diff --git a/app/api/ApiController.php b/app/api/ApiController.php new file mode 100644 index 0000000..11876d2 --- /dev/null +++ b/app/api/ApiController.php @@ -0,0 +1,142 @@ + 'lihaioa', + 'iss' => 'ceshi-oa.lihaink.cn', //签发者 可选 + 'aud' => 'lihaioa', //接收该JWT的一方,可选 + 'exptime' => 7 * 86400, //过期时间,这里设置7天 + ]; + + /** + * 构造方法 + * @access public + * @param App $app 应用对象 + */ + public function __construct(App $app) + { + $this->app = $app; + $this->request = $this->app->request; + $this->module = strtolower(app('http')->getName()); + $this->controller = strtolower($this->request->controller()); + $this->action = strtolower($this->request->action()); + $this->uid = 0; + $this->did = 0; + // 控制器初始化 + $this->initialize(); + } + + // 初始化 + protected function initialize() + { + //每页显示数据量 + $this->pageSize = Request::param('page_size', \think\facade\Config::get('app.page_size')); + } + + /** + * Api处理成功结果返回方法 + * @param $message + * @param null $redirect + * @param null $extra + * @return mixed + * @throws ReturnException + */ + protected function apiSuccess($msg = 'success', $data = []) + { + return $this->apiReturn($data, 0, $msg); + } + + /** + * Api处理结果失败返回方法 + * @param $error_code + * @param $message + * @param null $redirect + * @param null $extra + * @return mixed + * @throws ReturnException + */ + protected function apiError($msg = 'fail', $data = [], $code = 1) + { + return $this->apiReturn($data, $code, $msg); + } + + /** + * 返回封装后的API数据到客户端 + * @param mixed $data 要返回的数据 + * @param integer $code 返回的code + * @param mixed $msg 提示信息 + * @param string $type 返回数据格式 + * @param array $header 发送的Header信息 + * @return Response + */ + protected function apiReturn($data, int $code = 0, $msg = '', string $type = '', array $header = []): Response + { + $result = [ + 'code' => $code, + 'msg' => $msg, + 'time' => time(), + 'data' => $data, + ]; + + $type = $type ?: 'json'; + $response = Response::create($result, $type)->header($header); + + throw new HttpResponseException($response); + } + +} diff --git a/app/api/controller/HomeLogin.php b/app/api/controller/HomeLogin.php new file mode 100644 index 0000000..a27a727 --- /dev/null +++ b/app/api/controller/HomeLogin.php @@ -0,0 +1,104 @@ + ['except' => ['login_submit']] + ]; + + /** + * @param $user_id + * @return string + */ + public function getToken($user_id){ + $time = time(); //当前时间 + $conf = $this->jwt_conf; + $token = [ + 'iss' => $conf['iss'], //签发者 可选 + 'aud' => $conf['aud'], //接收该JWT的一方,可选 + 'iat' => $time, //签发时间 + 'nbf' => $time-1 , //(Not Before):某个时间点后才能访问,比如设置time+30,表示当前时间30秒后才能使用 + 'exp' => $time+$conf['exptime'], //过期时间,这里设置2个小时 + 'data' => [ + //自定义信息,不要定义敏感信息 + 'userid' =>$user_id, + ] + ]; + return JWT::encode($token, $conf['secrect'], 'HS256'); //输出Token 默认'HS256' + } + + //提交登录 + public function login_submit() + { + $param = get_params(); + try { + validate(UserCheck::class)->check($param); + } catch (ValidateException $e) { + $this->apiError($e->getError()); + } + $admin = Db::name('Admin')->where(['username' => $param['username']])->find(); + if (empty($admin)) { + $admin = Db::name('Admin')->where(['mobile' => $param['username']])->find(); + if (empty($admin)) { + $this->apiError('用户名或手机号码错误'); + } + } + $param['pwd'] = set_password($param['password'], $admin['salt']); + if ($admin['pwd'] !== $param['pwd']) { + $this->apiError('用户或密码错误'); + } + if ($admin['status'] != 1) { + $this->apiError('该用户禁止登录,请与管理者联系'); + } + $data = [ + 'last_login_time' => time(), + 'last_login_ip' => request()->ip(), + 'login_num' => $admin['login_num'] + 1, + ]; + $res = Db::name('Admin')->where(['id' => $admin['id']])->update($data); + if ($res) { + $logdata = [ + 'uid' => $admin['id'], + 'type' => 'login', + 'action' => '登录', + 'subject' => '系统', + 'param_id'=>$admin['id'], + 'param'=>'[]', + 'ip' => request()->ip(), + 'create_time' => time() + ]; + Db::name('AdminLog')->strict(false)->field(true)->insert($logdata); + $token = self::getToken($admin['id']); + $this->apiSuccess('登录成功', ['token' => $token]); + } + $this->apiError('登录失败'); + } + + //退出登录 + public function login_out() + { + // 前端删除存储的token + $this->apiSuccess('退出成功', $userInfo); + } + +} \ No newline at end of file diff --git a/app/api/controller/User.php b/app/api/controller/User.php deleted file mode 100644 index 3e4e357..0000000 --- a/app/api/controller/User.php +++ /dev/null @@ -1,116 +0,0 @@ - ['except' => ['login']] - ]; - - /** - * @param $user_id - * @return string - */ - public function getToken($user_id){ - $time = time(); //当前时间 - $conf = $this->jwt_conf; - $token = [ - 'iss' => $conf['iss'], //签发者 可选 - 'aud' => $conf['aud'], //接收该JWT的一方,可选 - 'iat' => $time, //签发时间 - 'nbf' => $time-1 , //(Not Before):某个时间点后才能访问,比如设置time+30,表示当前时间30秒后才能使用 - 'exp' => $time+$conf['exptime'], //过期时间,这里设置2个小时 - 'data' => [ - //自定义信息,不要定义敏感信息 - 'userid' =>$user_id, - ] - ]; - return JWT::encode($token, $conf['secrect'], 'HS256'); //输出Token 默认'HS256' - } - - public function login() - { - $param = get_params(); - if (empty($param['username']) || empty($param['password'])) { - $this->apiError('用户名密码不能为空'); - } - // 校验用户名密码 - $user = Db::name('Admin')->where(['username' => $param['username']])->find(); - if (empty($user)) { - $this->apiError('帐号或密码错误'); - } - $param['pwd'] = set_password($param['password'], $user['salt']); - if ($param['pwd'] !== $user['pwd']) { - $this->apiError('帐号或密码错误'); - } - if ($user['status'] == -1) { - $this->apiError('该用户禁止登录,请于平台联系'); - } - $data = [ - 'last_login_time' => time(), - 'last_login_ip' => request()->ip(), - 'login_num' => $user['login_num'] + 1, - ]; - $res = Db::name('Admin')->where(['id' => $user['id']])->update($data); - if ($res) { - $token = self::getToken($user['id']); - $this->apiSuccess('登录成功', ['token' => $token]); - } - } - - public function userinfo(Request $request) - { - $uid = $this->uid; - $userInfo = Db::name('Admin')->where(['id' => $uid])->find(); - $this->apiSuccess('请求成功', ['user' => $userInfo]); - } - - public function editPassword(Request $request) - { - $param = get_params(); - try { - validate(AdminCheck::class)->scene('editPwd')->check($param); - } catch (ValidateException $e) { - // 验证失败 输出错误信息 - $this->apiError($e->getError()); - } - $uid = $this->uid; - - $admin = Db::name('Admin')->where(['id' => $uid])->find(); - $old_psw = set_password($param['old_pwd'], $admin['salt']); - if ($admin['pwd'] != $old_psw) { - $this->apiError('旧密码错误'); - } - - $salt = set_salt(20); - $new_pwd = set_password($param['pwd'], $salt); - $data = [ - 'reg_pwd' => '', - 'salt' => $salt, - 'pwd' => $new_pwd, - 'update_time' => time(), - ]; - Db::name('Admin')->where(['id' => $uid])->strict(false)->field(true)->update($data); - $this->apiSuccess('请求成功', ['user' => $userInfo]); - } -} diff --git a/app/api/middleware/Auth.php b/app/api/middleware/Auth.php index f41507d..567ea30 100644 --- a/app/api/middleware/Auth.php +++ b/app/api/middleware/Auth.php @@ -21,7 +21,12 @@ class Auth if (count(explode('.', $token)) != 3) { return json(['code'=>404,'msg'=>'非法请求']); } - $config = get_system_config('token'); + $config = [ + 'secrect' => 'lihaioa', + 'iss' => 'ceshi-oa.lihaink.cn', + 'aud' => 'lihaioa', + 'exptime' => 7 * 86400, + ]; try { JWT::$leeway = 60;//当前时间减去60,把时间留点余地 $decoded = JWT::decode($token, new Key($config['secrect'], 'HS256')); //HS256方式,这里要和签发的时候对应 diff --git a/app/home/validate/UserCheck.php b/app/home/validate/UserCheck.php index cdc50f9..38d549f 100644 --- a/app/home/validate/UserCheck.php +++ b/app/home/validate/UserCheck.php @@ -14,13 +14,13 @@ class UserCheck extends Validate protected $rule = [ 'username' => 'require', 'password' => 'require', - 'captcha' => 'captcha', + 'captcha' => 'captcha', ]; protected $message = [ 'username.require' => '用户名不能为空', 'password.require' => '密码不能为空', - 'captcha.require' => '验证码不能为空', - 'captcha.captcha' => '验证码不正确', + 'captcha.require' => '验证码不能为空', + 'captcha.captcha' => '验证码不正确', ]; }