mirror of
https://github.com/v2board/v2board.git
synced 2025-10-31 17:31:49 +08:00
update: new auth
This commit is contained in:
tokumeikoi
@@ -39,7 +39,7 @@ class ConfigController extends Controller
|
||||
public function testSendMail(Request $request)
|
||||
{
|
||||
$obj = new SendEmailJob([
|
||||
'email' => $request->session()->get('email'),
|
||||
'email' => $request->user->email,
|
||||
'subject' => 'This is v2board test email',
|
||||
'template_name' => 'notify',
|
||||
'template_value' => [
|
||||
|
||||
@@ -68,7 +68,7 @@ class TicketController extends Controller
|
||||
$ticketService->replyByAdmin(
|
||||
$request->input('id'),
|
||||
$request->input('message'),
|
||||
$request->session()->get('id')
|
||||
$request->user->id
|
||||
);
|
||||
return response([
|
||||
'data' => true
|
||||
|
||||
@@ -167,8 +167,8 @@ class AuthController extends Controller
|
||||
'token' => $user->token,
|
||||
'auth_data' => base64_encode("{$user->email}:{$user->password}")
|
||||
];
|
||||
$request->session()->put('email', $user->email);
|
||||
$request->session()->put('id', $user->id);
|
||||
|
||||
Helper::setSession($request, $user);
|
||||
$user->last_login_at = time();
|
||||
$user->save();
|
||||
|
||||
@@ -210,16 +210,8 @@ class AuthController extends Controller
|
||||
'token' => $user->token,
|
||||
'auth_data' => base64_encode("{$user->email}:{$user->password}")
|
||||
];
|
||||
$request->session()->put('email', $user->email);
|
||||
$request->session()->put('id', $user->id);
|
||||
if ($user->is_admin) {
|
||||
$request->session()->put('is_admin', true);
|
||||
$data['is_admin'] = true;
|
||||
}
|
||||
if ($user->is_staff) {
|
||||
$request->session()->put('is_staff', true);
|
||||
$data['is_staff'] = true;
|
||||
}
|
||||
|
||||
if ($user->is_admin) $data['is_admin'] = true;
|
||||
return response([
|
||||
'data' => $data
|
||||
]);
|
||||
@@ -250,11 +242,7 @@ class AuthController extends Controller
|
||||
if ($user->banned) {
|
||||
abort(500, __('Your account has been suspended'));
|
||||
}
|
||||
$request->session()->put('email', $user->email);
|
||||
$request->session()->put('id', $user->id);
|
||||
if ($user->is_admin) {
|
||||
$request->session()->put('is_admin', true);
|
||||
}
|
||||
Helper::setSession($request, $user);
|
||||
Cache::forget($key);
|
||||
return response([
|
||||
'data' => true
|
||||
@@ -302,19 +290,6 @@ class AuthController extends Controller
|
||||
]);
|
||||
}
|
||||
|
||||
public function check(Request $request)
|
||||
{
|
||||
$data = [
|
||||
'is_login' => $request->session()->get('id') ? true : false
|
||||
];
|
||||
if ($request->session()->get('is_admin')) {
|
||||
$data['is_admin'] = true;
|
||||
}
|
||||
return response([
|
||||
'data' => $data
|
||||
]);
|
||||
}
|
||||
|
||||
public function forget(AuthForget $request)
|
||||
{
|
||||
if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {
|
||||
@@ -335,5 +310,4 @@ class AuthController extends Controller
|
||||
'data' => true
|
||||
]);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -57,7 +57,7 @@ class TicketController extends Controller
|
||||
$ticketService->replyByAdmin(
|
||||
$request->input('id'),
|
||||
$request->input('message'),
|
||||
$request->session()->get('id')
|
||||
$request->user->id
|
||||
);
|
||||
return response([
|
||||
'data' => true
|
||||
|
||||
@@ -16,7 +16,7 @@ class CouponController extends Controller
|
||||
}
|
||||
$couponService = new CouponService($request->input('code'));
|
||||
$couponService->setPlanId($request->input('plan_id'));
|
||||
$couponService->setUserId($request->session()->get('id'));
|
||||
$couponService->setUserId($request->user->id);
|
||||
$couponService->check();
|
||||
return response([
|
||||
'data' => $couponService->getCoupon()
|
||||
|
||||
@@ -14,11 +14,11 @@ class InviteController extends Controller
|
||||
{
|
||||
public function save(Request $request)
|
||||
{
|
||||
if (InviteCode::where('user_id', $request->session()->get('id'))->where('status', 0)->count() >= config('v2board.invite_gen_limit', 5)) {
|
||||
if (InviteCode::where('user_id', $request->user->id)->where('status', 0)->count() >= config('v2board.invite_gen_limit', 5)) {
|
||||
abort(500, __('The maximum number of creations has been reached'));
|
||||
}
|
||||
$inviteCode = new InviteCode();
|
||||
$inviteCode->user_id = $request->session()->get('id');
|
||||
$inviteCode->user_id = $request->user->id;
|
||||
$inviteCode->code = Helper::randomChar(8);
|
||||
return response([
|
||||
'data' => $inviteCode->save()
|
||||
@@ -28,7 +28,7 @@ class InviteController extends Controller
|
||||
public function details(Request $request)
|
||||
{
|
||||
return response([
|
||||
'data' => CommissionLog::where('invite_user_id', $request->session()->get('id'))
|
||||
'data' => CommissionLog::where('invite_user_id', $request->user->id)
|
||||
->where('get_amount', '>', 0)
|
||||
->select([
|
||||
'id',
|
||||
@@ -43,26 +43,26 @@ class InviteController extends Controller
|
||||
|
||||
public function fetch(Request $request)
|
||||
{
|
||||
$codes = InviteCode::where('user_id', $request->session()->get('id'))
|
||||
$codes = InviteCode::where('user_id', $request->user->id)
|
||||
->where('status', 0)
|
||||
->get();
|
||||
$commission_rate = config('v2board.invite_commission', 10);
|
||||
$user = User::find($request->session()->get('id'));
|
||||
$user = User::find($request->user->id);
|
||||
if ($user->commission_rate) {
|
||||
$commission_rate = $user->commission_rate;
|
||||
}
|
||||
$stat = [
|
||||
//已注册用户数
|
||||
(int)User::where('invite_user_id', $request->session()->get('id'))->count(),
|
||||
(int)User::where('invite_user_id', $request->user->id)->count(),
|
||||
//有效的佣金
|
||||
(int)Order::where('status', 3)
|
||||
->where('commission_status', 2)
|
||||
->where('invite_user_id', $request->session()->get('id'))
|
||||
->where('invite_user_id', $request->user->id)
|
||||
->sum('commission_balance'),
|
||||
//确认中的佣金
|
||||
(int)Order::where('status', 3)
|
||||
->where('commission_status', 0)
|
||||
->where('invite_user_id', $request->session()->get('id'))
|
||||
->where('invite_user_id', $request->user->id)
|
||||
->sum('commission_balance'),
|
||||
//佣金比例
|
||||
(int)$commission_rate,
|
||||
|
||||
@@ -19,7 +19,7 @@ class KnowledgeController extends Controller
|
||||
->first()
|
||||
->toArray();
|
||||
if (!$knowledge) abort(500, __('Article does not exist'));
|
||||
$user = User::find($request->session()->get('id'));
|
||||
$user = User::find($request->user->id);
|
||||
$userService = new UserService();
|
||||
if ($userService->isAvailable($user)) {
|
||||
$appleId = config('v2board.apple_id');
|
||||
|
||||
@@ -29,7 +29,7 @@ class OrderController extends Controller
|
||||
{
|
||||
public function fetch(Request $request)
|
||||
{
|
||||
$model = Order::where('user_id', $request->session()->get('id'))
|
||||
$model = Order::where('user_id', $request->user->id)
|
||||
->orderBy('created_at', 'DESC');
|
||||
if ($request->input('status') !== null) {
|
||||
$model->where('status', $request->input('status'));
|
||||
@@ -50,7 +50,7 @@ class OrderController extends Controller
|
||||
|
||||
public function detail(Request $request)
|
||||
{
|
||||
$order = Order::where('user_id', $request->session()->get('id'))
|
||||
$order = Order::where('user_id', $request->user->id)
|
||||
->where('trade_no', $request->input('trade_no'))
|
||||
->first();
|
||||
if (!$order) {
|
||||
@@ -72,14 +72,14 @@ class OrderController extends Controller
|
||||
public function save(OrderSave $request)
|
||||
{
|
||||
$userService = new UserService();
|
||||
if ($userService->isNotCompleteOrderByUserId($request->session()->get('id'))) {
|
||||
if ($userService->isNotCompleteOrderByUserId($request->user->id)) {
|
||||
abort(500, __('You have an unpaid or pending order, please try again later or cancel it'));
|
||||
}
|
||||
|
||||
$planService = new PlanService($request->input('plan_id'));
|
||||
|
||||
$plan = $planService->plan;
|
||||
$user = User::find($request->session()->get('id'));
|
||||
$user = User::find($request->user->id);
|
||||
|
||||
if (!$plan) {
|
||||
abort(500, __('Subscription plan does not exist'));
|
||||
@@ -121,7 +121,7 @@ class OrderController extends Controller
|
||||
DB::beginTransaction();
|
||||
$order = new Order();
|
||||
$orderService = new OrderService($order);
|
||||
$order->user_id = $request->session()->get('id');
|
||||
$order->user_id = $request->user->id;
|
||||
$order->plan_id = $plan->id;
|
||||
$order->period = $request->input('period');
|
||||
$order->trade_no = Helper::generateOrderNo();
|
||||
@@ -177,7 +177,7 @@ class OrderController extends Controller
|
||||
$tradeNo = $request->input('trade_no');
|
||||
$method = $request->input('method');
|
||||
$order = Order::where('trade_no', $tradeNo)
|
||||
->where('user_id', $request->session()->get('id'))
|
||||
->where('user_id', $request->user->id)
|
||||
->where('status', 0)
|
||||
->first();
|
||||
if (!$order) {
|
||||
@@ -216,7 +216,7 @@ class OrderController extends Controller
|
||||
{
|
||||
$tradeNo = $request->input('trade_no');
|
||||
$order = Order::where('trade_no', $tradeNo)
|
||||
->where('user_id', $request->session()->get('id'))
|
||||
->where('user_id', $request->user->id)
|
||||
->first();
|
||||
if (!$order) {
|
||||
abort(500, __('Order does not exist'));
|
||||
@@ -249,7 +249,7 @@ class OrderController extends Controller
|
||||
abort(500, __('Invalid parameter'));
|
||||
}
|
||||
$order = Order::where('trade_no', $request->input('trade_no'))
|
||||
->where('user_id', $request->session()->get('id'))
|
||||
->where('user_id', $request->user->id)
|
||||
->first();
|
||||
if (!$order) {
|
||||
abort(500, __('Order does not exist'));
|
||||
|
||||
@@ -12,7 +12,7 @@ class PlanController extends Controller
|
||||
{
|
||||
public function fetch(Request $request)
|
||||
{
|
||||
$user = User::find($request->session()->get('id'));
|
||||
$user = User::find($request->user->id);
|
||||
if ($request->input('id')) {
|
||||
$plan = Plan::where('id', $request->input('id'))->first();
|
||||
if (!$plan) {
|
||||
|
||||
@@ -19,7 +19,7 @@ class ServerController extends Controller
|
||||
{
|
||||
public function fetch(Request $request)
|
||||
{
|
||||
$user = User::find($request->session()->get('id'));
|
||||
$user = User::find($request->user->id);
|
||||
$servers = [];
|
||||
$userService = new UserService();
|
||||
if ($userService->isAvailable($user)) {
|
||||
|
||||
@@ -18,7 +18,7 @@ class StatController extends Controller
|
||||
'user_id',
|
||||
'server_rate'
|
||||
])
|
||||
->where('user_id', $request->session()->get('id'))
|
||||
->where('user_id', $request->user->id)
|
||||
->where('record_at', '>=', strtotime(date('Y-m-1')))
|
||||
->orderBy('record_at', 'DESC');
|
||||
return response([
|
||||
|
||||
@@ -22,6 +22,6 @@ class TelegramController extends Controller
|
||||
|
||||
public function unbind(Request $request)
|
||||
{
|
||||
$user = User::where('user_id', $request->session()->get('id'))->first();
|
||||
$user = User::where('user_id', $request->user->id)->first();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ class TicketController extends Controller
|
||||
{
|
||||
if ($request->input('id')) {
|
||||
$ticket = Ticket::where('id', $request->input('id'))
|
||||
->where('user_id', $request->session()->get('id'))
|
||||
->where('user_id', $request->user->id)
|
||||
->first();
|
||||
if (!$ticket) {
|
||||
abort(500, __('Ticket does not exist'));
|
||||
@@ -38,7 +38,7 @@ class TicketController extends Controller
|
||||
'data' => $ticket
|
||||
]);
|
||||
}
|
||||
$ticket = Ticket::where('user_id', $request->session()->get('id'))
|
||||
$ticket = Ticket::where('user_id', $request->user->id)
|
||||
->orderBy('created_at', 'DESC')
|
||||
->get();
|
||||
return response([
|
||||
@@ -49,21 +49,21 @@ class TicketController extends Controller
|
||||
public function save(TicketSave $request)
|
||||
{
|
||||
DB::beginTransaction();
|
||||
if ((int)Ticket::where('status', 0)->where('user_id', $request->session()->get('id'))->lockForUpdate()->count()) {
|
||||
if ((int)Ticket::where('status', 0)->where('user_id', $request->user->id)->lockForUpdate()->count()) {
|
||||
abort(500, __('There are other unresolved tickets'));
|
||||
}
|
||||
$ticket = Ticket::create(array_merge($request->only([
|
||||
'subject',
|
||||
'level'
|
||||
]), [
|
||||
'user_id' => $request->session()->get('id')
|
||||
'user_id' => $request->user->id
|
||||
]));
|
||||
if (!$ticket) {
|
||||
DB::rollback();
|
||||
abort(500, __('Failed to open ticket'));
|
||||
}
|
||||
$ticketMessage = TicketMessage::create([
|
||||
'user_id' => $request->session()->get('id'),
|
||||
'user_id' => $request->user->id,
|
||||
'ticket_id' => $ticket->id,
|
||||
'message' => $request->input('message')
|
||||
]);
|
||||
@@ -87,7 +87,7 @@ class TicketController extends Controller
|
||||
abort(500, __('Message cannot be empty'));
|
||||
}
|
||||
$ticket = Ticket::where('id', $request->input('id'))
|
||||
->where('user_id', $request->session()->get('id'))
|
||||
->where('user_id', $request->user->id)
|
||||
->first();
|
||||
if (!$ticket) {
|
||||
abort(500, __('Ticket does not exist'));
|
||||
@@ -95,14 +95,14 @@ class TicketController extends Controller
|
||||
if ($ticket->status) {
|
||||
abort(500, __('The ticket is closed and cannot be replied'));
|
||||
}
|
||||
if ($request->session()->get('id') == $this->getLastMessage($ticket->id)->user_id) {
|
||||
if ($request->user->id == $this->getLastMessage($ticket->id)->user_id) {
|
||||
abort(500, __('Please wait for the technical enginneer to reply'));
|
||||
}
|
||||
$ticketService = new TicketService();
|
||||
if (!$ticketService->reply(
|
||||
$ticket,
|
||||
$request->input('message'),
|
||||
$request->session()->get('id')
|
||||
$request->user->id
|
||||
)) {
|
||||
abort(500, __('Ticket reply failed'));
|
||||
}
|
||||
@@ -119,7 +119,7 @@ class TicketController extends Controller
|
||||
abort(500, __('Invalid parameter'));
|
||||
}
|
||||
$ticket = Ticket::where('id', $request->input('id'))
|
||||
->where('user_id', $request->session()->get('id'))
|
||||
->where('user_id', $request->user->id)
|
||||
->first();
|
||||
if (!$ticket) {
|
||||
abort(500, __('Ticket does not exist'));
|
||||
@@ -154,7 +154,7 @@ class TicketController extends Controller
|
||||
)) {
|
||||
abort(500, __('Unsupported withdrawal method'));
|
||||
}
|
||||
$user = User::find($request->session()->get('id'));
|
||||
$user = User::find($request->user->id);
|
||||
$limit = config('v2board.commission_withdraw_limit', 100);
|
||||
if ($limit > ($user->commission_balance / 100)) {
|
||||
abort(500, __('The current required minimum withdrawal commission is :limit', ['limit' => $limit]));
|
||||
@@ -164,7 +164,7 @@ class TicketController extends Controller
|
||||
$ticket = Ticket::create([
|
||||
'subject' => $subject,
|
||||
'level' => 2,
|
||||
'user_id' => $request->session()->get('id')
|
||||
'user_id' => $request->user->id
|
||||
]);
|
||||
if (!$ticket) {
|
||||
DB::rollback();
|
||||
@@ -175,7 +175,7 @@ class TicketController extends Controller
|
||||
__('Withdrawal account') . ":" . $request->input('withdraw_account')
|
||||
);
|
||||
$ticketMessage = TicketMessage::create([
|
||||
'user_id' => $request->session()->get('id'),
|
||||
'user_id' => $request->user->id,
|
||||
'ticket_id' => $ticket->id,
|
||||
'message' => $message
|
||||
]);
|
||||
|
||||
@@ -18,17 +18,22 @@ use Illuminate\Support\Facades\Cache;
|
||||
|
||||
class UserController extends Controller
|
||||
{
|
||||
public function logout(Request $request)
|
||||
public function checkLogin(Request $request)
|
||||
{
|
||||
$request->session()->flush();
|
||||
$data = [
|
||||
'is_login' => $request->user->id ? true : false
|
||||
];
|
||||
if ($request->user->is_admin) {
|
||||
$data['is_admin'] = true;
|
||||
}
|
||||
return response([
|
||||
'data' => true
|
||||
'data' => $data
|
||||
]);
|
||||
}
|
||||
|
||||
public function changePassword(UserChangePassword $request)
|
||||
{
|
||||
$user = User::find($request->session()->get('id'));
|
||||
$user = User::find($request->user->id);
|
||||
if (!$user) {
|
||||
abort(500, __('The user does not exist'));
|
||||
}
|
||||
@@ -46,7 +51,6 @@ class UserController extends Controller
|
||||
if (!$user->save()) {
|
||||
abort(500, __('Save failed'));
|
||||
}
|
||||
$request->session()->flush();
|
||||
return response([
|
||||
'data' => true
|
||||
]);
|
||||
@@ -54,7 +58,7 @@ class UserController extends Controller
|
||||
|
||||
public function info(Request $request)
|
||||
{
|
||||
$user = User::where('id', $request->session()->get('id'))
|
||||
$user = User::where('id', $request->user->id)
|
||||
->select([
|
||||
'email',
|
||||
'transfer_enable',
|
||||
@@ -86,12 +90,12 @@ class UserController extends Controller
|
||||
{
|
||||
$stat = [
|
||||
Order::where('status', 0)
|
||||
->where('user_id', $request->session()->get('id'))
|
||||
->where('user_id', $request->user->id)
|
||||
->count(),
|
||||
Ticket::where('status', 0)
|
||||
->where('user_id', $request->session()->get('id'))
|
||||
->where('user_id', $request->user->id)
|
||||
->count(),
|
||||
User::where('invite_user_id', $request->session()->get('id'))
|
||||
User::where('invite_user_id', $request->user->id)
|
||||
->count()
|
||||
];
|
||||
return response([
|
||||
@@ -101,7 +105,7 @@ class UserController extends Controller
|
||||
|
||||
public function getSubscribe(Request $request)
|
||||
{
|
||||
$user = User::where('id', $request->session()->get('id'))
|
||||
$user = User::where('id', $request->user->id)
|
||||
->select([
|
||||
'plan_id',
|
||||
'token',
|
||||
@@ -131,7 +135,7 @@ class UserController extends Controller
|
||||
|
||||
public function resetSecurity(Request $request)
|
||||
{
|
||||
$user = User::find($request->session()->get('id'));
|
||||
$user = User::find($request->user->id);
|
||||
if (!$user) {
|
||||
abort(500, __('The user does not exist'));
|
||||
}
|
||||
@@ -152,7 +156,7 @@ class UserController extends Controller
|
||||
'remind_traffic'
|
||||
]);
|
||||
|
||||
$user = User::find($request->session()->get('id'));
|
||||
$user = User::find($request->user->id);
|
||||
if (!$user) {
|
||||
abort(500, __('The user does not exist'));
|
||||
}
|
||||
@@ -169,7 +173,7 @@ class UserController extends Controller
|
||||
|
||||
public function transfer(UserTransfer $request)
|
||||
{
|
||||
$user = User::find($request->session()->get('id'));
|
||||
$user = User::find($request->user->id);
|
||||
if (!$user) {
|
||||
abort(500, __('The user does not exist'));
|
||||
}
|
||||
@@ -188,7 +192,7 @@ class UserController extends Controller
|
||||
|
||||
public function getQuickLoginUrl(Request $request)
|
||||
{
|
||||
$user = User::find($request->session()->get('id'));
|
||||
$user = User::find($request->user->id);
|
||||
if (!$user) {
|
||||
abort(500, __('The user does not exist'));
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\Http;
|
||||
|
||||
use Fruitcake\Cors\HandleCors;
|
||||
use Illuminate\Foundation\Http\Kernel as HttpKernel;
|
||||
|
||||
class Kernel extends HttpKernel
|
||||
@@ -14,6 +15,7 @@ class Kernel extends HttpKernel
|
||||
* @var array
|
||||
*/
|
||||
protected $middleware = [
|
||||
\App\Http\Middleware\CORS::class,
|
||||
\App\Http\Middleware\TrustProxies::class,
|
||||
\App\Http\Middleware\CheckForMaintenanceMode::class,
|
||||
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
|
||||
@@ -28,22 +30,20 @@ class Kernel extends HttpKernel
|
||||
*/
|
||||
protected $middlewareGroups = [
|
||||
'web' => [
|
||||
\App\Http\Middleware\EncryptCookies::class,
|
||||
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
||||
\Illuminate\Session\Middleware\StartSession::class,
|
||||
// \App\Http\Middleware\EncryptCookies::class,
|
||||
// \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
||||
// \Illuminate\Session\Middleware\StartSession::class,
|
||||
// \Illuminate\Session\Middleware\AuthenticateSession::class,
|
||||
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
||||
\App\Http\Middleware\VerifyCsrfToken::class,
|
||||
\Illuminate\Routing\Middleware\SubstituteBindings::class,
|
||||
\App\Http\Middleware\CORS::class,
|
||||
],
|
||||
|
||||
'api' => [
|
||||
\App\Http\Middleware\EncryptCookies::class,
|
||||
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
||||
\Illuminate\Session\Middleware\StartSession::class,
|
||||
// \App\Http\Middleware\EncryptCookies::class,
|
||||
// \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
||||
// \Illuminate\Session\Middleware\StartSession::class,
|
||||
\App\Http\Middleware\ForceJson::class,
|
||||
\App\Http\Middleware\CORS::class,
|
||||
\App\Http\Middleware\Language::class,
|
||||
'bindings',
|
||||
],
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Laravel\Horizon\Horizon;
|
||||
|
||||
class Admin
|
||||
{
|
||||
@@ -15,9 +16,19 @@ class Admin
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
if (!$request->session()->get('is_admin')) {
|
||||
abort(403, '权限不足');
|
||||
}
|
||||
$authorization = $request->input('auth_data') ?? $request->header('authorization');
|
||||
if (!$authorization) abort(403, '未登录或登陆已过期');
|
||||
|
||||
$authData = explode(':', base64_decode($authorization));
|
||||
if (!isset($authData[1]) || !isset($authData[0])) abort(403, '鉴权失败,请重新登入');
|
||||
$user = \App\Models\User::where('password', $authData[1])
|
||||
->where('email', $authData[0])
|
||||
->first();
|
||||
if (!$user) abort(403, '鉴权失败,请重新登入');
|
||||
if (!$user->is_admin) abort(403, '未登录或登陆已过期');
|
||||
$request->merge([
|
||||
'user' => $user
|
||||
]);
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,8 +17,8 @@ class CORS
|
||||
}
|
||||
$response = $next($request);
|
||||
$response->header('Access-Control-Allow-Origin', trim($origin, '/'));
|
||||
$response->header('Access-Control-Allow-Methods', 'GET,POST,OPTIONS');
|
||||
$response->header('Access-Control-Allow-Headers', 'Content-Type,X-Requested-With');
|
||||
$response->header('Access-Control-Allow-Methods', 'GET,POST,OPTIONS,HEAD');
|
||||
$response->header('Access-Control-Allow-Headers', 'Origin,Content-Type,Accept,Authorization,X-Request-With');
|
||||
$response->header('Access-Control-Allow-Credentials', 'true');
|
||||
$response->header('Access-Control-Max-Age', 10080);
|
||||
|
||||
|
||||
@@ -26,7 +26,9 @@ class Client
|
||||
if (!$user) {
|
||||
abort(403, 'token is error');
|
||||
}
|
||||
$request->user = $user;
|
||||
$request->merge([
|
||||
'user' => $user
|
||||
]);
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,9 +15,19 @@ class Staff
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
if (!$request->session()->get('is_staff')) {
|
||||
abort(403, '权限不足');
|
||||
}
|
||||
$authorization = $request->input('auth_data') ?? $request->header('authorization');
|
||||
if (!$authorization) abort(403, '未登录或登陆已过期');
|
||||
|
||||
$authData = explode(':', base64_decode($authorization));
|
||||
if (!isset($authData[1]) || !isset($authData[0])) abort(403, '鉴权失败,请重新登入');
|
||||
$user = \App\Models\User::where('password', $authData[1])
|
||||
->where('email', $authData[0])
|
||||
->first();
|
||||
if (!$user) abort(403, '鉴权失败,请重新登入');
|
||||
if (!$user->is_staff) abort(403, '未登录或登陆已过期');
|
||||
$request->merge([
|
||||
'user' => $user
|
||||
]);
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Utils\Helper;
|
||||
use Closure;
|
||||
|
||||
class User
|
||||
@@ -16,19 +17,17 @@ class User
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
$authorization = $request->input('auth_data') ?? $request->header('authorization');
|
||||
if ($authorization) {
|
||||
$authData = explode(':', base64_decode($authorization));
|
||||
if (!isset($authData[1]) || !isset($authData[0])) abort(403, '鉴权失败,请重新登入');
|
||||
$user = \App\Models\User::where('password', $authData[1])
|
||||
->where('email', $authData[0])
|
||||
->first();
|
||||
if (!$user) abort(403, '鉴权失败,请重新登入');
|
||||
$request->session()->put('email', $user->email);
|
||||
$request->session()->put('id', $user->id);
|
||||
}
|
||||
if (!$request->session()->get('id')) {
|
||||
abort(403, '未登录或登陆已过期');
|
||||
}
|
||||
if (!$authorization) abort(403, '未登录或登陆已过期');
|
||||
|
||||
$authData = explode(':', base64_decode($authorization));
|
||||
if (!isset($authData[1]) || !isset($authData[0])) abort(403, '鉴权失败,请重新登入');
|
||||
$user = \App\Models\User::where('password', $authData[1])
|
||||
->where('email', $authData[0])
|
||||
->first();
|
||||
if (!$user) abort(403, '鉴权失败,请重新登入');
|
||||
$request->merge([
|
||||
'user' => $user
|
||||
]);
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,7 +14,6 @@ class PassportRoute
|
||||
$router->post('/auth/register', 'Passport\\AuthController@register');
|
||||
$router->post('/auth/login', 'Passport\\AuthController@login');
|
||||
$router->get ('/auth/token2Login', 'Passport\\AuthController@token2Login');
|
||||
$router->get ('/auth/check', 'Passport\\AuthController@check');
|
||||
$router->post('/auth/forget', 'Passport\\AuthController@forget');
|
||||
$router->post('/auth/getTempToken', 'Passport\\AuthController@getTempToken');
|
||||
$router->post('/auth/getQuickLoginUrl', 'Passport\\AuthController@getQuickLoginUrl');
|
||||
|
||||
@@ -13,12 +13,12 @@ class UserRoute
|
||||
], function ($router) {
|
||||
// User
|
||||
$router->get ('/resetSecurity', 'User\\UserController@resetSecurity');
|
||||
$router->get ('/logout', 'User\\UserController@logout');
|
||||
$router->get ('/info', 'User\\UserController@info');
|
||||
$router->post('/changePassword', 'User\\UserController@changePassword');
|
||||
$router->post('/update', 'User\\UserController@update');
|
||||
$router->get ('/getSubscribe', 'User\\UserController@getSubscribe');
|
||||
$router->get ('/getStat', 'User\\UserController@getStat');
|
||||
$router->get ('/checkLogin', 'User\\UserController@checkLogin');
|
||||
$router->post('/transfer', 'User\\UserController@transfer');
|
||||
$router->post('/getQuickLoginUrl', 'User\\UserController@getQuickLoginUrl');
|
||||
// Order
|
||||
|
||||
Reference in New Issue
Block a user