v2board/app/Http/Controllers/User/UserController.php

<?php

namespace App\Http\Controllers\User;

use App\Http\Controllers\Controller;
use App\Http\Requests\User\UserTransfer;
use App\Http\Requests\User\UserUpdate;
use App\Http\Requests\User\UserChangePassword;
use App\Services\UserService;
use App\Utils\CacheKey;
use Illuminate\Http\Request;
use App\Models\User;
use App\Models\Plan;
use App\Models\Ticket;
use App\Utils\Helper;
use App\Models\Order;
use Illuminate\Support\Facades\Cache;

class UserController extends Controller
{
    public function logout(Request $request)
    {
        $request->session()->flush();
        return response([
            'data' => true
        ]);
    }

    public function changePassword(UserChangePassword $request)
    {
        $user = User::find($request->session()->get('id'));
        if (!$user) {
            abort(500, __('The user does not exist'));
        }
        if (!Helper::multiPasswordVerify(
            $user->password_algo,
            $user->password_salt,
            $request->input('old_password'),
            $user->password)
        ) {
            abort(500, __('The old password is wrong'));
        }
        $user->password = password_hash($request->input('new_password'), PASSWORD_DEFAULT);
        $user->password_algo = NULL;
        $user->password_salt = NULL;
        if (!$user->save()) {
            abort(500, __('Save failed'));
        }
        $request->session()->flush();
        return response([
            'data' => true
        ]);
    }

    public function info(Request $request)
    {
        $user = User::where('id', $request->session()->get('id'))
            ->select([
                'email',
                'transfer_enable',
                'last_login_at',
                'created_at',
                'banned',
                'remind_expire',
                'remind_traffic',
                'expired_at',
                'balance',
                'commission_balance',
                'plan_id',
                'discount',
                'commission_rate',
                'telegram_id',
                'uuid'
            ])
            ->first();
        if (!$user) {
            abort(500, __('The user does not exist'));
        }
        $user['avatar_url'] = 'https://cdn.v2ex.com/gravatar/' . md5($user->email) . '?s=64&d=identicon';
        return response([
            'data' => $user
        ]);
    }

    public function getStat(Request $request)
    {
        $stat = [
            Order::where('status', 0)
                ->where('user_id', $request->session()->get('id'))
                ->count(),
            Ticket::where('status', 0)
                ->where('user_id', $request->session()->get('id'))
                ->count(),
            User::where('invite_user_id', $request->session()->get('id'))
                ->count()
        ];
        return response([
            'data' => $stat
        ]);
    }

    public function getSubscribe(Request $request)
    {
        $user = User::where('id', $request->session()->get('id'))
            ->select([
                'plan_id',
                'token',
                'expired_at',
                'u',
                'd',
                'transfer_enable',
                'email'
            ])
            ->first();
        if (!$user) {
            abort(500, __('The user does not exist'));
        }
        if ($user->plan_id) {
            $user['plan'] = Plan::find($user->plan_id);
            if (!$user['plan']) {
                abort(500, __('Subscription plan does not exist'));
            }
        }
        $user['subscribe_url'] = Helper::getSubscribeUrl("/api/v1/client/subscribe?token={$user['token']}");
        $userService = new UserService();
        $user['reset_day'] = $userService->getResetDay($user);
        return response([
            'data' => $user
        ]);
    }

    public function resetSecurity(Request $request)
    {
        $user = User::find($request->session()->get('id'));
        if (!$user) {
            abort(500, __('The user does not exist'));
        }
        $user->uuid = Helper::guid(true);
        $user->token = Helper::guid();
        if (!$user->save()) {
            abort(500, __('Reset failed'));
        }
        return response([
            'data' => Helper::getSubscribeUrl('/api/v1/client/subscribe?token=' . $user->token)
        ]);
    }

    public function update(UserUpdate $request)
    {
        $updateData = $request->only([
            'remind_expire',
            'remind_traffic'
        ]);

        $user = User::find($request->session()->get('id'));
        if (!$user) {
            abort(500, __('The user does not exist'));
        }
        try {
            $user->update($updateData);
        } catch (\Exception $e) {
            abort(500, __('Save failed'));
        }

        return response([
            'data' => true
        ]);
    }

    public function transfer(UserTransfer $request)
    {
        $user = User::find($request->session()->get('id'));
        if (!$user) {
            abort(500, __('The user does not exist'));
        }
        if ($request->input('transfer_amount') > $user->commission_balance) {
            abort(500, __('Insufficient commission balance'));
        }
        $user->commission_balance = $user->commission_balance - $request->input('transfer_amount');
        $user->balance = $user->balance + $request->input('transfer_amount');
        if (!$user->save()) {
            abort(500, __('Transfer failed'));
        }
        return response([
            'data' => true
        ]);
    }

    public function getQuickLoginUrl(Request $request)
    {
        $user = User::find($request->session()->get('id'));
        if (!$user) {
            abort(500, __('The user does not exist'));
        }

        $code = Helper::guid();
        $key = CacheKey::get('TEMP_TOKEN', $code);
        Cache::put($key, $user->id, 60);
        $redirect = '/#/login?verify=' . $code . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');
        if (config('v2board.app_url')) {
            $url = config('v2board.app_url') . $redirect;
        } else {
            $url = url($redirect);
        }
        return response([
            'data' => $url
        ]);
    }
}
commit message 2019-10-29 15:33:36 +08:00			`<?php`

update 2020-01-29 16:08:50 +08:00			`namespace App\Http\Controllers\User;`
commit message 2019-10-29 15:33:36 +08:00
update 2020-01-29 16:08:50 +08:00			`use App\Http\Controllers\Controller;`
fix: something 2021-02-17 16:11:17 +08:00			`use App\Http\Requests\User\UserTransfer;`
update 2020-01-29 16:22:39 +08:00			`use App\Http\Requests\User\UserUpdate;`
fix:change password 2020-03-31 10:32:08 +08:00			`use App\Http\Requests\User\UserChangePassword;`
update: reset by next year 2022-05-30 15:42:25 +08:00			`use App\Services\UserService;`
update: fix admin editor 2021-08-05 13:48:24 +08:00			`use App\Utils\CacheKey;`
commit message 2019-10-29 15:33:36 +08:00			`use Illuminate\Http\Request;`
			`use App\Models\User;`
			`use App\Models\Plan;`
update 2019-12-15 22:24:49 +08:00			`use App\Models\Ticket;`
commit message 2019-10-29 15:33:36 +08:00			`use App\Utils\Helper;`
			`use App\Models\Order;`
update: fix admin editor 2021-08-05 13:48:24 +08:00			`use Illuminate\Support\Facades\Cache;`
commit message 2019-10-29 15:33:36 +08:00
			`class UserController extends Controller`
			`{`
format 2020-01-11 13:36:52 +08:00			`public function logout(Request $request)`
			`{`
update 2020-01-31 00:03:18 +08:00			`$request->session()->flush();`
commit message 2019-10-29 15:33:36 +08:00			`return response([`
update 2020-01-31 00:03:18 +08:00			`'data' => true`
commit message 2019-10-29 15:33:36 +08:00			`]);`
			`}`

fix:change password 2020-03-31 10:32:08 +08:00			`public function changePassword(UserChangePassword $request)`
format 2020-01-11 13:36:52 +08:00			`{`
commit message 2019-10-29 15:33:36 +08:00			`$user = User::find($request->session()->get('id'));`
[security] Fix user info leak in getSubscribe() getSubscribe() leaks all user info even password hash, fix it. 2020-12-31 08:23:46 +08:00			`if (!$user) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('The user does not exist'));`
[security] Fix user info leak in getSubscribe() getSubscribe() leaks all user info even password hash, fix it. 2020-12-31 08:23:46 +08:00			`}`
update changepassword 2020-02-02 20:44:52 +08:00			`if (!Helper::multiPasswordVerify(`
			`$user->password_algo,`
update: support md5 with sha256 2021-09-14 12:10:29 +08:00			`$user->password_salt,`
update changepassword 2020-02-02 20:44:52 +08:00			`$request->input('old_password'),`
			`$user->password)`
			`) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('The old password is wrong'));`
commit message 2019-10-29 15:33:36 +08:00			`}`
			`$user->password = password_hash($request->input('new_password'), PASSWORD_DEFAULT);`
support multi password hash verify 2020-01-31 21:54:17 +08:00			`$user->password_algo = NULL;`
update: support md5 with sha256 2021-09-14 12:12:44 +08:00			`$user->password_salt = NULL;`
commit message 2019-10-29 15:33:36 +08:00			`if (!$user->save()) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Save failed'));`
commit message 2019-10-29 15:33:36 +08:00			`}`
			`$request->session()->flush();`
			`return response([`
			`'data' => true`
			`]);`
			`}`
format 2020-01-11 13:36:52 +08:00
			`public function info(Request $request)`
			`{`
commit message 2019-10-29 15:33:36 +08:00			`$user = User::where('id', $request->session()->get('id'))`
			`->select([`
			`'email',`
update 2020-01-05 23:47:23 +08:00			`'transfer_enable',`
commit message 2019-10-29 15:33:36 +08:00			`'last_login_at',`
			`'created_at',`
fix 2020-03-02 20:32:15 +08:00			`'banned',`
commit message 2019-10-29 15:33:36 +08:00			`'remind_expire',`
update 2019-11-25 00:08:14 +08:00			`'remind_traffic',`
update 2019-11-29 01:16:15 +08:00			`'expired_at',`
			`'balance',`
update 2020-01-03 21:29:25 +08:00			`'commission_balance',`
update userinfo fetch 2020-02-14 22:11:13 +08:00			`'plan_id',`
			`'discount',`
update telegram 2020-05-19 16:32:35 +08:00			`'commission_rate',`
update: getInfo show uuid 2021-10-11 21:39:55 +08:00			`'telegram_id',`
			`'uuid'`
commit message 2019-10-29 15:33:36 +08:00			`])`
			`->first();`
[security] Fix user info leak in getSubscribe() getSubscribe() leaks all user info even password hash, fix it. 2020-12-31 08:23:46 +08:00			`if (!$user) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('The user does not exist'));`
[security] Fix user info leak in getSubscribe() getSubscribe() leaks all user info even password hash, fix it. 2020-12-31 08:23:46 +08:00			`}`
commit message 2019-10-29 15:33:36 +08:00			`$user['avatar_url'] = 'https://cdn.v2ex.com/gravatar/' . md5($user->email) . '?s=64&d=identicon';`
			`return response([`
			`'data' => $user`
			`]);`
			`}`
update 2019-12-23 15:26:08 +08:00
format 2020-01-11 13:36:52 +08:00			`public function getStat(Request $request)`
			`{`
update 2019-12-23 15:33:34 +08:00			`$stat = [`
			`Order::where('status', 0)`
			`->where('user_id', $request->session()->get('id'))`
			`->count(),`
			`Ticket::where('status', 0)`
			`->where('user_id', $request->session()->get('id'))`
			`->count(),`
			`User::where('invite_user_id', $request->session()->get('id'))`
			`->count()`
			`];`
			`return response([`
			`'data' => $stat`
			`]);`
			`}`

format 2020-01-11 13:36:52 +08:00			`public function getSubscribe(Request $request)`
			`{`
[security] Fix user info leak in getSubscribe() getSubscribe() leaks all user info even password hash, fix it. 2020-12-31 08:23:46 +08:00			`$user = User::where('id', $request->session()->get('id'))`
			`->select([`
			`'plan_id',`
			`'token',`
			`'expired_at',`
			`'u',`
			`'d',`
update: user 2021-01-08 13:21:13 +08:00			`'transfer_enable',`
			`'email'`
[security] Fix user info leak in getSubscribe() getSubscribe() leaks all user info even password hash, fix it. 2020-12-31 08:23:46 +08:00			`])`
			`->first();`
			`if (!$user) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('The user does not exist'));`
[security] Fix user info leak in getSubscribe() getSubscribe() leaks all user info even password hash, fix it. 2020-12-31 08:23:46 +08:00			`}`
update 2019-12-23 15:26:08 +08:00			`if ($user->plan_id) {`
			`$user['plan'] = Plan::find($user->plan_id);`
			`if (!$user['plan']) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Subscription plan does not exist'));`
update 2019-12-23 15:26:08 +08:00			`}`
			`}`
update: get subscribe url 2022-05-09 23:26:59 +08:00			`$user['subscribe_url'] = Helper::getSubscribeUrl("/api/v1/client/subscribe?token={$user['token']}");`
update: reset by next year 2022-05-30 15:42:25 +08:00			`$userService = new UserService();`
			`$user['reset_day'] = $userService->getResetDay($user);`
update 2019-12-23 15:26:08 +08:00			`return response([`
			`'data' => $user`
			`]);`
			`}`
format 2020-01-11 13:36:52 +08:00
			`public function resetSecurity(Request $request)`
			`{`
commit message 2019-10-29 15:33:36 +08:00			`$user = User::find($request->session()->get('id'));`
[security] Fix user info leak in getSubscribe() getSubscribe() leaks all user info even password hash, fix it. 2020-12-31 08:23:46 +08:00			`if (!$user) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('The user does not exist'));`
[security] Fix user info leak in getSubscribe() getSubscribe() leaks all user info even password hash, fix it. 2020-12-31 08:23:46 +08:00			`}`
update 2020-06-08 01:08:07 +08:00			`$user->uuid = Helper::guid(true);`
update 2019-12-01 21:34:56 +08:00			`$user->token = Helper::guid();`
commit message 2019-10-29 15:33:36 +08:00			`if (!$user->save()) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Reset failed'));`
commit message 2019-10-29 15:33:36 +08:00			`}`
			`return response([`
update: get subscribe url 2022-05-09 23:26:59 +08:00			`'data' => Helper::getSubscribeUrl('/api/v1/client/subscribe?token=' . $user->token)`
commit message 2019-10-29 15:33:36 +08:00			`]);`
			`}`

format 2020-01-11 13:36:52 +08:00			`public function update(UserUpdate $request)`
			`{`
commit message 2019-10-29 15:33:36 +08:00			`$updateData = $request->only([`
			`'remind_expire',`
			`'remind_traffic'`
			`]);`
format 2020-01-11 13:36:52 +08:00
commit message 2019-10-29 15:33:36 +08:00			`$user = User::find($request->session()->get('id'));`
			`if (!$user) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('The user does not exist'));`
commit message 2019-10-29 15:33:36 +08:00			`}`
fix elq update try catch 2020-03-17 14:28:47 +08:00			`try {`
			`$user->update($updateData);`
			`} catch (\Exception $e) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Save failed'));`
commit message 2019-10-29 15:33:36 +08:00			`}`

			`return response([`
			`'data' => true`
			`]);`
			`}`
transfer and withdraw 2020-05-10 18:38:02 +08:00
fix: something 2021-02-17 16:11:17 +08:00			`public function transfer(UserTransfer $request)`
transfer and withdraw 2020-05-10 18:38:02 +08:00			`{`
			`$user = User::find($request->session()->get('id'));`
			`if (!$user) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('The user does not exist'));`
transfer and withdraw 2020-05-10 18:38:02 +08:00			`}`
			`if ($request->input('transfer_amount') > $user->commission_balance) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Insufficient commission balance'));`
transfer and withdraw 2020-05-10 18:38:02 +08:00			`}`
			`$user->commission_balance = $user->commission_balance - $request->input('transfer_amount');`
			`$user->balance = $user->balance + $request->input('transfer_amount');`
			`if (!$user->save()) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Transfer failed'));`
transfer and withdraw 2020-05-10 18:38:02 +08:00			`}`
			`return response([`
			`'data' => true`
			`]);`
			`}`
feature: reset day 2020-08-10 21:17:01 +08:00
update: fix admin editor 2021-08-05 13:48:24 +08:00			`public function getQuickLoginUrl(Request $request)`
			`{`
			`$user = User::find($request->session()->get('id'));`
			`if (!$user) {`
			`abort(500, __('The user does not exist'));`
			`}`

			`$code = Helper::guid();`
			`$key = CacheKey::get('TEMP_TOKEN', $code);`
			`Cache::put($key, $user->id, 60);`
			`$redirect = '/#/login?verify=' . $code . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');`
			`if (config('v2board.app_url')) {`
			`$url = config('v2board.app_url') . $redirect;`
			`} else {`
			`$url = url($redirect);`
			`}`
			`return response([`
			`'data' => $url`
			`]);`
			`}`
commit message 2019-10-29 15:33:36 +08:00			`}`