2020-01-29 16:22:39 +08:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace App\Http\Controllers\Passport;
|
|
|
|
|
|
|
|
use App\Http\Controllers\Controller;
|
|
|
|
use App\Http\Requests\Passport\AuthRegister;
|
|
|
|
use App\Http\Requests\Passport\AuthForget;
|
|
|
|
use App\Http\Requests\Passport\AuthLogin;
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
use Illuminate\Support\Facades\Cache;
|
2020-02-04 00:33:02 +08:00
|
|
|
use App\Models\Plan;
|
2020-01-29 16:22:39 +08:00
|
|
|
use App\Models\User;
|
2020-01-30 17:18:25 +08:00
|
|
|
use App\Models\InviteCode;
|
2020-01-29 16:22:39 +08:00
|
|
|
use App\Utils\Helper;
|
2020-02-09 18:01:06 +08:00
|
|
|
use App\Utils\Dict;
|
2020-03-13 14:32:36 +08:00
|
|
|
use App\Utils\CacheKey;
|
2020-10-09 23:27:36 +08:00
|
|
|
use ReCaptcha\ReCaptcha;
|
2020-01-29 16:22:39 +08:00
|
|
|
|
|
|
|
class AuthController extends Controller
|
|
|
|
{
|
|
|
|
public function register(AuthRegister $request)
|
|
|
|
{
|
2020-10-09 23:27:36 +08:00
|
|
|
if ((int)config('v2board.recaptcha_enable', 0)) {
|
|
|
|
$recaptcha = new ReCaptcha(config('v2board.recaptcha_key'));
|
|
|
|
$recaptchaResp = $recaptcha->verify($request->input('recaptcha_data'));
|
|
|
|
if (!$recaptchaResp->isSuccess()) {
|
|
|
|
abort(500, '验证码有误');
|
|
|
|
}
|
|
|
|
}
|
2020-02-09 18:09:48 +08:00
|
|
|
if ((int)config('v2board.email_whitelist_enable', 0)) {
|
2020-02-09 18:01:06 +08:00
|
|
|
if (!Helper::emailSuffixVerify(
|
|
|
|
$request->input('email'),
|
2020-02-09 18:09:48 +08:00
|
|
|
config('v2board.email_whitelist_suffix', Dict::EMAIL_WHITELIST_SUFFIX_DEFAULT))
|
2020-02-09 18:01:06 +08:00
|
|
|
) {
|
|
|
|
abort(500, '邮箱后缀不处于白名单中');
|
|
|
|
}
|
|
|
|
}
|
2020-05-25 18:02:13 +08:00
|
|
|
if ((int)config('v2board.email_gmail_limit_enable', 0)) {
|
|
|
|
$prefix = explode('@', $request->input('email'))[0];
|
|
|
|
if (strpos($prefix, '.') !== false || strpos($prefix, '+') !== false) {
|
|
|
|
abort(500, '不支持Gmail别名邮箱');
|
|
|
|
}
|
|
|
|
}
|
2020-01-29 16:22:39 +08:00
|
|
|
if ((int)config('v2board.stop_register', 0)) {
|
|
|
|
abort(500, '本站已关闭注册');
|
|
|
|
}
|
|
|
|
if ((int)config('v2board.invite_force', 0)) {
|
|
|
|
if (empty($request->input('invite_code'))) {
|
|
|
|
abort(500, '必须使用邀请码才可以注册');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ((int)config('v2board.email_verify', 0)) {
|
|
|
|
if (empty($request->input('email_code'))) {
|
|
|
|
abort(500, '邮箱验证码不能为空');
|
|
|
|
}
|
2020-03-13 14:32:36 +08:00
|
|
|
if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {
|
2020-01-29 16:22:39 +08:00
|
|
|
abort(500, '邮箱验证码有误');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$email = $request->input('email');
|
|
|
|
$password = $request->input('password');
|
|
|
|
$exist = User::where('email', $email)->first();
|
|
|
|
if ($exist) {
|
|
|
|
abort(500, '邮箱已存在系统中');
|
|
|
|
}
|
|
|
|
$user = new User();
|
|
|
|
$user->email = $email;
|
|
|
|
$user->password = password_hash($password, PASSWORD_DEFAULT);
|
2020-06-08 01:08:07 +08:00
|
|
|
$user->uuid = Helper::guid(true);
|
2020-01-29 16:22:39 +08:00
|
|
|
$user->token = Helper::guid();
|
|
|
|
if ($request->input('invite_code')) {
|
|
|
|
$inviteCode = InviteCode::where('code', $request->input('invite_code'))
|
|
|
|
->where('status', 0)
|
|
|
|
->first();
|
|
|
|
if (!$inviteCode) {
|
|
|
|
if ((int)config('v2board.invite_force', 0)) {
|
|
|
|
abort(500, '邀请码无效');
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$user->invite_user_id = $inviteCode->user_id ? $inviteCode->user_id : null;
|
2020-03-13 14:33:48 +08:00
|
|
|
if (!(int)config('v2board.invite_never_expire', 0)) {
|
2020-01-29 16:22:39 +08:00
|
|
|
$inviteCode->status = 1;
|
|
|
|
$inviteCode->save();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// try out
|
2020-02-08 23:03:48 +08:00
|
|
|
if ((int)config('v2board.try_out_plan_id', 0)) {
|
2020-01-29 16:22:39 +08:00
|
|
|
$plan = Plan::find(config('v2board.try_out_plan_id'));
|
|
|
|
if ($plan) {
|
|
|
|
$user->transfer_enable = $plan->transfer_enable * 1073741824;
|
|
|
|
$user->plan_id = $plan->id;
|
|
|
|
$user->group_id = $plan->group_id;
|
|
|
|
$user->expired_at = time() + (config('v2board.try_out_hour', 1) * 3600);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!$user->save()) {
|
|
|
|
abort(500, '注册失败');
|
|
|
|
}
|
|
|
|
if ((int)config('v2board.email_verify', 0)) {
|
2020-03-13 14:32:36 +08:00
|
|
|
Cache::forget(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email')));
|
2020-01-29 16:22:39 +08:00
|
|
|
}
|
2020-02-09 18:21:58 +08:00
|
|
|
$request->session()->put('email', $user->email);
|
|
|
|
$request->session()->put('id', $user->id);
|
2020-01-29 16:22:39 +08:00
|
|
|
return response()->json([
|
|
|
|
'data' => true
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function login(AuthLogin $request)
|
|
|
|
{
|
|
|
|
$email = $request->input('email');
|
|
|
|
$password = $request->input('password');
|
|
|
|
|
|
|
|
$user = User::where('email', $email)->first();
|
|
|
|
if (!$user) {
|
|
|
|
abort(500, '用户名或密码错误');
|
|
|
|
}
|
2020-02-02 20:44:52 +08:00
|
|
|
if (!Helper::multiPasswordVerify(
|
2020-01-31 21:54:17 +08:00
|
|
|
$user->password_algo,
|
|
|
|
$password,
|
|
|
|
$user->password)
|
|
|
|
) {
|
2020-01-29 16:22:39 +08:00
|
|
|
abort(500, '用户名或密码错误');
|
|
|
|
}
|
|
|
|
|
2020-03-02 20:29:17 +08:00
|
|
|
if ($user->banned) {
|
2020-01-29 16:22:39 +08:00
|
|
|
abort(500, '该账户已被停止使用');
|
|
|
|
}
|
|
|
|
|
2020-02-16 14:05:38 +08:00
|
|
|
$data = [
|
2021-02-19 00:15:37 +08:00
|
|
|
'token' => $user->token,
|
|
|
|
'auth_data' => base64_encode("{$user->email}:{$user->password}")
|
2020-02-16 14:05:38 +08:00
|
|
|
];
|
2020-01-29 16:22:39 +08:00
|
|
|
$request->session()->put('email', $user->email);
|
|
|
|
$request->session()->put('id', $user->id);
|
|
|
|
if ($user->is_admin) {
|
|
|
|
$request->session()->put('is_admin', true);
|
2020-02-16 14:05:38 +08:00
|
|
|
$data['is_admin'] = true;
|
2020-01-29 16:22:39 +08:00
|
|
|
}
|
2020-10-20 02:09:32 +08:00
|
|
|
if ($user->is_staff) {
|
|
|
|
$request->session()->put('is_staff', true);
|
|
|
|
$data['is_staff'] = true;
|
|
|
|
}
|
2020-01-29 16:22:39 +08:00
|
|
|
return response([
|
2020-02-16 14:05:38 +08:00
|
|
|
'data' => $data
|
2020-01-29 16:22:39 +08:00
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function token2Login(Request $request)
|
|
|
|
{
|
|
|
|
if ($request->input('token')) {
|
2020-08-13 21:36:59 +08:00
|
|
|
$redirect = '/#/login?verify=' . $request->input('token') . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');
|
2020-01-29 16:22:39 +08:00
|
|
|
if (config('v2board.app_url')) {
|
|
|
|
$location = config('v2board.app_url') . $redirect;
|
|
|
|
} else {
|
|
|
|
$location = url($redirect);
|
|
|
|
}
|
2020-10-14 16:21:20 +08:00
|
|
|
return redirect()->to($location)->send();
|
2020-01-29 16:22:39 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if ($request->input('verify')) {
|
2020-08-13 21:36:59 +08:00
|
|
|
$key = CacheKey::get('TEMP_TOKEN', $request->input('verify'));
|
2020-01-29 16:22:39 +08:00
|
|
|
$userId = Cache::get($key);
|
|
|
|
if (!$userId) {
|
|
|
|
abort(500, '令牌有误');
|
|
|
|
}
|
|
|
|
$user = User::find($userId);
|
|
|
|
if (!$user) {
|
|
|
|
abort(500, '用户不存在');
|
|
|
|
}
|
2020-03-02 20:29:17 +08:00
|
|
|
if ($user->banned) {
|
2020-01-29 16:22:39 +08:00
|
|
|
abort(500, '该账户已被停止使用');
|
|
|
|
}
|
|
|
|
$request->session()->put('email', $user->email);
|
|
|
|
$request->session()->put('id', $user->id);
|
|
|
|
if ($user->is_admin) {
|
|
|
|
$request->session()->put('is_admin', true);
|
|
|
|
}
|
|
|
|
Cache::forget($key);
|
|
|
|
return response([
|
|
|
|
'data' => true
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-08-13 21:36:59 +08:00
|
|
|
public function getTempToken(Request $request)
|
|
|
|
{
|
|
|
|
$user = User::where('token', $request->input('token'))->first();
|
|
|
|
if (!$user) {
|
2020-10-20 02:09:32 +08:00
|
|
|
abort(500, '令牌有误');
|
2020-08-13 21:36:59 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
$code = Helper::guid();
|
|
|
|
$key = CacheKey::get('TEMP_TOKEN', $code);
|
|
|
|
Cache::put($key, $user->id, 60);
|
|
|
|
return response([
|
|
|
|
'data' => $code
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2020-10-20 02:09:32 +08:00
|
|
|
public function getQuickLoginUrl(Request $request)
|
|
|
|
{
|
2021-02-19 00:15:37 +08:00
|
|
|
$authData = explode(':', base64_decode($request->input('auth_data')));
|
|
|
|
$user = User::where('email', $authData[0])
|
|
|
|
->where('password', $authData[1])
|
|
|
|
->first();
|
2020-10-20 02:09:32 +08:00
|
|
|
if (!$user) {
|
|
|
|
abort(500, '令牌有误');
|
|
|
|
}
|
|
|
|
|
|
|
|
$code = Helper::guid();
|
|
|
|
$key = CacheKey::get('TEMP_TOKEN', $code);
|
|
|
|
Cache::put($key, $user->id, 60);
|
|
|
|
$redirect = '/#/login?verify=' . $code . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');
|
|
|
|
if (config('v2board.app_url')) {
|
|
|
|
$url = config('v2board.app_url') . $redirect;
|
|
|
|
} else {
|
|
|
|
$url = url($redirect);
|
|
|
|
}
|
|
|
|
return response([
|
|
|
|
'data' => $url
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2020-01-29 16:22:39 +08:00
|
|
|
public function check(Request $request)
|
|
|
|
{
|
2020-02-16 13:52:15 +08:00
|
|
|
$data = [
|
2020-02-16 13:55:48 +08:00
|
|
|
'is_login' => $request->session()->get('id') ? true : false
|
2020-02-16 13:48:31 +08:00
|
|
|
];
|
|
|
|
if ($request->session()->get('is_admin')) {
|
2020-02-16 13:52:15 +08:00
|
|
|
$data['is_admin'] = true;
|
2020-02-16 13:48:31 +08:00
|
|
|
}
|
2020-02-16 13:52:15 +08:00
|
|
|
return response([
|
|
|
|
'data' => $data
|
|
|
|
]);
|
2020-01-29 16:22:39 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
public function forget(AuthForget $request)
|
|
|
|
{
|
2020-03-13 14:32:36 +08:00
|
|
|
if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {
|
2020-01-29 16:22:39 +08:00
|
|
|
abort(500, '邮箱验证码有误');
|
|
|
|
}
|
|
|
|
$user = User::where('email', $request->input('email'))->first();
|
2020-02-07 19:34:24 +08:00
|
|
|
if (!$user) {
|
|
|
|
abort(500, '该邮箱不存在系统中');
|
|
|
|
}
|
2020-01-29 16:22:39 +08:00
|
|
|
$user->password = password_hash($request->input('password'), PASSWORD_DEFAULT);
|
2020-01-31 21:54:17 +08:00
|
|
|
$user->password_algo = NULL;
|
2020-01-29 16:22:39 +08:00
|
|
|
if (!$user->save()) {
|
|
|
|
abort(500, '重置失败');
|
|
|
|
}
|
2020-03-13 14:32:36 +08:00
|
|
|
Cache::forget(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email')));
|
2020-01-29 16:22:39 +08:00
|
|
|
return response([
|
|
|
|
'data' => true
|
|
|
|
]);
|
|
|
|
}
|
2020-02-09 18:01:06 +08:00
|
|
|
|
2020-01-29 16:22:39 +08:00
|
|
|
}
|