新增用户登录接口

2023-10-27 11:58:21 +08:00 · 2023-10-27 11:58:21 +08:00 · 9046da6125
parent faa1cdb9fa
commit 9046da6125
5 changed files with 113 additions and 31 deletions
--- a/app/api/BaseController.php
+++ b/app/api/BaseController.php
@ -99,11 +99,14 @@ abstract class BaseController
        $session_admin = get_config('app.session_admin');
        $header = Request::header();
        $token = $header['token'] ?? '';
-        if (!Session::has($session_admin) || !$token) {
-            $this->apiError('请先登录');
+        // 取消登录验证
+        if ($this->controller != 'user' && $this->action != 'login') {
+            if (!Session::has($session_admin) || !$token) {
+                $this->apiError('请先登录');
+            }
        }
        if ($token) {
-            
+
        }
 		if (Session::has($session_admin)) {
            $this->uid = Session::get($session_admin);
--- a/app/api/controller/Demo.php
+++ b/app/api/controller/Demo.php
@ -124,7 +124,7 @@ class Demo extends BaseController
     */
    public function test(Request $request)
    {
-		$uid = JWT_UID;
+		$uid = $this->uid;
        $userInfo = Db::name('Admin')->where(['id' => $uid])->find();
        $this->apiSuccess('请求成功', ['user' => $userInfo]);
    }
--- a/app/api/controller/User.php
+++ b/app/api/controller/User.php
@ -0,0 +1,84 @@
+<?php
+/**
+ * @copyright Copyright (c) 2021 勾股工作室
+ * @license https://opensource.org/licenses/Apache-2.0
+ * @link https://www.gougucms.com
+ */
+declare (strict_types = 1);
+namespace app\api\controller;
+
+use app\api\BaseController;
+use app\api\middleware\Auth;
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use think\facade\Db;
+use think\facade\Request;
+
+class User extends BaseController
+{
+    /**
+     * 控制器中间件 [登录、注册 不需要鉴权]
+     * @var array
+     */
+	protected $middleware = [
+    	Auth::class => ['except' => ['login']]
+    ];
+
+    /**
+     * @param $user_id
+     * @return string
+     */
+    public function getToken($user_id){
+        $time = time(); //当前时间
+		$conf = $this->jwt_conf;
+        $token = [
+            'iss' => $conf['iss'], //签发者 可选
+            'aud' => $conf['aud'], //接收该JWT的一方，可选
+            'iat' => $time, //签发时间
+            'nbf' => $time-1 , //(Not Before)：某个时间点后才能访问，比如设置time+30，表示当前时间30秒后才能使用
+            'exp' => $time+$conf['exptime'], //过期时间,这里设置2个小时
+            'data' => [
+                //自定义信息，不要定义敏感信息
+                'userid' =>$user_id,
+            ]
+        ];
+        return JWT::encode($token, $conf['secrect'], 'HS256'); //输出Token  默认'HS256'
+    }
+
+    public function login()
+    {
+        $param = get_params();
+        if (empty($param['username']) || empty($param['password'])) {
+            $this->apiError('参数错误');
+        }
+        // 校验用户名密码
+        $user = Db::name('Admin')->where(['username' => $param['username']])->find();
+        if (empty($user)) {
+            $this->apiError('帐号或密码错误');
+        }
+        $param['pwd'] = set_password($param['password'], $user['salt']);
+        if ($param['pwd'] !== $user['pwd']) {
+            $this->apiError('帐号或密码错误');
+        }
+        if ($user['status'] == -1) {
+            $this->apiError('该用户禁止登录,请于平台联系');
+        }
+        $data = [
+            'last_login_time' => time(),
+            'last_login_ip' => request()->ip(),
+            'login_num' => $user['login_num'] + 1,
+        ];
+        $res = Db::name('Admin')->where(['id' => $user['id']])->update($data);
+        if ($res) {
+            $token = self::getToken($user['id']);
+            $this->apiSuccess('登录成功', ['token' => $token]);
+        }
+    }
+    
+    public function userinfo(Request $request)
+    {
+		$uid = $this->uid;
+        $userInfo = Db::name('Admin')->where(['id' => $uid])->find();
+        $this->apiSuccess('请求成功', ['user' => $userInfo]);
+    }
+}
--- a/app/api/middleware/Auth.php
+++ b/app/api/middleware/Auth.php
@ -22,31 +22,27 @@ class Auth
                return json(['code'=>404,'msg'=>'非法请求']);
            }
 			$config = get_system_config('token');
-			//var_dump($config);exit;
            try {
 				JWT::$leeway = 60;//当前时间减去60，把时间留点余地
-					$decoded = JWT::decode($token, new Key($config['secrect'], 'HS256')); //HS256方式，这里要和签发的时候对应
-					//return (array)$decoded;
-					$decoded_array = json_decode(json_encode($decoded),TRUE);
-					$jwt_data = $decoded_array['data'];
-					//$request->uid = $jwt_data['userid'];
-					define('JWT_UID', $jwt_data['userid']);
-					$response = $next($request);
-					return $response;
-					//return $next($request);
-				} catch(\Firebase\JWT\SignatureInvalidException $e) {  //签名不正确
-					return json(['code'=>403,'msg'=>'签名错误']);
-				}catch(\Firebase\JWT\BeforeValidException $e) {  // 签名在某个时间点之后才能用
-					return json(['code'=>401,'msg'=>'token失效']);
-				}catch(\Firebase\JWT\ExpiredException $e) {  // token过期
-					return json(['code'=>401,'msg'=>'token已过期']);
-				}catch(Exception $e) {  //其他错误
-					return json(['code'=>404,'msg'=>'非法请求']);
-				}catch(\UnexpectedValueException $e) {  //其他错误
-					return json(['code'=>404,'msg'=>'非法请求']);
-				} catch(\DomainException $e) {  //其他错误
-					return json(['code'=>404,'msg'=>'非法请求']);
-				}
+				$decoded = JWT::decode($token, new Key($config['secrect'], 'HS256')); //HS256方式，这里要和签发的时候对应
+				$decoded_array = json_decode(json_encode($decoded),TRUE);
+				$jwt_data = $decoded_array['data'];
+				define('JWT_UID', $jwt_data['userid']);
+				$response = $next($request);
+				return $response;
+			} catch(\Firebase\JWT\SignatureInvalidException $e) {  //签名不正确
+				return json(['code'=>403,'msg'=>'签名错误']);
+			}catch(\Firebase\JWT\BeforeValidException $e) {  // 签名在某个时间点之后才能用
+				return json(['code'=>401,'msg'=>'token失效']);
+			}catch(\Firebase\JWT\ExpiredException $e) {  // token过期
+				return json(['code'=>401,'msg'=>'token已过期']);
+			}catch(Exception $e) {  //其他错误
+				return json(['code'=>404,'msg'=>'非法请求']);
+			}catch(\UnexpectedValueException $e) {  //其他错误
+				return json(['code'=>404,'msg'=>'非法请求']);
+			} catch(\DomainException $e) {  //其他错误
+				return json(['code'=>404,'msg'=>'非法请求']);
+			}
        } else {
            return json(['code'=>404,'msg'=>'token不能为空']);
        }
--- a/app/home/controller/Login.php
+++ b/app/home/controller/Login.php
@ -46,17 +46,16 @@ class Login
        if ($admin['status'] != 1) {
            return to_assign(1, '该用户禁止登录,请与管理者联系');
        }
-        $token = make_token();
        $data = [
 			'is_lock' => 0,
            'last_login_time' => time(),
            'last_login_ip' => request()->ip(),
-            'login_num' => $admin['login_num'] + 1,
-            'token' => $token
+            'login_num' => $admin['login_num'] + 1
        ];
        Db::name('admin')->where(['id' => $admin['id']])->update($data);
        $session_admin = get_config('app.session_admin');
        Session::set($session_admin, $admin['id']);
+        $token = make_token();
        set_cache($token, $admin, 7200);
        $admin['token'] = $token;
 		$logdata = [
@ -70,7 +69,7 @@ class Login
 			'create_time' => time()
        ];
 		Db::name('AdminLog')->strict(false)->field(true)->insert($logdata);
-        return to_assign(0, '登录成功', ['uid' => $admin['id'], 'token' => $token]);
+        return to_assign(0, '登录成功', ['uid' => $admin['id']]);
    }

    //退出登录