From 059e21ba437f9b4a387af39a71d02c875370e64b Mon Sep 17 00:00:00 2001
From: yaooo <272523191@qq.com>
Date: Fri, 27 Oct 2023 16:34:12 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E7=94=A8=E6=88=B7=E7=99=BB?=
 =?UTF-8?q?=E5=BD=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/api/ApiController.php        | 142 +++++++++++++++++++++++++++++++
 app/api/controller/HomeLogin.php | 104 ++++++++++++++++++++++
 app/api/controller/User.php      | 116 -------------------------
 app/api/middleware/Auth.php      |   7 +-
 app/home/validate/UserCheck.php  |   6 +-
 5 files changed, 255 insertions(+), 120 deletions(-)
 create mode 100644 app/api/ApiController.php
 create mode 100644 app/api/controller/HomeLogin.php
 delete mode 100644 app/api/controller/User.php

diff --git a/app/api/ApiController.php b/app/api/ApiController.php
new file mode 100644
index 0000000..11876d2
--- /dev/null
+++ b/app/api/ApiController.php
@@ -0,0 +1,142 @@
+<?php
+/**
+ * @copyright Copyright (c) 2021 勾股工作室
+ * @license https://opensource.org/licenses/GPL-3.0
+ * @link https://www.gougucms.com
+ */
+
+declare (strict_types = 1);
+
+namespace app\api;
+
+use think\App;
+use think\exception\HttpResponseException;
+use think\facade\Request;
+use think\facade\Session;
+use think\facade\View;
+use think\facade\Db;
+use think\Response;
+
+/**
+ * 控制器基础类
+ */
+abstract class ApiController
+{
+    /**
+     * Request实例
+     * @var \think\Request
+     */
+    protected $request;
+
+    /**
+     * 应用实例
+     * @var \think\App
+     */
+    protected $app;
+
+    /**
+     * 是否批量验证
+     * @var bool
+     */
+    protected $batchValidate = false;
+
+    /**
+     * 控制器中间件
+     * @var array
+     */
+    protected $middleware = [];
+
+    /**
+     * 分页数量
+     * @var string
+     */
+    protected $pageSize = '';
+
+    /**
+     * jwt配置
+     * @var string
+     */
+    protected $jwt_conf = [
+        'secrect' => 'lihaioa',
+        'iss'     => 'ceshi-oa.lihaink.cn', //签发者 可选
+        'aud'     => 'lihaioa', //接收该JWT的一方，可选
+        'exptime' => 7 * 86400, //过期时间,这里设置7天
+    ];
+
+    /**
+     * 构造方法
+     * @access public
+     * @param  App $app 应用对象
+     */
+    public function __construct(App $app)
+    {
+        $this->app = $app;
+        $this->request = $this->app->request;
+        $this->module = strtolower(app('http')->getName());
+        $this->controller = strtolower($this->request->controller());
+        $this->action = strtolower($this->request->action());
+        $this->uid = 0;
+        $this->did = 0;
+        // 控制器初始化
+        $this->initialize();
+    }
+
+    // 初始化
+    protected function initialize()
+    {
+        //每页显示数据量
+        $this->pageSize = Request::param('page_size', \think\facade\Config::get('app.page_size'));
+    }
+
+    /**
+     * Api处理成功结果返回方法
+     * @param      $message
+     * @param null $redirect
+     * @param null $extra
+     * @return mixed
+     * @throws ReturnException
+     */
+    protected function apiSuccess($msg = 'success', $data = [])
+    {
+        return $this->apiReturn($data, 0, $msg);
+    }
+
+    /**
+     * Api处理结果失败返回方法
+     * @param      $error_code
+     * @param      $message
+     * @param null $redirect
+     * @param null $extra
+     * @return mixed
+     * @throws ReturnException
+     */
+    protected function apiError($msg = 'fail', $data = [], $code = 1)
+    {
+        return $this->apiReturn($data, $code, $msg);
+    }
+
+    /**
+     * 返回封装后的API数据到客户端
+     * @param  mixed   $data 要返回的数据
+     * @param  integer $code 返回的code
+     * @param  mixed   $msg 提示信息
+     * @param  string  $type 返回数据格式
+     * @param  array   $header 发送的Header信息
+     * @return Response
+     */
+    protected function apiReturn($data, int $code = 0, $msg = '', string $type = '', array $header = []): Response
+    {
+        $result = [
+            'code' => $code,
+            'msg' => $msg,
+            'time' => time(),
+            'data' => $data,
+        ];
+
+        $type = $type ?: 'json';
+        $response = Response::create($result, $type)->header($header);
+
+        throw new HttpResponseException($response);
+    }
+
+}
diff --git a/app/api/controller/HomeLogin.php b/app/api/controller/HomeLogin.php
new file mode 100644
index 0000000..a27a727
--- /dev/null
+++ b/app/api/controller/HomeLogin.php
@@ -0,0 +1,104 @@
+<?php
+/**
+ * @copyright Copyright (c) 2021 勾股工作室
+ * @license https://opensource.org/licenses/GPL-3.0
+ * @link https://www.gougucms.com
+ */
+
+declare (strict_types = 1);
+
+namespace app\api\controller;
+
+use app\api\ApiController;
+use app\api\middleware\Auth;
+use app\home\validate\UserCheck;
+use think\exception\ValidateException;
+use think\facade\Db;
+use think\facade\Session;
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use think\facade\Request;
+
+
+class HomeLogin extends ApiController
+{
+    protected $middleware = [
+    	Auth::class => ['except' => ['login_submit']]
+    ];
+
+    /**
+     * @param $user_id
+     * @return string
+     */
+    public function getToken($user_id){
+        $time = time(); //当前时间
+		$conf = $this->jwt_conf;
+        $token = [
+            'iss' => $conf['iss'], //签发者 可选
+            'aud' => $conf['aud'], //接收该JWT的一方，可选
+            'iat' => $time, //签发时间
+            'nbf' => $time-1 , //(Not Before)：某个时间点后才能访问，比如设置time+30，表示当前时间30秒后才能使用
+            'exp' => $time+$conf['exptime'], //过期时间,这里设置2个小时
+            'data' => [
+                //自定义信息，不要定义敏感信息
+                'userid' =>$user_id,
+            ]
+        ];
+        return JWT::encode($token, $conf['secrect'], 'HS256'); //输出Token  默认'HS256'
+    }
+
+    //提交登录
+    public function login_submit()
+    {
+        $param = get_params();
+        try {
+            validate(UserCheck::class)->check($param);
+        } catch (ValidateException $e) {
+            $this->apiError($e->getError());
+        }
+        $admin = Db::name('Admin')->where(['username' => $param['username']])->find();
+        if (empty($admin)) {
+            $admin = Db::name('Admin')->where(['mobile' => $param['username']])->find();
+            if (empty($admin)) {
+                $this->apiError('用户名或手机号码错误');
+            }
+        }
+        $param['pwd'] = set_password($param['password'], $admin['salt']);
+        if ($admin['pwd'] !== $param['pwd']) {
+            $this->apiError('用户或密码错误');
+        }
+        if ($admin['status'] != 1) {
+            $this->apiError('该用户禁止登录,请与管理者联系');
+        }
+        $data = [
+            'last_login_time' => time(),
+            'last_login_ip' => request()->ip(),
+            'login_num' => $admin['login_num'] + 1,
+        ];
+        $res = Db::name('Admin')->where(['id' => $admin['id']])->update($data);
+        if ($res) {
+            $logdata = [
+                'uid' => $admin['id'],
+                'type' => 'login',
+                'action' => '登录',
+                'subject' => '系统',
+                'param_id'=>$admin['id'],
+                'param'=>'[]',
+                'ip' => request()->ip(),
+                'create_time' => time()
+            ];
+            Db::name('AdminLog')->strict(false)->field(true)->insert($logdata);
+            $token = self::getToken($admin['id']);
+            $this->apiSuccess('登录成功', ['token' => $token]);
+        }
+        $this->apiError('登录失败');
+    }
+
+    //退出登录
+    public function login_out()
+    {
+        // 前端删除存储的token
+        $this->apiSuccess('退出成功', $userInfo);
+    }
+
+}
\ No newline at end of file
diff --git a/app/api/controller/User.php b/app/api/controller/User.php
deleted file mode 100644
index 3e4e357..0000000
--- a/app/api/controller/User.php
+++ /dev/null
@@ -1,116 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2021 勾股工作室
- * @license https://opensource.org/licenses/Apache-2.0
- * @link https://www.gougucms.com
- */
-declare (strict_types = 1);
-namespace app\api\controller;
-
-use app\api\BaseController;
-use app\api\middleware\Auth;
-use app\user\validate\AdminCheck;
-use Firebase\JWT\JWT;
-use Firebase\JWT\Key;
-use think\facade\Db;
-use think\facade\Request;
-use think\exception\ValidateException;
-
-
-class User extends BaseController
-{
-    /**
-     * 控制器中间件 [登录不需要鉴权]
-     * @var array
-     */
-	protected $middleware = [
-    	Auth::class => ['except' => ['login']]
-    ];
-
-    /**
-     * @param $user_id
-     * @return string
-     */
-    public function getToken($user_id){
-        $time = time(); //当前时间
-		$conf = $this->jwt_conf;
-        $token = [
-            'iss' => $conf['iss'], //签发者 可选
-            'aud' => $conf['aud'], //接收该JWT的一方，可选
-            'iat' => $time, //签发时间
-            'nbf' => $time-1 , //(Not Before)：某个时间点后才能访问，比如设置time+30，表示当前时间30秒后才能使用
-            'exp' => $time+$conf['exptime'], //过期时间,这里设置2个小时
-            'data' => [
-                //自定义信息，不要定义敏感信息
-                'userid' =>$user_id,
-            ]
-        ];
-        return JWT::encode($token, $conf['secrect'], 'HS256'); //输出Token  默认'HS256'
-    }
-
-    public function login()
-    {
-        $param = get_params();
-        if (empty($param['username']) || empty($param['password'])) {
-            $this->apiError('用户名密码不能为空');
-        }
-        // 校验用户名密码
-        $user = Db::name('Admin')->where(['username' => $param['username']])->find();
-        if (empty($user)) {
-            $this->apiError('帐号或密码错误');
-        }
-        $param['pwd'] = set_password($param['password'], $user['salt']);
-        if ($param['pwd'] !== $user['pwd']) {
-            $this->apiError('帐号或密码错误');
-        }
-        if ($user['status'] == -1) {
-            $this->apiError('该用户禁止登录,请于平台联系');
-        }
-        $data = [
-            'last_login_time' => time(),
-            'last_login_ip' => request()->ip(),
-            'login_num' => $user['login_num'] + 1,
-        ];
-        $res = Db::name('Admin')->where(['id' => $user['id']])->update($data);
-        if ($res) {
-            $token = self::getToken($user['id']);
-            $this->apiSuccess('登录成功', ['token' => $token]);
-        }
-    }
-    
-    public function userinfo(Request $request)
-    {
-		$uid = $this->uid;
-        $userInfo = Db::name('Admin')->where(['id' => $uid])->find();
-        $this->apiSuccess('请求成功', ['user' => $userInfo]);
-    }
-
-    public function editPassword(Request $request)
-    {
-        $param = get_params();			
-        try {
-            validate(AdminCheck::class)->scene('editPwd')->check($param);
-        } catch (ValidateException $e) {
-            // 验证失败 输出错误信息
-            $this->apiError($e->getError());
-        }
-        $uid = $this->uid;
-        
-        $admin = Db::name('Admin')->where(['id' => $uid])->find();
-        $old_psw = set_password($param['old_pwd'], $admin['salt']);
-        if ($admin['pwd'] != $old_psw) {
-            $this->apiError('旧密码错误');
-        }
-
-        $salt = set_salt(20);
-        $new_pwd = set_password($param['pwd'], $salt);
-        $data = [
-            'reg_pwd' => '',
-            'salt' => $salt,
-            'pwd' => $new_pwd,
-            'update_time' => time(),
-        ];
-        Db::name('Admin')->where(['id' => $uid])->strict(false)->field(true)->update($data);
-        $this->apiSuccess('请求成功', ['user' => $userInfo]);
-    }
-}
diff --git a/app/api/middleware/Auth.php b/app/api/middleware/Auth.php
index f41507d..567ea30 100644
--- a/app/api/middleware/Auth.php
+++ b/app/api/middleware/Auth.php
@@ -21,7 +21,12 @@ class Auth
             if (count(explode('.', $token)) != 3) {
                 return json(['code'=>404,'msg'=>'非法请求']);
             }
-			$config = get_system_config('token');
+			$config = [
+				'secrect' => 'lihaioa',
+				'iss'     => 'ceshi-oa.lihaink.cn',
+				'aud'     => 'lihaioa',
+				'exptime' => 7 * 86400, 
+			];
             try {
 				JWT::$leeway = 60;//当前时间减去60，把时间留点余地
 				$decoded = JWT::decode($token, new Key($config['secrect'], 'HS256')); //HS256方式，这里要和签发的时候对应
diff --git a/app/home/validate/UserCheck.php b/app/home/validate/UserCheck.php
index cdc50f9..38d549f 100644
--- a/app/home/validate/UserCheck.php
+++ b/app/home/validate/UserCheck.php
@@ -14,13 +14,13 @@ class UserCheck extends Validate
     protected $rule = [
         'username' => 'require',
         'password' => 'require',
-        'captcha' => 'captcha',
+        'captcha'  => 'captcha',
     ];
 
     protected $message = [
         'username.require' => '用户名不能为空',
         'password.require' => '密码不能为空',
-        'captcha.require' => '验证码不能为空',
-        'captcha.captcha' => '验证码不正确',
+        'captcha.require'  => '验证码不能为空',
+        'captcha.captcha'  => '验证码不正确',
     ];
 }