protected $_error = '';
|
|
protected $_logined = false;
|
|
protected $_user = null;
|
|
protected $_token = '';
|
|
//Token默认有效时长
|
|
protected $keeptime = 2592000;
|
|
protected $requestUri = '';
|
|
protected $rules = [];
|
|
//默认配置
|
|
protected $config = [];
|
|
protected $options = [];
|
|
protected $breadcrumb = [];
|
|
protected $allowFields = ['id', 'username', 'nickname', 'mobile', 'avatar', 'email'];
|
|
|
|
public function __construct($options = [])
|
|
{
|
|
if ($config = Config::get('user')) {
|
|
$this->config = array_merge($this->config, $config);
|
|
}
|
|
$this->options = array_merge($this->config, $options);
|
|
}
|
|
|
|
|
|
/**
|
|
*
|
|
* @param array $options 参数
|
|
* @return \app\common\library\Auth
|
|
*/
|
|
public static function instance($options = [])
|
|
{
|
|
if (is_null(self::$instance)) {
|
|
self::$instance = new static($options);
|
|
}
|
|
|
|
return self::$instance;
|
|
}
|
|
|
|
|
|
/**
|
|
* 获取User模型
|
|
* @return User
|
|
*/
|
|
public function getUser()
|
|
{
|
|
return $this->_user;
|
|
}
|
|
|
|
/**
|
|
* 兼容调用user模型的属性
|
|
*
|
|
* @param string $name
|
|
* @return mixed
|
|
*/
|
|
public function __get($name)
|
|
{
|
|
return $this->_user ? $this->_user->$name : null;
|
|
}
|
|
|
|
/**
|
|
* 兼容调用user模型的属性
|
|
*/
|
|
public function __isset($name)
|
|
{
|
|
return isset($this->_user) ? isset($this->_user->$name) : false;
|
|
}
|
|
|
|
|
|
public function isSuperAdmin()
|
|
{
|
|
return in_array('*', $this->getRuleIds()) ? true : false;
|
|
}
|
|
|
|
public function getRuleIds($uid=null)
|
|
{
|
|
$uid = is_null($uid) ? $this->id : $uid;
|
|
//读取用户所属用户组
|
|
$groups = $this->getGroups($uid);
|
|
$ids = []; //保存用户所属用户组设置的所有权限规则id
|
|
foreach ($groups as $g) {
|
|
$ids = array_merge($ids, explode(',', trim($g['rules'], ',')));
|
|
}
|
|
$ids = array_unique($ids);
|
|
return $ids;
|
|
}
|
|
|
|
|
|
public function getGroups($uid=null)
|
|
{
|
|
$uid = is_null($uid) ? $this->id : $uid;
|
|
//读取用户所属用户组
|
|
$group_ids = AuthGroupAccess::where("uid",$uid)->column("group_id");
|
|
$groups = [];
|
|
if($group_ids) $groups = AuthGroup::where('id', 'in', $group_ids)->select();
|
|
return $groups;
|
|
}
|
|
|
|
|
|
/**
|
|
* 取出当前管理员所拥有权限的分组
|
|
* @param boolean $withself 是否包含当前所在的分组
|
|
* @return array
|
|
*/
|
|
public function getChildrenGroupIds($withself = false)
|
|
{
|
|
//取出当前管理员所有的分组
|
|
$groups = $this->getGroups();
|
|
$groupIds = [];
|
|
foreach ($groups as $k => $v) {
|
|
$groupIds[] = $v['id'];
|
|
}
|
|
$originGroupIds = $groupIds;
|
|
foreach ($groups as $k => $v) {
|
|
if (in_array($v['pid'], $originGroupIds)) {
|
|
$groupIds = array_diff($groupIds, [$v['id']]);
|
|
unset($groups[$k]);
|
|
}
|
|
}
|
|
// 取出所有分组
|
|
$groupList = \app\adminapi\model\AuthGroup::where($this->isSuperAdmin() ? '1=1' : ['status' => 'normal'])->select();
|
|
$objList = [];
|
|
foreach ($groups as $k => $v) {
|
|
if ($v['rules'] === '*') {
|
|
$objList = $groupList;
|
|
break;
|
|
}
|
|
// 取出包含自己的所有子节点
|
|
$childrenList = Tree::instance()->init($groupList, 'pid')->getChildren($v['id'], true);
|
|
$obj = Tree::instance()->init($childrenList, 'pid')->getTreeArray($v['pid']);
|
|
$objList = array_merge($objList, Tree::instance()->getTreeList($obj));
|
|
}
|
|
$childrenGroupIds = [];
|
|
foreach ($objList as $k => $v) {
|
|
$childrenGroupIds[] = $v['id'];
|
|
}
|
|
if (!$withself) {
|
|
$childrenGroupIds = array_diff($childrenGroupIds, $groupIds);
|
|
}
|
|
return $childrenGroupIds;
|
|
}
|
|
|
|
/**
|
|
* 取出当前管理员所拥有权限的管理员
|
|
* @param boolean $withself 是否包含自身
|
|
* @return array
|
|
*/
|
|
public function getChildrenAdminIds($withself = false)
|
|
{
|
|
$childrenAdminIds = [];
|
|
if (!$this->isSuperAdmin()) {
|
|
$groupIds = $this->getChildrenGroupIds(false);
|
|
$authGroupList = \app\adminapi\model\AuthGroupAccess::field('uid,group_id')
|
|
->where('group_id', 'in', $groupIds)
|
|
->select();
|
|
foreach ($authGroupList as $k => $v) {
|
|
$childrenAdminIds[] = $v['uid'];
|
|
}
|
|
} else {
|
|
//超级管理员拥有所有人的权限
|
|
$childrenAdminIds = Admin::column('id');
|
|
}
|
|
if ($withself) {
|
|
if (!in_array($this->id, $childrenAdminIds)) {
|
|
$childrenAdminIds[] = $this->id;
|
|
}
|
|
} else {
|
|
$childrenAdminIds = array_diff($childrenAdminIds, [$this->id]);
|
|
}
|
|
return $childrenAdminIds;
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
* 根据Token初始化
|
|
*
|
|
* @param string $token Token
|
|
* @return boolean
|
|
*/
|
|
public function init($token)
|
|
{
|
|
if ($this->_logined) {
|
|
return true;
|
|
}
|
|
if ($this->_error) {
|
|
return false;
|
|
}
|
|
$data = Token::get($token);
|
|
if (!$data) {
|
|
return false;
|
|
}
|
|
$user_id = intval($data['user_id']);
|
|
if ($user_id > 0) {
|
|
$user = Admin::get($user_id);
|
|
if (!$user) {
|
|
$this->setError('Account not exist');
|
|
return false;
|
|
}
|
|
if ($user['status'] != 'normal') {
|
|
$this->setError('Account is locked');
|
|
return false;
|
|
}
|
|
$this->_user = $user;
|
|
$this->_logined = true;
|
|
$this->_token = $token;
|
|
|
|
//初始化成功的事件
|
|
Hook::listen("admin_init_successed", $this->_user);
|
|
|
|
return true;
|
|
} else {
|
|
$this->setError('You are not logged in');
|
|
return false;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
* 用户登录
|
|
*
|
|
* @param string $account 账号,用户名、邮箱、手机号
|
|
* @param string $password 密码
|
|
* @return boolean
|
|
*/
|
|
public function login($account, $password, $keeptime = NULL)
|
|
{
|
|
$field = Validate::is($account, 'email') ? 'email' : (Validate::regex($account, '/^1\d{10}$/') ? 'mobile' : 'username');
|
|
$admin = Admin::get([$field => $account]);
|
|
if (!$admin) {
|
|
$this->setError('Account is incorrect');
|
|
return false;
|
|
}
|
|
|
|
if ($admin->status != 'normal') {
|
|
$this->setError('Account is locked');
|
|
return false;
|
|
}
|
|
|
|
if (Config::get('fastadmin.login_failure_retry') && $admin->loginfailure >= 10 && time() - $admin->updatetime < 86400) {
|
|
$this->setError('Please try again after 1 day');
|
|
return false;
|
|
}
|
|
if ($admin->password != $this->getEncryptPassword($password, $admin->salt)) {
|
|
$admin->loginfailure++;
|
|
$admin->save();
|
|
$this->setError('Password is incorrect');
|
|
return false;
|
|
}
|
|
$this->keeptime = $keeptime !== NULL ? $keeptime : $this->keeptime;
|
|
|
|
//直接登录会员
|
|
return $this->direct($admin->id);
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* 退出
|
|
*
|
|
* @return boolean
|
|
*/
|
|
public function logout()
|
|
{
|
|
if (!$this->_logined) {
|
|
$this->setError('You are not logged in');
|
|
return false;
|
|
}
|
|
//设置登录标识
|
|
$this->_logined = false;
|
|
//删除Token
|
|
Token::delete($this->_token);
|
|
//退出成功的事件
|
|
Hook::listen("admin_logout_successed", $this->_user);
|
|
return true;
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* 修改密码
|
|
* @param string $newpassword 新密码
|
|
* @param string $oldpassword 旧密码
|
|
* @param bool $ignoreoldpassword 忽略旧密码
|
|
* @return boolean
|
|
*/
|
|
public function changepwd($newpassword, $oldpassword = '', $ignoreoldpassword = false)
|
|
{
|
|
if (!$this->_logined) {
|
|
$this->setError('You are not logged in');
|
|
return false;
|
|
}
|
|
//判断旧密码是否正确
|
|
if ($this->_user->password == $this->getEncryptPassword($oldpassword, $this->_user->salt) || $ignoreoldpassword) {
|
|
Db::startTrans();
|
|
try {
|
|
$salt = Random::alnum();
|
|
$newpassword = $this->getEncryptPassword($newpassword, $salt);
|
|
$this->_user->save(['loginfailure' => 0, 'password' => $newpassword, 'salt' => $salt]);
|
|
|
|
Token::delete($this->_token);
|
|
//修改密码成功的事件
|
|
Hook::listen("admin_changepwd_successed", $this->_user);
|
|
Db::commit();
|
|
} catch (Exception $e) {
|
|
Db::rollback();
|
|
$this->setError($e->getMessage());
|
|
return false;
|
|
}
|
|
return true;
|
|
} else {
|
|
$this->setError('Password is incorrect');
|
|
return false;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
* 直接登录账号
|
|
* @param int $user_id
|
|
* @return boolean
|
|
*/
|
|
public function direct($user_id)
|
|
{
|
|
$admin = Admin::get($user_id);
|
|
if ($admin) {
|
|
Db::startTrans();
|
|
try {
|
|
|
|
|
|
$admin->loginfailure = 0;
|
|
$admin->logintime = time();
|
|
$admin->loginip = request()->ip();
|
|
$admin->token = Random::uuid();
|
|
$admin->save();
|
|
|
|
$this->_user = $admin;
|
|
|
|
$this->_token = $admin->token;
|
|
Token::set($this->_token, $admin->id, $this->keeptime);
|
|
|
|
$this->_logined = true;
|
|
|
|
//登录成功的事件
|
|
Hook::listen("admin_login_successed", $this->_user);
|
|
Db::commit();
|
|
} catch (Exception $e) {
|
|
Db::rollback();
|
|
$this->setError($e->getMessage());
|
|
return false;
|
|
}
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* 获取密码加密后的字符串
|
|
* @param string $password 密码
|
|
* @param string $salt 密码盐
|
|
* @return string
|
|
*/
|
|
public function getEncryptPassword($password, $salt = '')
|
|
{
|
|
return md5(md5($password) . $salt);
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
* 判断是否登录
|
|
* @return boolean
|
|
*/
|
|
public function isLogin()
|
|
{
|
|
if ($this->_logined) {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* 获取当前Token
|
|
* @return string
|
|
*/
|
|
public function getToken()
|
|
{
|
|
return $this->_token;
|
|
}
|
|
|
|
/**
|
|
* 获取会员基本信息
|
|
*/
|
|
public function getUserinfo()
|
|
{
|
|
$data = $this->_user->toArray();
|
|
$allowFields = $this->getAllowFields();
|
|
$userinfo = array_intersect_key($data, array_flip($allowFields));
|
|
$userinfo = array_merge($userinfo, Token::get($this->_token));
|
|
return $userinfo;
|
|
}
|
|
|
|
|
|
/**
|
|
* 获取会员组别规则列表
|
|
* @return array|bool|\PDOStatement|string|\think\Collection
|
|
*/
|
|
public function getRuleList()
|
|
{
|
|
if ($this->rules) {
|
|
return $this->rules;
|
|
}
|
|
$groups = $this->_user->groups;
|
|
if (!$groups) {
|
|
return [];
|
|
}
|
|
$rules = [];
|
|
foreach ($groups as $group){
|
|
$rules = array_merge($rules, explode(',', $group->rules));
|
|
}
|
|
if(in_array('*',$rules)){
|
|
$this->rules = AuthRule::where('status', 'normal')->field('id,pid,rule_name,name,title,ismenu')->select();
|
|
}else{
|
|
$this->rules = AuthRule::where('status', 'normal')->where('id', 'in', $rules)->field('id,pid,rule_name,name,title,ismenu')->select();
|
|
}
|
|
|
|
return $this->rules;
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* 检测是否是否有对应权限
|
|
* @param string $path 控制器/方法
|
|
* @param string $module 模块 默认为当前模块
|
|
* @return boolean
|
|
*/
|
|
public function check($path = null, $module = null)
|
|
{
|
|
if (!$this->_logined) {
|
|
return false;
|
|
}
|
|
$ruleList = $this->getRuleList();
|
|
$rules = [];
|
|
foreach ($ruleList as $k => $v) {
|
|
$rules[] = $v['name'];
|
|
}
|
|
// var_dump($path,$rules,in_array($path, $rules));
|
|
// var_dump($rules);
|
|
// $url = ($module ? $module : request()->module()) . '/' . (is_null($path) ? $this->getRequestUri() : $path);
|
|
$url = (is_null($path) ? $this->getRequestUri() : $path);
|
|
$url = strtolower(str_replace('.', '/', $url));
|
|
return in_array($url, $rules);
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* 获取当前请求的URI
|
|
* @return string
|
|
*/
|
|
public function getRequestUri()
|
|
{
|
|
return $this->requestUri;
|
|
}
|
|
|
|
/**
|
|
* 设置当前请求的URI
|
|
* @param string $uri
|
|
*/
|
|
public function setRequestUri($uri)
|
|
{
|
|
$this->requestUri = $uri;
|
|
}
|
|
|
|
/**
|
|
* 获取允许输出的字段
|
|
* @return array
|
|
*/
|
|
public function getAllowFields()
|
|
{
|
|
return $this->allowFields;
|
|
}
|
|
|
|
/**
|
|
* 设置允许输出的字段
|
|
* @param array $fields
|
|
*/
|
|
public function setAllowFields($fields)
|
|
{
|
|
$this->allowFields = $fields;
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* 检测当前控制器和方法是否匹配传递的数组
|
|
*
|
|
* @param array $arr 需要验证权限的数组
|
|
* @return boolean
|
|
*/
|
|
public function match($arr = [])
|
|
{
|
|
$request = Request::instance();
|
|
$arr = is_array($arr) ? $arr : explode(',', $arr);
|
|
if (!$arr) {
|
|
return false;
|
|
}
|
|
$arr = array_map('strtolower', $arr);
|
|
// 是否存在
|
|
if (in_array(strtolower($request->action()), $arr) || in_array('*', $arr)) {
|
|
return true;
|
|
}
|
|
|
|
// 没找到匹配
|
|
return false;
|
|
}
|
|
|
|
|
|
/**
|
|
* 设置会话有效时间
|
|
* @param int $keeptime 默认为永久
|
|
*/
|
|
public function keeptime($keeptime = 0)
|
|
{
|
|
$this->keeptime = $keeptime;
|
|
}
|
|
|
|
/**
|
|
* 设置错误信息
|
|
*
|
|
* @param string $error 错误信息
|
|
* @return \app\common\library\Auth
|
|
*/
|
|
public function setError($error)
|
|
{
|
|
$this->_error = $error;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* 获取错误信息
|
|
* @return string
|
|
*/
|
|
public function getError()
|
|
{
|
|
return $this->_error ? __($this->_error) : '';
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* 获得面包屑导航
|
|
* @param string $path
|
|
* @return array
|
|
*/
|
|
public function getBreadCrumb($path = '')
|
|
{
|
|
if ($this->breadcrumb || !$path) {
|
|
return $this->breadcrumb;
|
|
}
|
|
$titleArr = [];
|
|
$menuArr = [];
|
|
$urlArr = explode('/', $path);
|
|
foreach ($urlArr as $index => $item) {
|
|
$pathArr[implode('/', array_slice($urlArr, 0, $index + 1))] = $index;
|
|
}
|
|
if (!$this->rules && $this->id) {
|
|
$this->getRuleList();
|
|
}
|
|
foreach ($this->rules as $rule) {
|
|
if (isset($pathArr[$rule['name']])) {
|
|
$rule['title'] = __($rule['title']);
|
|
$rule['url'] = url($rule['name']);
|
|
$titleArr[$pathArr[$rule['name']]] = $rule['title'];
|
|
$menuArr[$pathArr[$rule['name']]] = $rule;
|
|
}
|
|
}
|
|
ksort($menuArr);
|
|
$this->breadcrumb = $menuArr;
|
|
return $this->breadcrumb;
|
|
}
|
|
|
|
} |