修改依赖包,jwt包改为firebase/php-jwt,更新前端layui库为最新的2.7.5版本
This commit is contained in:
hdm
parent
080da63056
commit
32fec7f787
@ -125,8 +125,7 @@
|
||||
success: function (res) {
|
||||
$('#res').html(JSON.stringify(res));
|
||||
layer.msg(res.msg);
|
||||
if (res.code == 1) {
|
||||
token = res.data.token;
|
||||
if (res.code == 0) {
|
||||
layer.close(idx);
|
||||
}
|
||||
}
|
||||
@ -169,7 +168,7 @@
|
||||
success: function (res) {
|
||||
$('#res').html(JSON.stringify(res));
|
||||
layer.msg(res.msg);
|
||||
if (res.code == 1) {
|
||||
if (res.code == 0) {
|
||||
token = res.data.token;
|
||||
layer.close(idx);
|
||||
}
|
||||
|
||||
@ -67,7 +67,7 @@
|
||||
</div>
|
||||
</div>
|
||||
<div class="foot">
|
||||
{:get_system_config('web','copyright')},Powered by GouguCMS
|
||||
{:get_system_config('web','copyright')},勾股CMS - v{:CMS_VERSION},Powered by GouguCMS
|
||||
</div>
|
||||
</div>
|
||||
<script src="{__GOUGU__}/layui/layui.js"></script>
|
||||
|
||||
@ -49,6 +49,16 @@ abstract class BaseController
|
||||
*/
|
||||
protected $pageSize = '';
|
||||
|
||||
/**
|
||||
* jwt配置
|
||||
* @var string
|
||||
*/
|
||||
protected $jwt_conf = [
|
||||
'secrect' => 'gougucms',
|
||||
'iss' => 'www.gougucms.com', //签发者 可选
|
||||
'aud' => 'gougucms', //接收该JWT的一方,可选
|
||||
'exptime' => 7200, //过期时间,这里设置2个小时
|
||||
];
|
||||
/**
|
||||
* 构造方法
|
||||
* @access public
|
||||
@ -58,7 +68,7 @@ abstract class BaseController
|
||||
{
|
||||
$this->app = $app;
|
||||
$this->request = $this->app->request;
|
||||
|
||||
$this->jwt_conf = get_system_config('token');
|
||||
// 控制器初始化
|
||||
$this->initialize();
|
||||
}
|
||||
|
||||
@ -9,7 +9,8 @@ namespace app\api\controller;
|
||||
|
||||
use app\api\BaseController;
|
||||
use app\api\middleware\Auth;
|
||||
use app\api\service\JwtAuth;
|
||||
use Firebase\JWT\JWT;
|
||||
use Firebase\JWT\Key;
|
||||
use think\facade\Db;
|
||||
use think\facade\Request;
|
||||
|
||||
@ -20,9 +21,54 @@ class Index extends BaseController
|
||||
* @var array
|
||||
*/
|
||||
protected $middleware = [
|
||||
Auth::class => ['except' => ['index','login','reg'] ]
|
||||
Auth::class => ['except' => ['index','reg','login'] ]
|
||||
];
|
||||
|
||||
/**
|
||||
* @param $user_id
|
||||
* @return string
|
||||
*/
|
||||
public function getToken($user_id){
|
||||
$time = time(); //当前时间
|
||||
$conf = $this->jwt_conf;
|
||||
$token = [
|
||||
'iss' => $conf['iss'], //签发者 可选
|
||||
'aud' => $conf['aud'], //接收该JWT的一方,可选
|
||||
'iat' => $time, //签发时间
|
||||
'nbf' => $time-1 , //(Not Before):某个时间点后才能访问,比如设置time+30,表示当前时间30秒后才能使用
|
||||
'exp' => $time+$conf['exptime'], //过期时间,这里设置2个小时
|
||||
'data' => [
|
||||
//自定义信息,不要定义敏感信息
|
||||
'userid' =>$user_id,
|
||||
]
|
||||
];
|
||||
return JWT::encode($token, $conf['secrect'], 'HS256'); //输出Token 默认'HS256'
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $token
|
||||
*/
|
||||
public static function checkToken($token){
|
||||
try {
|
||||
JWT::$leeway = 60;//当前时间减去60,把时间留点余地
|
||||
$decoded = JWT::decode($token, self::$config['secrect'], ['HS256']); //HS256方式,这里要和签发的时候对应
|
||||
return (array)$decoded;
|
||||
} catch(\Firebase\JWT\SignatureInvalidException $e) { //签名不正确
|
||||
return json(['code'=>403,'msg'=>'签名错误']);
|
||||
}catch(\Firebase\JWT\BeforeValidException $e) { // 签名在某个时间点之后才能用
|
||||
return json(['code'=>401,'msg'=>'token失效']);
|
||||
}catch(\Firebase\JWT\ExpiredException $e) { // token过期
|
||||
return json(['code'=>401,'msg'=>'token已过期']);
|
||||
}catch(Exception $e) { //其他错误
|
||||
return json(['code'=>404,'msg'=>'非法请求']);
|
||||
}catch(\UnexpectedValueException $e) { //其他错误
|
||||
return json(['code'=>404,'msg'=>'非法请求']);
|
||||
} catch(\DomainException $e) { //其他错误
|
||||
return json(['code'=>404,'msg'=>'非法请求']);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @api {post} /index/index API页面
|
||||
* @apiDescription 返回首页信息
|
||||
@ -73,13 +119,11 @@ class Index extends BaseController
|
||||
'login_num' => $user['login_num'] + 1,
|
||||
];
|
||||
$res = Db::name('user')->where(['id' => $user['id']])->update($data);
|
||||
if($res){
|
||||
//获取jwt的句柄
|
||||
$jwtAuth = JwtAuth::getInstance();
|
||||
$token = $jwtAuth->setUid($user['id'])->encode()->getToken();
|
||||
if ($res) {
|
||||
$token = self::getToken($user['id']);
|
||||
add_user_log('api', '登录');
|
||||
$this->apiSuccess('登录成功',['token' => $token]);
|
||||
}
|
||||
$this->apiSuccess('登录成功', ['token' => $token]);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -113,7 +157,7 @@ class Index extends BaseController
|
||||
$uid = Db::name('User')->strict(false)->field(true)->insertGetId($param);
|
||||
if($uid){
|
||||
add_user_log('api', '注册');
|
||||
$this->apiSuccess('注册成功');
|
||||
$this->apiSuccess('注册成功,请登录');
|
||||
}else{
|
||||
$this->apiError('注册失败');
|
||||
}
|
||||
@ -130,21 +174,8 @@ class Index extends BaseController
|
||||
*/
|
||||
public function demo()
|
||||
{
|
||||
$list = Db::name('Article')->select();
|
||||
$jwtAuth = JwtAuth::getInstance();
|
||||
$uid = $jwtAuth->getUid();
|
||||
$userInfo = Db::name('User')->where(['id' => $uid])->find();
|
||||
add_user_log('api', '测试页面');
|
||||
$this->apiSuccess('请求成功',['list' => $list,'user' => $userInfo]);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取用户id
|
||||
* @return mixed
|
||||
*/
|
||||
protected function getUid()
|
||||
{
|
||||
$jwtAuth = JwtAuth::getInstance();
|
||||
return $jwtAuth->getUid();
|
||||
$uid = JWT_UID;
|
||||
$userInfo = Db::name('User')->where(['id' => $uid])->find();
|
||||
$this->apiSuccess('请求成功', ['user' => $userInfo]);
|
||||
}
|
||||
}
|
||||
|
||||
@ -7,8 +7,8 @@
|
||||
|
||||
namespace app\api\middleware;
|
||||
|
||||
use app\api\service\JwtAuth;
|
||||
use think\exception\HttpResponseException;
|
||||
use Firebase\JWT\JWT;
|
||||
use Firebase\JWT\Key;
|
||||
use think\facade\Request;
|
||||
use think\Response;
|
||||
|
||||
@ -19,44 +19,37 @@ class Auth
|
||||
$token = Request::header('Token');
|
||||
if ($token) {
|
||||
if (count(explode('.', $token)) != 3) {
|
||||
$this->result([], 110, 'token格式错误');
|
||||
}
|
||||
$jwtAuth = JwtAuth::getInstance();
|
||||
$jwtAuth->setToken($token);
|
||||
if ($jwtAuth->validate() && $jwtAuth->verify()) {
|
||||
return $next($request);
|
||||
} else {
|
||||
$this->result([], 111, 'token已过期');
|
||||
return json(['code'=>404,'msg'=>'非法请求']);
|
||||
}
|
||||
$config = get_system_config('token');
|
||||
//var_dump($config);exit;
|
||||
try {
|
||||
JWT::$leeway = 60;//当前时间减去60,把时间留点余地
|
||||
$decoded = JWT::decode($token, new Key($config['secrect'], 'HS256')); //HS256方式,这里要和签发的时候对应
|
||||
//return (array)$decoded;
|
||||
$decoded_array = json_decode(json_encode($decoded),TRUE);
|
||||
$jwt_data = $decoded_array['data'];
|
||||
//$request->uid = $jwt_data['userid'];
|
||||
define('JWT_UID', $jwt_data['userid']);
|
||||
$response = $next($request);
|
||||
return $response;
|
||||
//return $next($request);
|
||||
} catch(\Firebase\JWT\SignatureInvalidException $e) { //签名不正确
|
||||
return json(['code'=>403,'msg'=>'签名错误']);
|
||||
}catch(\Firebase\JWT\BeforeValidException $e) { // 签名在某个时间点之后才能用
|
||||
return json(['code'=>401,'msg'=>'token失效']);
|
||||
}catch(\Firebase\JWT\ExpiredException $e) { // token过期
|
||||
return json(['code'=>401,'msg'=>'token已过期']);
|
||||
}catch(Exception $e) { //其他错误
|
||||
return json(['code'=>404,'msg'=>'非法请求']);
|
||||
}catch(\UnexpectedValueException $e) { //其他错误
|
||||
return json(['code'=>404,'msg'=>'非法请求']);
|
||||
} catch(\DomainException $e) { //其他错误
|
||||
return json(['code'=>404,'msg'=>'非法请求']);
|
||||
}
|
||||
} else {
|
||||
$this->result([], 112, 'token不能为空');
|
||||
return json(['code'=>404,'msg'=>'token不能为空']);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* 返回封装后的API数据到客户端
|
||||
* @param mixed $data 要返回的数据
|
||||
* @param integer $code 返回的code
|
||||
* @param mixed $msg 提示信息
|
||||
* @param string $type 返回数据格式
|
||||
* @param array $header 发送的Header信息
|
||||
* @return Response
|
||||
*/
|
||||
protected function result($data, int $code = 0, $msg = '', string $type = '', array $header = []): Response
|
||||
{
|
||||
$result = [
|
||||
'code' => $code,
|
||||
'msg' => $msg,
|
||||
'time' => time(),
|
||||
'data' => $data,
|
||||
];
|
||||
|
||||
$type = $type ?: 'json';
|
||||
$response = Response::create($result, $type)->header($header);
|
||||
|
||||
throw new HttpResponseException($response);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
@ -1,143 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2021 勾股工作室
|
||||
* @license https://opensource.org/licenses/Apache-2.0
|
||||
* @link https://www.gougucms.com
|
||||
*/
|
||||
|
||||
namespace app\api\service;
|
||||
|
||||
use Lcobucci\JWT\Builder;
|
||||
use Lcobucci\JWT\Parser;
|
||||
use Lcobucci\JWT\Signer\Hmac\Sha256;
|
||||
use Lcobucci\JWT\ValidationData;
|
||||
|
||||
/**
|
||||
* 单例 一次请求中所有出现jwt的地方都是一个用户
|
||||
* Class JwtAuth
|
||||
* @package app\api\service
|
||||
*/
|
||||
class JwtAuth
|
||||
{
|
||||
// jwt token
|
||||
private $token;
|
||||
|
||||
// jwt 过期时间
|
||||
private $expTime = 3600;
|
||||
|
||||
// claim iss 签发组织
|
||||
private $iss = 'wwww.gougucms.com';
|
||||
|
||||
// claim aud签发作者
|
||||
private $aud = 'gougucms';
|
||||
|
||||
// secrect
|
||||
private $secrect = 'GOUGUCMS';
|
||||
|
||||
// claim uid
|
||||
private $uid;
|
||||
|
||||
// decode token
|
||||
private $decodeToken;
|
||||
|
||||
// 单例模式JwtAuth句柄
|
||||
private static $instance;
|
||||
|
||||
// 获取JwtAuth的句柄
|
||||
public static function getInstance()
|
||||
{
|
||||
if (is_null(self::$instance)) {
|
||||
self::$instance = new self();
|
||||
}
|
||||
return self::$instance;
|
||||
}
|
||||
|
||||
// 私有化构造函数
|
||||
public function __construct()
|
||||
{
|
||||
// jwt 过期时间
|
||||
$this->expTime = get_system_config('token','exptime');
|
||||
// claim iss 签发组织
|
||||
$this->iss = get_system_config('token','iss');
|
||||
// claim aud签发作者
|
||||
$this->aud = get_system_config('token','aud');
|
||||
// secrect
|
||||
$this->secrect = get_system_config('token','secrect');
|
||||
}
|
||||
|
||||
// 私有化clone函数
|
||||
private function __clone()
|
||||
{
|
||||
// TODO: Implement __clone() method.
|
||||
}
|
||||
|
||||
// 获取token
|
||||
public function getToken()
|
||||
{
|
||||
return (string) $this->token;
|
||||
}
|
||||
|
||||
// 设置token
|
||||
public function setToken($token)
|
||||
{
|
||||
$this->token = $token;
|
||||
return $this;
|
||||
}
|
||||
|
||||
// 设置uid
|
||||
public function setUid($uid)
|
||||
{
|
||||
$this->uid = $uid;
|
||||
return $this;
|
||||
}
|
||||
|
||||
// 获取uid
|
||||
public function getUid()
|
||||
{
|
||||
return $this->uid;
|
||||
}
|
||||
|
||||
// 编码jwt token
|
||||
public function encode()
|
||||
{
|
||||
$time = time(); //签发时间
|
||||
$this->token = (new Builder())->setHeader('alg', 'HS256')
|
||||
->setIssuer($this->iss)
|
||||
->setAudience($this->aud)
|
||||
->setIssuedAt($time)
|
||||
->setExpiration($time + $this->expTime)
|
||||
->set('uid', $this->uid)
|
||||
->sign(new Sha256(), $this->secrect)
|
||||
->getToken();
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function decode()
|
||||
{
|
||||
if (!$this->decodeToken) {
|
||||
$this->decodeToken = (new Parser())->parse((string) $this->token); // Parses from a string
|
||||
$this->uid = $this->decodeToken->getClaim('uid');
|
||||
}
|
||||
return $this->decodeToken;
|
||||
}
|
||||
|
||||
// validate
|
||||
public function validate()
|
||||
{
|
||||
$data = new ValidationData(); // It will use the current time to validate (iat, nbf and exp)
|
||||
$data->setIssuer($this->iss);
|
||||
$data->setAudience($this->aud);
|
||||
$data->setId($this->uid);
|
||||
|
||||
return $this->decode()->validate($data);
|
||||
}
|
||||
|
||||
// verify token
|
||||
public function verify()
|
||||
{
|
||||
$signer = new Sha256();
|
||||
return $this->decode()->verify($signer, $this->secrect);
|
||||
}
|
||||
|
||||
}
|
||||
@ -27,7 +27,7 @@
|
||||
"topthink/think-view": "^1.0",
|
||||
"topthink/think-captcha": "^3.0",
|
||||
"phpmailer/phpmailer": "^6.6",
|
||||
"lcobucci/jwt": "3.3.3"
|
||||
"firebase/php-jwt": "6.1.2"
|
||||
},
|
||||
"require-dev": {
|
||||
"symfony/var-dumper": "^4.2",
|
||||
|
||||
@ -15,10 +15,10 @@ if (empty(file_exists(__DIR__ . '/../vendor/autoload.php'))) {
|
||||
require __DIR__ . '/../vendor/autoload.php';
|
||||
|
||||
// 定义当前版本号
|
||||
define('CMS_VERSION','3.6.28');
|
||||
define('CMS_VERSION','3.7.25');
|
||||
|
||||
// 定义Layui版本号
|
||||
define('LAYUI_VERSION','2.7.1');
|
||||
define('LAYUI_VERSION','2.7.5');
|
||||
|
||||
// 定义项目目录
|
||||
define('CMS_ROOT', __DIR__ . '/../');
|
||||
|
||||
File diff suppressed because one or more lines are too long
Loading…
x
Reference in New Issue
Block a user