v2board/app/Http/Controllers/Passport/AuthController.php

<?php

namespace App\Http\Controllers\Passport;

use App\Http\Controllers\Controller;
use App\Http\Requests\Passport\AuthRegister;
use App\Http\Requests\Passport\AuthForget;
use App\Http\Requests\Passport\AuthLogin;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cache;
use App\Models\Plan;
use App\Models\User;
use App\Models\InviteCode;
use App\Utils\Helper;
use App\Utils\Dict;
use App\Utils\CacheKey;
use ReCaptcha\ReCaptcha;

class AuthController extends Controller
{
    public function register(AuthRegister $request)
    {
        if ((int)config('v2board.recaptcha_enable', 0)) {
            $recaptcha = new ReCaptcha(config('v2board.recaptcha_key'));
            $recaptchaResp = $recaptcha->verify($request->input('recaptcha_data'));
            if (!$recaptchaResp->isSuccess()) {
                abort(500, __('Invalid code is incorrect'));
            }
        }
        if ((int)config('v2board.email_whitelist_enable', 0)) {
            if (!Helper::emailSuffixVerify(
                $request->input('email'),
                config('v2board.email_whitelist_suffix', Dict::EMAIL_WHITELIST_SUFFIX_DEFAULT))
            ) {
                abort(500, __('Email suffix is not in the Whitelist'));
            }
        }
        if ((int)config('v2board.email_gmail_limit_enable', 0)) {
            $prefix = explode('@', $request->input('email'))[0];
            if (strpos($prefix, '.') !== false || strpos($prefix, '+') !== false) {
                abort(500, __('Gmail alias is not supported'));
            }
        }
        if ((int)config('v2board.stop_register', 0)) {
            abort(500, __('Registration has closed'));
        }
        if ((int)config('v2board.invite_force', 0)) {
            if (empty($request->input('invite_code'))) {
                abort(500, __('You must use the invitation code to register'));
            }
        }
        if ((int)config('v2board.email_verify', 0)) {
            if (empty($request->input('email_code'))) {
                abort(500, __('Email verification code cannot be empty'));
            }
            if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {
                abort(500, __('Incorrect email verification code'));
            }
        }
        $email = $request->input('email');
        $password = $request->input('password');
        $exist = User::where('email', $email)->first();
        if ($exist) {
            abort(500, __('Email already exists'));
        }
        $user = new User();
        $user->email = $email;
        $user->password = password_hash($password, PASSWORD_DEFAULT);
        $user->uuid = Helper::guid(true);
        $user->token = Helper::guid();
        if ($request->input('invite_code')) {
            $inviteCode = InviteCode::where('code', $request->input('invite_code'))
                ->where('status', 0)
                ->first();
            if (!$inviteCode) {
                if ((int)config('v2board.invite_force', 0)) {
                    abort(500, __('Invalid invitation code'));
                }
            } else {
                $user->invite_user_id = $inviteCode->user_id ? $inviteCode->user_id : null;
                if (!(int)config('v2board.invite_never_expire', 0)) {
                    $inviteCode->status = 1;
                    $inviteCode->save();
                }
            }
        }

        // try out
        if ((int)config('v2board.try_out_plan_id', 0)) {
            $plan = Plan::find(config('v2board.try_out_plan_id'));
            if ($plan) {
                $user->transfer_enable = $plan->transfer_enable * 1073741824;
                $user->plan_id = $plan->id;
                $user->group_id = $plan->group_id;
                $user->expired_at = time() + (config('v2board.try_out_hour', 1) * 3600);
            }
        }

        if (!$user->save()) {
            abort(500, __('Register failed'));
        }
        if ((int)config('v2board.email_verify', 0)) {
            Cache::forget(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email')));
        }
        $request->session()->put('email', $user->email);
        $request->session()->put('id', $user->id);
        return response()->json([
            'data' => true
        ]);
    }

    public function login(AuthLogin $request)
    {
        $email = $request->input('email');
        $password = $request->input('password');

        $user = User::where('email', $email)->first();
        if (!$user) {
            abort(500, __('Incorrect email or password'));
        }
        if (!Helper::multiPasswordVerify(
            $user->password_algo,
            $password,
            $user->password)
        ) {
            abort(500, __('Incorrect email or password'));
        }

        if ($user->banned) {
            abort(500, __('Your account has been suspended'));
        }

        $data = [
            'token' => $user->token,
            'auth_data' => base64_encode("{$user->email}:{$user->password}")
        ];
        $request->session()->put('email', $user->email);
        $request->session()->put('id', $user->id);
        if ($user->is_admin) {
            $request->session()->put('is_admin', true);
            $data['is_admin'] = true;
        }
        if ($user->is_staff) {
            $request->session()->put('is_staff', true);
            $data['is_staff'] = true;
        }
        return response([
            'data' => $data
        ]);
    }

    public function token2Login(Request $request)
    {
        if ($request->input('token')) {
            $redirect = '/#/login?verify=' . $request->input('token') . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');
            if (config('v2board.app_url')) {
                $location = config('v2board.app_url') . $redirect;
            } else {
                $location = url($redirect);
            }
            return redirect()->to($location)->send();
        }

        if ($request->input('verify')) {
            $key =  CacheKey::get('TEMP_TOKEN', $request->input('verify'));
            $userId = Cache::get($key);
            if (!$userId) {
                abort(500, __('Token error'));
            }
            $user = User::find($userId);
            if (!$user) {
                abort(500, __('The user does not '));
            }
            if ($user->banned) {
                abort(500, __('Your account has been suspended'));
            }
            $request->session()->put('email', $user->email);
            $request->session()->put('id', $user->id);
            if ($user->is_admin) {
                $request->session()->put('is_admin', true);
            }
            Cache::forget($key);
            return response([
                'data' => true
            ]);
        }
    }

    public function getTempToken(Request $request)
    {
        $user = User::where('token', $request->input('token'))->first();
        if (!$user) {
            abort(500, __('Token error'));
        }

        $code = Helper::guid();
        $key = CacheKey::get('TEMP_TOKEN', $code);
        Cache::put($key, $user->id, 60);
        return response([
            'data' => $code
        ]);
    }

    public function getQuickLoginUrl(Request $request)
    {
        $authData = explode(':', base64_decode($request->input('auth_data')));
        if (!isset($authData[0])) abort(403, __('Token error'));
        $user = User::where('email', $authData[0])
            ->where('password', $authData[1])
            ->first();
        if (!$user) {
            abort(500, __('Token error'));
        }

        $code = Helper::guid();
        $key = CacheKey::get('TEMP_TOKEN', $code);
        Cache::put($key, $user->id, 60);
        $redirect = '/#/login?verify=' . $code . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');
        if (config('v2board.app_url')) {
            $url = config('v2board.app_url') . $redirect;
        } else {
            $url = url($redirect);
        }
        return response([
            'data' => $url
        ]);
    }

    public function check(Request $request)
    {
        $data = [
            'is_login' => $request->session()->get('id') ? true : false
        ];
        if ($request->session()->get('is_admin')) {
            $data['is_admin'] = true;
        }
        return response([
            'data' => $data
        ]);
    }

    public function forget(AuthForget $request)
    {
        if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {
            abort(500, __('Incorrect email verification code'));
        }
        $user = User::where('email', $request->input('email'))->first();
        if (!$user) {
            abort(500, __('This email is not registered in the system'));
        }
        $user->password = password_hash($request->input('password'), PASSWORD_DEFAULT);
        $user->password_algo = NULL;
        if (!$user->save()) {
            abort(500, __('Reset failed'));
        }
        Cache::forget(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email')));
        return response([
            'data' => true
        ]);
    }

}
update 2020-01-29 16:22:39 +08:00			`<?php`

			`namespace App\Http\Controllers\Passport;`

			`use App\Http\Controllers\Controller;`
			`use App\Http\Requests\Passport\AuthRegister;`
			`use App\Http\Requests\Passport\AuthForget;`
			`use App\Http\Requests\Passport\AuthLogin;`
			`use Illuminate\Http\Request;`
			`use Illuminate\Support\Facades\Cache;`
fix 2020-02-04 00:33:02 +08:00			`use App\Models\Plan;`
update 2020-01-29 16:22:39 +08:00			`use App\Models\User;`
update 2020-01-30 17:18:25 +08:00			`use App\Models\InviteCode;`
update 2020-01-29 16:22:39 +08:00			`use App\Utils\Helper;`
add email whitelist config 2020-02-09 18:01:06 +08:00			`use App\Utils\Dict;`
update send email verify ttl 300 sec 2020-03-13 14:32:36 +08:00			`use App\Utils\CacheKey;`
feature: google recaptcha 2020-10-09 23:27:36 +08:00			`use ReCaptcha\ReCaptcha;`
update 2020-01-29 16:22:39 +08:00
			`class AuthController extends Controller`
			`{`
			`public function register(AuthRegister $request)`
			`{`
feature: google recaptcha 2020-10-09 23:27:36 +08:00			`if ((int)config('v2board.recaptcha_enable', 0)) {`
			`$recaptcha = new ReCaptcha(config('v2board.recaptcha_key'));`
			`$recaptchaResp = $recaptcha->verify($request->input('recaptcha_data'));`
			`if (!$recaptchaResp->isSuccess()) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Invalid code is incorrect'));`
feature: google recaptcha 2020-10-09 23:27:36 +08:00			`}`
			`}`
add email whitelist config 2020-02-09 18:09:48 +08:00			`if ((int)config('v2board.email_whitelist_enable', 0)) {`
add email whitelist config 2020-02-09 18:01:06 +08:00			`if (!Helper::emailSuffixVerify(`
			`$request->input('email'),`
add email whitelist config 2020-02-09 18:09:48 +08:00			`config('v2board.email_whitelist_suffix', Dict::EMAIL_WHITELIST_SUFFIX_DEFAULT))`
add email whitelist config 2020-02-09 18:01:06 +08:00			`) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Email suffix is not in the Whitelist'));`
add email whitelist config 2020-02-09 18:01:06 +08:00			`}`
			`}`
gmail limit 2020-05-25 18:02:13 +08:00			`if ((int)config('v2board.email_gmail_limit_enable', 0)) {`
			`$prefix = explode('@', $request->input('email'))[0];`
			`if (strpos($prefix, '.') !== false \|\| strpos($prefix, '+') !== false) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Gmail alias is not supported'));`
gmail limit 2020-05-25 18:02:13 +08:00			`}`
			`}`
update 2020-01-29 16:22:39 +08:00			`if ((int)config('v2board.stop_register', 0)) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Registration has closed'));`
update 2020-01-29 16:22:39 +08:00			`}`
			`if ((int)config('v2board.invite_force', 0)) {`
			`if (empty($request->input('invite_code'))) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('You must use the invitation code to register'));`
update 2020-01-29 16:22:39 +08:00			`}`
			`}`
			`if ((int)config('v2board.email_verify', 0)) {`
			`if (empty($request->input('email_code'))) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Email verification code cannot be empty'));`
update 2020-01-29 16:22:39 +08:00			`}`
update send email verify ttl 300 sec 2020-03-13 14:32:36 +08:00			`if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Incorrect email verification code'));`
update 2020-01-29 16:22:39 +08:00			`}`
			`}`
			`$email = $request->input('email');`
			`$password = $request->input('password');`
			`$exist = User::where('email', $email)->first();`
			`if ($exist) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Email already exists'));`
update 2020-01-29 16:22:39 +08:00			`}`
			`$user = new User();`
			`$user->email = $email;`
			`$user->password = password_hash($password, PASSWORD_DEFAULT);`
update 2020-06-08 01:08:07 +08:00			`$user->uuid = Helper::guid(true);`
update 2020-01-29 16:22:39 +08:00			`$user->token = Helper::guid();`
			`if ($request->input('invite_code')) {`
			`$inviteCode = InviteCode::where('code', $request->input('invite_code'))`
			`->where('status', 0)`
			`->first();`
			`if (!$inviteCode) {`
			`if ((int)config('v2board.invite_force', 0)) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Invalid invitation code'));`
update 2020-01-29 16:22:39 +08:00			`}`
			`} else {`
			`$user->invite_user_id = $inviteCode->user_id ? $inviteCode->user_id : null;`
update 2020-03-13 14:33:48 +08:00			`if (!(int)config('v2board.invite_never_expire', 0)) {`
update 2020-01-29 16:22:39 +08:00			`$inviteCode->status = 1;`
			`$inviteCode->save();`
			`}`
			`}`
			`}`

			`// try out`
optimization try out 2020-02-08 23:03:48 +08:00			`if ((int)config('v2board.try_out_plan_id', 0)) {`
update 2020-01-29 16:22:39 +08:00			`$plan = Plan::find(config('v2board.try_out_plan_id'));`
			`if ($plan) {`
			`$user->transfer_enable = $plan->transfer_enable * 1073741824;`
			`$user->plan_id = $plan->id;`
			`$user->group_id = $plan->group_id;`
			`$user->expired_at = time() + (config('v2board.try_out_hour', 1) * 3600);`
			`}`
			`}`

			`if (!$user->save()) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Register failed'));`
update 2020-01-29 16:22:39 +08:00			`}`
			`if ((int)config('v2board.email_verify', 0)) {`
update send email verify ttl 300 sec 2020-03-13 14:32:36 +08:00			`Cache::forget(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email')));`
update 2020-01-29 16:22:39 +08:00			`}`
opt register auto login 2020-02-09 18:21:58 +08:00			`$request->session()->put('email', $user->email);`
			`$request->session()->put('id', $user->id);`
update 2020-01-29 16:22:39 +08:00			`return response()->json([`
			`'data' => true`
			`]);`
			`}`

			`public function login(AuthLogin $request)`
			`{`
			`$email = $request->input('email');`
			`$password = $request->input('password');`

			`$user = User::where('email', $email)->first();`
			`if (!$user) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Incorrect email or password'));`
update 2020-01-29 16:22:39 +08:00			`}`
update changepassword 2020-02-02 20:44:52 +08:00			`if (!Helper::multiPasswordVerify(`
support multi password hash verify 2020-01-31 21:54:17 +08:00			`$user->password_algo,`
			`$password,`
			`$user->password)`
			`) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Incorrect email or password'));`
update 2020-01-29 16:22:39 +08:00			`}`

fix 2020-03-02 20:29:17 +08:00			`if ($user->banned) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Your account has been suspended'));`
update 2020-01-29 16:22:39 +08:00			`}`

fix admin login 2020-02-16 14:05:38 +08:00			`$data = [`
opt 2021-02-19 00:15:37 +08:00			`'token' => $user->token,`
			`'auth_data' => base64_encode("{$user->email}:{$user->password}")`
fix admin login 2020-02-16 14:05:38 +08:00			`];`
update 2020-01-29 16:22:39 +08:00			`$request->session()->put('email', $user->email);`
			`$request->session()->put('id', $user->id);`
			`if ($user->is_admin) {`
			`$request->session()->put('is_admin', true);`
fix admin login 2020-02-16 14:05:38 +08:00			`$data['is_admin'] = true;`
update 2020-01-29 16:22:39 +08:00			`}`
feature: multiple ban 2020-10-20 02:09:32 +08:00			`if ($user->is_staff) {`
			`$request->session()->put('is_staff', true);`
			`$data['is_staff'] = true;`
			`}`
update 2020-01-29 16:22:39 +08:00			`return response([`
fix admin login 2020-02-16 14:05:38 +08:00			`'data' => $data`
update 2020-01-29 16:22:39 +08:00			`]);`
			`}`

			`public function token2Login(Request $request)`
			`{`
			`if ($request->input('token')) {`
update 2020-08-13 21:36:59 +08:00			`$redirect = '/#/login?verify=' . $request->input('token') . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');`
update 2020-01-29 16:22:39 +08:00			`if (config('v2board.app_url')) {`
			`$location = config('v2board.app_url') . $redirect;`
			`} else {`
			`$location = url($redirect);`
			`}`
fix: token2login not working 2020-10-14 16:21:20 +08:00			`return redirect()->to($location)->send();`
update 2020-01-29 16:22:39 +08:00			`}`

			`if ($request->input('verify')) {`
update 2020-08-13 21:36:59 +08:00			`$key = CacheKey::get('TEMP_TOKEN', $request->input('verify'));`
update 2020-01-29 16:22:39 +08:00			`$userId = Cache::get($key);`
			`if (!$userId) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Token error'));`
update 2020-01-29 16:22:39 +08:00			`}`
			`$user = User::find($userId);`
			`if (!$user) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('The user does not '));`
update 2020-01-29 16:22:39 +08:00			`}`
fix 2020-03-02 20:29:17 +08:00			`if ($user->banned) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Your account has been suspended'));`
update 2020-01-29 16:22:39 +08:00			`}`
			`$request->session()->put('email', $user->email);`
			`$request->session()->put('id', $user->id);`
			`if ($user->is_admin) {`
			`$request->session()->put('is_admin', true);`
			`}`
			`Cache::forget($key);`
			`return response([`
			`'data' => true`
			`]);`
			`}`
			`}`

update 2020-08-13 21:36:59 +08:00			`public function getTempToken(Request $request)`
			`{`
			`$user = User::where('token', $request->input('token'))->first();`
			`if (!$user) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Token error'));`
update 2020-08-13 21:36:59 +08:00			`}`

			`$code = Helper::guid();`
			`$key = CacheKey::get('TEMP_TOKEN', $code);`
			`Cache::put($key, $user->id, 60);`
			`return response([`
			`'data' => $code`
			`]);`
			`}`

feature: multiple ban 2020-10-20 02:09:32 +08:00			`public function getQuickLoginUrl(Request $request)`
			`{`
opt 2021-02-19 00:15:37 +08:00			`$authData = explode(':', base64_decode($request->input('auth_data')));`
update: quick login url 2021-07-19 20:17:34 +08:00			`if (!isset($authData[0])) abort(403, __('Token error'));`
opt 2021-02-19 00:15:37 +08:00			`$user = User::where('email', $authData[0])`
			`->where('password', $authData[1])`
			`->first();`
feature: multiple ban 2020-10-20 02:09:32 +08:00			`if (!$user) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Token error'));`
feature: multiple ban 2020-10-20 02:09:32 +08:00			`}`

			`$code = Helper::guid();`
			`$key = CacheKey::get('TEMP_TOKEN', $code);`
			`Cache::put($key, $user->id, 60);`
			`$redirect = '/#/login?verify=' . $code . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');`
			`if (config('v2board.app_url')) {`
			`$url = config('v2board.app_url') . $redirect;`
			`} else {`
			`$url = url($redirect);`
			`}`
			`return response([`
			`'data' => $url`
			`]);`
			`}`

update 2020-01-29 16:22:39 +08:00			`public function check(Request $request)`
			`{`
fix admin login 2020-02-16 13:52:15 +08:00			`$data = [`
fix admin login 2020-02-16 13:55:48 +08:00			`'is_login' => $request->session()->get('id') ? true : false`
fix admin login 2020-02-16 13:48:31 +08:00			`];`
			`if ($request->session()->get('is_admin')) {`
fix admin login 2020-02-16 13:52:15 +08:00			`$data['is_admin'] = true;`
fix admin login 2020-02-16 13:48:31 +08:00			`}`
fix admin login 2020-02-16 13:52:15 +08:00			`return response([`
			`'data' => $data`
			`]);`
update 2020-01-29 16:22:39 +08:00			`}`

			`public function forget(AuthForget $request)`
			`{`
update send email verify ttl 300 sec 2020-03-13 14:32:36 +08:00			`if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Incorrect email verification code'));`
update 2020-01-29 16:22:39 +08:00			`}`
			`$user = User::where('email', $request->input('email'))->first();`
fix forget 2020-02-07 19:34:24 +08:00			`if (!$user) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('This email is not registered in the system'));`
fix forget 2020-02-07 19:34:24 +08:00			`}`
update 2020-01-29 16:22:39 +08:00			`$user->password = password_hash($request->input('password'), PASSWORD_DEFAULT);`
support multi password hash verify 2020-01-31 21:54:17 +08:00			`$user->password_algo = NULL;`
update 2020-01-29 16:22:39 +08:00			`if (!$user->save()) {`
update: language more 2021-06-12 00:56:39 +08:00			`abort(500, __('Reset failed'));`
update 2020-01-29 16:22:39 +08:00			`}`
update send email verify ttl 300 sec 2020-03-13 14:32:36 +08:00			`Cache::forget(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email')));`
update 2020-01-29 16:22:39 +08:00			`return response([`
			`'data' => true`
			`]);`
			`}`
add email whitelist config 2020-02-09 18:01:06 +08:00
update 2020-01-29 16:22:39 +08:00			`}`