update: new auth

This commit is contained in:
tokumeikoi 2022-07-11 14:48:35 +08:00
parent 2073727a0a
commit dc27410c12
28 changed files with 117 additions and 123 deletions

View File

@ -39,7 +39,7 @@ class ConfigController extends Controller
public function testSendMail(Request $request) public function testSendMail(Request $request)
{ {
$obj = new SendEmailJob([ $obj = new SendEmailJob([
'email' => $request->session()->get('email'), 'email' => $request->user->email,
'subject' => 'This is v2board test email', 'subject' => 'This is v2board test email',
'template_name' => 'notify', 'template_name' => 'notify',
'template_value' => [ 'template_value' => [

View File

@ -68,7 +68,7 @@ class TicketController extends Controller
$ticketService->replyByAdmin( $ticketService->replyByAdmin(
$request->input('id'), $request->input('id'),
$request->input('message'), $request->input('message'),
$request->session()->get('id') $request->user->id
); );
return response([ return response([
'data' => true 'data' => true

View File

@ -167,8 +167,8 @@ class AuthController extends Controller
'token' => $user->token, 'token' => $user->token,
'auth_data' => base64_encode("{$user->email}:{$user->password}") 'auth_data' => base64_encode("{$user->email}:{$user->password}")
]; ];
$request->session()->put('email', $user->email);
$request->session()->put('id', $user->id); Helper::setSession($request, $user);
$user->last_login_at = time(); $user->last_login_at = time();
$user->save(); $user->save();
@ -210,16 +210,8 @@ class AuthController extends Controller
'token' => $user->token, 'token' => $user->token,
'auth_data' => base64_encode("{$user->email}:{$user->password}") 'auth_data' => base64_encode("{$user->email}:{$user->password}")
]; ];
$request->session()->put('email', $user->email);
$request->session()->put('id', $user->id); if ($user->is_admin) $data['is_admin'] = true;
if ($user->is_admin) {
$request->session()->put('is_admin', true);
$data['is_admin'] = true;
}
if ($user->is_staff) {
$request->session()->put('is_staff', true);
$data['is_staff'] = true;
}
return response([ return response([
'data' => $data 'data' => $data
]); ]);
@ -250,11 +242,7 @@ class AuthController extends Controller
if ($user->banned) { if ($user->banned) {
abort(500, __('Your account has been suspended')); abort(500, __('Your account has been suspended'));
} }
$request->session()->put('email', $user->email); Helper::setSession($request, $user);
$request->session()->put('id', $user->id);
if ($user->is_admin) {
$request->session()->put('is_admin', true);
}
Cache::forget($key); Cache::forget($key);
return response([ return response([
'data' => true 'data' => true
@ -302,19 +290,6 @@ class AuthController extends Controller
]); ]);
} }
public function check(Request $request)
{
$data = [
'is_login' => $request->session()->get('id') ? true : false
];
if ($request->session()->get('is_admin')) {
$data['is_admin'] = true;
}
return response([
'data' => $data
]);
}
public function forget(AuthForget $request) public function forget(AuthForget $request)
{ {
if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) { if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {
@ -335,5 +310,4 @@ class AuthController extends Controller
'data' => true 'data' => true
]); ]);
} }
} }

View File

@ -57,7 +57,7 @@ class TicketController extends Controller
$ticketService->replyByAdmin( $ticketService->replyByAdmin(
$request->input('id'), $request->input('id'),
$request->input('message'), $request->input('message'),
$request->session()->get('id') $request->user->id
); );
return response([ return response([
'data' => true 'data' => true

View File

@ -16,7 +16,7 @@ class CouponController extends Controller
} }
$couponService = new CouponService($request->input('code')); $couponService = new CouponService($request->input('code'));
$couponService->setPlanId($request->input('plan_id')); $couponService->setPlanId($request->input('plan_id'));
$couponService->setUserId($request->session()->get('id')); $couponService->setUserId($request->user->id);
$couponService->check(); $couponService->check();
return response([ return response([
'data' => $couponService->getCoupon() 'data' => $couponService->getCoupon()

View File

@ -14,11 +14,11 @@ class InviteController extends Controller
{ {
public function save(Request $request) public function save(Request $request)
{ {
if (InviteCode::where('user_id', $request->session()->get('id'))->where('status', 0)->count() >= config('v2board.invite_gen_limit', 5)) { if (InviteCode::where('user_id', $request->user->id)->where('status', 0)->count() >= config('v2board.invite_gen_limit', 5)) {
abort(500, __('The maximum number of creations has been reached')); abort(500, __('The maximum number of creations has been reached'));
} }
$inviteCode = new InviteCode(); $inviteCode = new InviteCode();
$inviteCode->user_id = $request->session()->get('id'); $inviteCode->user_id = $request->user->id;
$inviteCode->code = Helper::randomChar(8); $inviteCode->code = Helper::randomChar(8);
return response([ return response([
'data' => $inviteCode->save() 'data' => $inviteCode->save()
@ -28,7 +28,7 @@ class InviteController extends Controller
public function details(Request $request) public function details(Request $request)
{ {
return response([ return response([
'data' => CommissionLog::where('invite_user_id', $request->session()->get('id')) 'data' => CommissionLog::where('invite_user_id', $request->user->id)
->where('get_amount', '>', 0) ->where('get_amount', '>', 0)
->select([ ->select([
'id', 'id',
@ -43,26 +43,26 @@ class InviteController extends Controller
public function fetch(Request $request) public function fetch(Request $request)
{ {
$codes = InviteCode::where('user_id', $request->session()->get('id')) $codes = InviteCode::where('user_id', $request->user->id)
->where('status', 0) ->where('status', 0)
->get(); ->get();
$commission_rate = config('v2board.invite_commission', 10); $commission_rate = config('v2board.invite_commission', 10);
$user = User::find($request->session()->get('id')); $user = User::find($request->user->id);
if ($user->commission_rate) { if ($user->commission_rate) {
$commission_rate = $user->commission_rate; $commission_rate = $user->commission_rate;
} }
$stat = [ $stat = [
//已注册用户数 //已注册用户数
(int)User::where('invite_user_id', $request->session()->get('id'))->count(), (int)User::where('invite_user_id', $request->user->id)->count(),
//有效的佣金 //有效的佣金
(int)Order::where('status', 3) (int)Order::where('status', 3)
->where('commission_status', 2) ->where('commission_status', 2)
->where('invite_user_id', $request->session()->get('id')) ->where('invite_user_id', $request->user->id)
->sum('commission_balance'), ->sum('commission_balance'),
//确认中的佣金 //确认中的佣金
(int)Order::where('status', 3) (int)Order::where('status', 3)
->where('commission_status', 0) ->where('commission_status', 0)
->where('invite_user_id', $request->session()->get('id')) ->where('invite_user_id', $request->user->id)
->sum('commission_balance'), ->sum('commission_balance'),
//佣金比例 //佣金比例
(int)$commission_rate, (int)$commission_rate,

View File

@ -19,7 +19,7 @@ class KnowledgeController extends Controller
->first() ->first()
->toArray(); ->toArray();
if (!$knowledge) abort(500, __('Article does not exist')); if (!$knowledge) abort(500, __('Article does not exist'));
$user = User::find($request->session()->get('id')); $user = User::find($request->user->id);
$userService = new UserService(); $userService = new UserService();
if ($userService->isAvailable($user)) { if ($userService->isAvailable($user)) {
$appleId = config('v2board.apple_id'); $appleId = config('v2board.apple_id');

View File

@ -29,7 +29,7 @@ class OrderController extends Controller
{ {
public function fetch(Request $request) public function fetch(Request $request)
{ {
$model = Order::where('user_id', $request->session()->get('id')) $model = Order::where('user_id', $request->user->id)
->orderBy('created_at', 'DESC'); ->orderBy('created_at', 'DESC');
if ($request->input('status') !== null) { if ($request->input('status') !== null) {
$model->where('status', $request->input('status')); $model->where('status', $request->input('status'));
@ -50,7 +50,7 @@ class OrderController extends Controller
public function detail(Request $request) public function detail(Request $request)
{ {
$order = Order::where('user_id', $request->session()->get('id')) $order = Order::where('user_id', $request->user->id)
->where('trade_no', $request->input('trade_no')) ->where('trade_no', $request->input('trade_no'))
->first(); ->first();
if (!$order) { if (!$order) {
@ -72,14 +72,14 @@ class OrderController extends Controller
public function save(OrderSave $request) public function save(OrderSave $request)
{ {
$userService = new UserService(); $userService = new UserService();
if ($userService->isNotCompleteOrderByUserId($request->session()->get('id'))) { if ($userService->isNotCompleteOrderByUserId($request->user->id)) {
abort(500, __('You have an unpaid or pending order, please try again later or cancel it')); abort(500, __('You have an unpaid or pending order, please try again later or cancel it'));
} }
$planService = new PlanService($request->input('plan_id')); $planService = new PlanService($request->input('plan_id'));
$plan = $planService->plan; $plan = $planService->plan;
$user = User::find($request->session()->get('id')); $user = User::find($request->user->id);
if (!$plan) { if (!$plan) {
abort(500, __('Subscription plan does not exist')); abort(500, __('Subscription plan does not exist'));
@ -121,7 +121,7 @@ class OrderController extends Controller
DB::beginTransaction(); DB::beginTransaction();
$order = new Order(); $order = new Order();
$orderService = new OrderService($order); $orderService = new OrderService($order);
$order->user_id = $request->session()->get('id'); $order->user_id = $request->user->id;
$order->plan_id = $plan->id; $order->plan_id = $plan->id;
$order->period = $request->input('period'); $order->period = $request->input('period');
$order->trade_no = Helper::generateOrderNo(); $order->trade_no = Helper::generateOrderNo();
@ -177,7 +177,7 @@ class OrderController extends Controller
$tradeNo = $request->input('trade_no'); $tradeNo = $request->input('trade_no');
$method = $request->input('method'); $method = $request->input('method');
$order = Order::where('trade_no', $tradeNo) $order = Order::where('trade_no', $tradeNo)
->where('user_id', $request->session()->get('id')) ->where('user_id', $request->user->id)
->where('status', 0) ->where('status', 0)
->first(); ->first();
if (!$order) { if (!$order) {
@ -216,7 +216,7 @@ class OrderController extends Controller
{ {
$tradeNo = $request->input('trade_no'); $tradeNo = $request->input('trade_no');
$order = Order::where('trade_no', $tradeNo) $order = Order::where('trade_no', $tradeNo)
->where('user_id', $request->session()->get('id')) ->where('user_id', $request->user->id)
->first(); ->first();
if (!$order) { if (!$order) {
abort(500, __('Order does not exist')); abort(500, __('Order does not exist'));
@ -249,7 +249,7 @@ class OrderController extends Controller
abort(500, __('Invalid parameter')); abort(500, __('Invalid parameter'));
} }
$order = Order::where('trade_no', $request->input('trade_no')) $order = Order::where('trade_no', $request->input('trade_no'))
->where('user_id', $request->session()->get('id')) ->where('user_id', $request->user->id)
->first(); ->first();
if (!$order) { if (!$order) {
abort(500, __('Order does not exist')); abort(500, __('Order does not exist'));

View File

@ -12,7 +12,7 @@ class PlanController extends Controller
{ {
public function fetch(Request $request) public function fetch(Request $request)
{ {
$user = User::find($request->session()->get('id')); $user = User::find($request->user->id);
if ($request->input('id')) { if ($request->input('id')) {
$plan = Plan::where('id', $request->input('id'))->first(); $plan = Plan::where('id', $request->input('id'))->first();
if (!$plan) { if (!$plan) {

View File

@ -19,7 +19,7 @@ class ServerController extends Controller
{ {
public function fetch(Request $request) public function fetch(Request $request)
{ {
$user = User::find($request->session()->get('id')); $user = User::find($request->user->id);
$servers = []; $servers = [];
$userService = new UserService(); $userService = new UserService();
if ($userService->isAvailable($user)) { if ($userService->isAvailable($user)) {

View File

@ -18,7 +18,7 @@ class StatController extends Controller
'user_id', 'user_id',
'server_rate' 'server_rate'
]) ])
->where('user_id', $request->session()->get('id')) ->where('user_id', $request->user->id)
->where('record_at', '>=', strtotime(date('Y-m-1'))) ->where('record_at', '>=', strtotime(date('Y-m-1')))
->orderBy('record_at', 'DESC'); ->orderBy('record_at', 'DESC');
return response([ return response([

View File

@ -22,6 +22,6 @@ class TelegramController extends Controller
public function unbind(Request $request) public function unbind(Request $request)
{ {
$user = User::where('user_id', $request->session()->get('id'))->first(); $user = User::where('user_id', $request->user->id)->first();
} }
} }

View File

@ -21,7 +21,7 @@ class TicketController extends Controller
{ {
if ($request->input('id')) { if ($request->input('id')) {
$ticket = Ticket::where('id', $request->input('id')) $ticket = Ticket::where('id', $request->input('id'))
->where('user_id', $request->session()->get('id')) ->where('user_id', $request->user->id)
->first(); ->first();
if (!$ticket) { if (!$ticket) {
abort(500, __('Ticket does not exist')); abort(500, __('Ticket does not exist'));
@ -38,7 +38,7 @@ class TicketController extends Controller
'data' => $ticket 'data' => $ticket
]); ]);
} }
$ticket = Ticket::where('user_id', $request->session()->get('id')) $ticket = Ticket::where('user_id', $request->user->id)
->orderBy('created_at', 'DESC') ->orderBy('created_at', 'DESC')
->get(); ->get();
return response([ return response([
@ -49,21 +49,21 @@ class TicketController extends Controller
public function save(TicketSave $request) public function save(TicketSave $request)
{ {
DB::beginTransaction(); DB::beginTransaction();
if ((int)Ticket::where('status', 0)->where('user_id', $request->session()->get('id'))->lockForUpdate()->count()) { if ((int)Ticket::where('status', 0)->where('user_id', $request->user->id)->lockForUpdate()->count()) {
abort(500, __('There are other unresolved tickets')); abort(500, __('There are other unresolved tickets'));
} }
$ticket = Ticket::create(array_merge($request->only([ $ticket = Ticket::create(array_merge($request->only([
'subject', 'subject',
'level' 'level'
]), [ ]), [
'user_id' => $request->session()->get('id') 'user_id' => $request->user->id
])); ]));
if (!$ticket) { if (!$ticket) {
DB::rollback(); DB::rollback();
abort(500, __('Failed to open ticket')); abort(500, __('Failed to open ticket'));
} }
$ticketMessage = TicketMessage::create([ $ticketMessage = TicketMessage::create([
'user_id' => $request->session()->get('id'), 'user_id' => $request->user->id,
'ticket_id' => $ticket->id, 'ticket_id' => $ticket->id,
'message' => $request->input('message') 'message' => $request->input('message')
]); ]);
@ -87,7 +87,7 @@ class TicketController extends Controller
abort(500, __('Message cannot be empty')); abort(500, __('Message cannot be empty'));
} }
$ticket = Ticket::where('id', $request->input('id')) $ticket = Ticket::where('id', $request->input('id'))
->where('user_id', $request->session()->get('id')) ->where('user_id', $request->user->id)
->first(); ->first();
if (!$ticket) { if (!$ticket) {
abort(500, __('Ticket does not exist')); abort(500, __('Ticket does not exist'));
@ -95,14 +95,14 @@ class TicketController extends Controller
if ($ticket->status) { if ($ticket->status) {
abort(500, __('The ticket is closed and cannot be replied')); abort(500, __('The ticket is closed and cannot be replied'));
} }
if ($request->session()->get('id') == $this->getLastMessage($ticket->id)->user_id) { if ($request->user->id == $this->getLastMessage($ticket->id)->user_id) {
abort(500, __('Please wait for the technical enginneer to reply')); abort(500, __('Please wait for the technical enginneer to reply'));
} }
$ticketService = new TicketService(); $ticketService = new TicketService();
if (!$ticketService->reply( if (!$ticketService->reply(
$ticket, $ticket,
$request->input('message'), $request->input('message'),
$request->session()->get('id') $request->user->id
)) { )) {
abort(500, __('Ticket reply failed')); abort(500, __('Ticket reply failed'));
} }
@ -119,7 +119,7 @@ class TicketController extends Controller
abort(500, __('Invalid parameter')); abort(500, __('Invalid parameter'));
} }
$ticket = Ticket::where('id', $request->input('id')) $ticket = Ticket::where('id', $request->input('id'))
->where('user_id', $request->session()->get('id')) ->where('user_id', $request->user->id)
->first(); ->first();
if (!$ticket) { if (!$ticket) {
abort(500, __('Ticket does not exist')); abort(500, __('Ticket does not exist'));
@ -154,7 +154,7 @@ class TicketController extends Controller
)) { )) {
abort(500, __('Unsupported withdrawal method')); abort(500, __('Unsupported withdrawal method'));
} }
$user = User::find($request->session()->get('id')); $user = User::find($request->user->id);
$limit = config('v2board.commission_withdraw_limit', 100); $limit = config('v2board.commission_withdraw_limit', 100);
if ($limit > ($user->commission_balance / 100)) { if ($limit > ($user->commission_balance / 100)) {
abort(500, __('The current required minimum withdrawal commission is :limit', ['limit' => $limit])); abort(500, __('The current required minimum withdrawal commission is :limit', ['limit' => $limit]));
@ -164,7 +164,7 @@ class TicketController extends Controller
$ticket = Ticket::create([ $ticket = Ticket::create([
'subject' => $subject, 'subject' => $subject,
'level' => 2, 'level' => 2,
'user_id' => $request->session()->get('id') 'user_id' => $request->user->id
]); ]);
if (!$ticket) { if (!$ticket) {
DB::rollback(); DB::rollback();
@ -175,7 +175,7 @@ class TicketController extends Controller
__('Withdrawal account') . "" . $request->input('withdraw_account') __('Withdrawal account') . "" . $request->input('withdraw_account')
); );
$ticketMessage = TicketMessage::create([ $ticketMessage = TicketMessage::create([
'user_id' => $request->session()->get('id'), 'user_id' => $request->user->id,
'ticket_id' => $ticket->id, 'ticket_id' => $ticket->id,
'message' => $message 'message' => $message
]); ]);

View File

@ -18,17 +18,22 @@ use Illuminate\Support\Facades\Cache;
class UserController extends Controller class UserController extends Controller
{ {
public function logout(Request $request) public function checkLogin(Request $request)
{ {
$request->session()->flush(); $data = [
'is_login' => $request->user->id ? true : false
];
if ($request->user->is_admin) {
$data['is_admin'] = true;
}
return response([ return response([
'data' => true 'data' => $data
]); ]);
} }
public function changePassword(UserChangePassword $request) public function changePassword(UserChangePassword $request)
{ {
$user = User::find($request->session()->get('id')); $user = User::find($request->user->id);
if (!$user) { if (!$user) {
abort(500, __('The user does not exist')); abort(500, __('The user does not exist'));
} }
@ -46,7 +51,6 @@ class UserController extends Controller
if (!$user->save()) { if (!$user->save()) {
abort(500, __('Save failed')); abort(500, __('Save failed'));
} }
$request->session()->flush();
return response([ return response([
'data' => true 'data' => true
]); ]);
@ -54,7 +58,7 @@ class UserController extends Controller
public function info(Request $request) public function info(Request $request)
{ {
$user = User::where('id', $request->session()->get('id')) $user = User::where('id', $request->user->id)
->select([ ->select([
'email', 'email',
'transfer_enable', 'transfer_enable',
@ -86,12 +90,12 @@ class UserController extends Controller
{ {
$stat = [ $stat = [
Order::where('status', 0) Order::where('status', 0)
->where('user_id', $request->session()->get('id')) ->where('user_id', $request->user->id)
->count(), ->count(),
Ticket::where('status', 0) Ticket::where('status', 0)
->where('user_id', $request->session()->get('id')) ->where('user_id', $request->user->id)
->count(), ->count(),
User::where('invite_user_id', $request->session()->get('id')) User::where('invite_user_id', $request->user->id)
->count() ->count()
]; ];
return response([ return response([
@ -101,7 +105,7 @@ class UserController extends Controller
public function getSubscribe(Request $request) public function getSubscribe(Request $request)
{ {
$user = User::where('id', $request->session()->get('id')) $user = User::where('id', $request->user->id)
->select([ ->select([
'plan_id', 'plan_id',
'token', 'token',
@ -131,7 +135,7 @@ class UserController extends Controller
public function resetSecurity(Request $request) public function resetSecurity(Request $request)
{ {
$user = User::find($request->session()->get('id')); $user = User::find($request->user->id);
if (!$user) { if (!$user) {
abort(500, __('The user does not exist')); abort(500, __('The user does not exist'));
} }
@ -152,7 +156,7 @@ class UserController extends Controller
'remind_traffic' 'remind_traffic'
]); ]);
$user = User::find($request->session()->get('id')); $user = User::find($request->user->id);
if (!$user) { if (!$user) {
abort(500, __('The user does not exist')); abort(500, __('The user does not exist'));
} }
@ -169,7 +173,7 @@ class UserController extends Controller
public function transfer(UserTransfer $request) public function transfer(UserTransfer $request)
{ {
$user = User::find($request->session()->get('id')); $user = User::find($request->user->id);
if (!$user) { if (!$user) {
abort(500, __('The user does not exist')); abort(500, __('The user does not exist'));
} }
@ -188,7 +192,7 @@ class UserController extends Controller
public function getQuickLoginUrl(Request $request) public function getQuickLoginUrl(Request $request)
{ {
$user = User::find($request->session()->get('id')); $user = User::find($request->user->id);
if (!$user) { if (!$user) {
abort(500, __('The user does not exist')); abort(500, __('The user does not exist'));
} }

View File

@ -2,6 +2,7 @@
namespace App\Http; namespace App\Http;
use Fruitcake\Cors\HandleCors;
use Illuminate\Foundation\Http\Kernel as HttpKernel; use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel class Kernel extends HttpKernel
@ -14,6 +15,7 @@ class Kernel extends HttpKernel
* @var array * @var array
*/ */
protected $middleware = [ protected $middleware = [
\App\Http\Middleware\CORS::class,
\App\Http\Middleware\TrustProxies::class, \App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\CheckForMaintenanceMode::class, \App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
@ -28,22 +30,20 @@ class Kernel extends HttpKernel
*/ */
protected $middlewareGroups = [ protected $middlewareGroups = [
'web' => [ 'web' => [
\App\Http\Middleware\EncryptCookies::class, // \App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, // \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class, // \Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class, // \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class, \App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class, \Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\CORS::class,
], ],
'api' => [ 'api' => [
\App\Http\Middleware\EncryptCookies::class, // \App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, // \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class, // \Illuminate\Session\Middleware\StartSession::class,
\App\Http\Middleware\ForceJson::class, \App\Http\Middleware\ForceJson::class,
\App\Http\Middleware\CORS::class,
\App\Http\Middleware\Language::class, \App\Http\Middleware\Language::class,
'bindings', 'bindings',
], ],

View File

@ -3,6 +3,7 @@
namespace App\Http\Middleware; namespace App\Http\Middleware;
use Closure; use Closure;
use Laravel\Horizon\Horizon;
class Admin class Admin
{ {
@ -15,9 +16,19 @@ class Admin
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
if (!$request->session()->get('is_admin')) { $authorization = $request->input('auth_data') ?? $request->header('authorization');
abort(403, '权限不足'); if (!$authorization) abort(403, '未登录或登陆已过期');
}
$authData = explode(':', base64_decode($authorization));
if (!isset($authData[1]) || !isset($authData[0])) abort(403, '鉴权失败,请重新登入');
$user = \App\Models\User::where('password', $authData[1])
->where('email', $authData[0])
->first();
if (!$user) abort(403, '鉴权失败,请重新登入');
if (!$user->is_admin) abort(403, '未登录或登陆已过期');
$request->merge([
'user' => $user
]);
return $next($request); return $next($request);
} }
} }

View File

@ -17,8 +17,8 @@ class CORS
} }
$response = $next($request); $response = $next($request);
$response->header('Access-Control-Allow-Origin', trim($origin, '/')); $response->header('Access-Control-Allow-Origin', trim($origin, '/'));
$response->header('Access-Control-Allow-Methods', 'GET,POST,OPTIONS'); $response->header('Access-Control-Allow-Methods', 'GET,POST,OPTIONS,HEAD');
$response->header('Access-Control-Allow-Headers', 'Content-Type,X-Requested-With'); $response->header('Access-Control-Allow-Headers', 'Origin,Content-Type,Accept,Authorization,X-Request-With');
$response->header('Access-Control-Allow-Credentials', 'true'); $response->header('Access-Control-Allow-Credentials', 'true');
$response->header('Access-Control-Max-Age', 10080); $response->header('Access-Control-Max-Age', 10080);

View File

@ -26,7 +26,9 @@ class Client
if (!$user) { if (!$user) {
abort(403, 'token is error'); abort(403, 'token is error');
} }
$request->user = $user; $request->merge([
'user' => $user
]);
return $next($request); return $next($request);
} }
} }

View File

@ -15,9 +15,19 @@ class Staff
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
if (!$request->session()->get('is_staff')) { $authorization = $request->input('auth_data') ?? $request->header('authorization');
abort(403, '权限不足'); if (!$authorization) abort(403, '未登录或登陆已过期');
}
$authData = explode(':', base64_decode($authorization));
if (!isset($authData[1]) || !isset($authData[0])) abort(403, '鉴权失败,请重新登入');
$user = \App\Models\User::where('password', $authData[1])
->where('email', $authData[0])
->first();
if (!$user) abort(403, '鉴权失败,请重新登入');
if (!$user->is_staff) abort(403, '未登录或登陆已过期');
$request->merge([
'user' => $user
]);
return $next($request); return $next($request);
} }
} }

View File

@ -2,6 +2,7 @@
namespace App\Http\Middleware; namespace App\Http\Middleware;
use App\Utils\Helper;
use Closure; use Closure;
class User class User
@ -16,19 +17,17 @@ class User
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
$authorization = $request->input('auth_data') ?? $request->header('authorization'); $authorization = $request->input('auth_data') ?? $request->header('authorization');
if ($authorization) { if (!$authorization) abort(403, '未登录或登陆已过期');
$authData = explode(':', base64_decode($authorization)); $authData = explode(':', base64_decode($authorization));
if (!isset($authData[1]) || !isset($authData[0])) abort(403, '鉴权失败,请重新登入'); if (!isset($authData[1]) || !isset($authData[0])) abort(403, '鉴权失败,请重新登入');
$user = \App\Models\User::where('password', $authData[1]) $user = \App\Models\User::where('password', $authData[1])
->where('email', $authData[0]) ->where('email', $authData[0])
->first(); ->first();
if (!$user) abort(403, '鉴权失败,请重新登入'); if (!$user) abort(403, '鉴权失败,请重新登入');
$request->session()->put('email', $user->email); $request->merge([
$request->session()->put('id', $user->id); 'user' => $user
} ]);
if (!$request->session()->get('id')) {
abort(403, '未登录或登陆已过期');
}
return $next($request); return $next($request);
} }
} }

View File

@ -14,7 +14,6 @@ class PassportRoute
$router->post('/auth/register', 'Passport\\AuthController@register'); $router->post('/auth/register', 'Passport\\AuthController@register');
$router->post('/auth/login', 'Passport\\AuthController@login'); $router->post('/auth/login', 'Passport\\AuthController@login');
$router->get ('/auth/token2Login', 'Passport\\AuthController@token2Login'); $router->get ('/auth/token2Login', 'Passport\\AuthController@token2Login');
$router->get ('/auth/check', 'Passport\\AuthController@check');
$router->post('/auth/forget', 'Passport\\AuthController@forget'); $router->post('/auth/forget', 'Passport\\AuthController@forget');
$router->post('/auth/getTempToken', 'Passport\\AuthController@getTempToken'); $router->post('/auth/getTempToken', 'Passport\\AuthController@getTempToken');
$router->post('/auth/getQuickLoginUrl', 'Passport\\AuthController@getQuickLoginUrl'); $router->post('/auth/getQuickLoginUrl', 'Passport\\AuthController@getQuickLoginUrl');

View File

@ -13,12 +13,12 @@ class UserRoute
], function ($router) { ], function ($router) {
// User // User
$router->get ('/resetSecurity', 'User\\UserController@resetSecurity'); $router->get ('/resetSecurity', 'User\\UserController@resetSecurity');
$router->get ('/logout', 'User\\UserController@logout');
$router->get ('/info', 'User\\UserController@info'); $router->get ('/info', 'User\\UserController@info');
$router->post('/changePassword', 'User\\UserController@changePassword'); $router->post('/changePassword', 'User\\UserController@changePassword');
$router->post('/update', 'User\\UserController@update'); $router->post('/update', 'User\\UserController@update');
$router->get ('/getSubscribe', 'User\\UserController@getSubscribe'); $router->get ('/getSubscribe', 'User\\UserController@getSubscribe');
$router->get ('/getStat', 'User\\UserController@getStat'); $router->get ('/getStat', 'User\\UserController@getStat');
$router->get ('/checkLogin', 'User\\UserController@checkLogin');
$router->post('/transfer', 'User\\UserController@transfer'); $router->post('/transfer', 'User\\UserController@transfer');
$router->post('/getQuickLoginUrl', 'User\\UserController@getQuickLoginUrl'); $router->post('/getQuickLoginUrl', 'User\\UserController@getQuickLoginUrl');
// Order // Order

View File

@ -2,11 +2,6 @@
namespace App\Utils; namespace App\Utils;
use App\Models\ServerV2ray;
use App\Models\ServerShadowsocks;
use App\Models\ServerTrojan;
use App\Models\User;
class Helper class Helper
{ {
public static function guid($format = false) public static function guid($format = false)

View File

@ -74,7 +74,7 @@ return [
| |
*/ */
'middleware' => ['web', 'admin'], 'middleware' => [],
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------

View File

@ -3,7 +3,7 @@
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<title>网站公告</title> <title>网站通知</title>
<style type="text/css"> <style type="text/css">
img { img {
max-width: 100%; max-width: 100%;
@ -102,7 +102,7 @@
<td class="alert alert-warning" <td class="alert alert-warning"
style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 22px; font-weight: bold; vertical-align: top; color: #fff; font-weight: 500; text-align: center; border-radius: 3px 3px 0 0; background-color: #0073ba; margin: 0; padding: 20px;" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 22px; font-weight: bold; vertical-align: top; color: #fff; font-weight: 500; text-align: center; border-radius: 3px 3px 0 0; background-color: #0073ba; margin: 0; padding: 20px;"
align="center" bgcolor="#0073ba" valign="top"> align="center" bgcolor="#0073ba" valign="top">
网站公告 网站通知
</td> </td>
</tr> </tr>
<tr <tr

View File

@ -12,7 +12,7 @@
</thead> </thead>
<tbody> <tbody>
<tr style="padding:40px 40px 0 40px;display:table-cell"> <tr style="padding:40px 40px 0 40px;display:table-cell">
<td style="font-size:24px;line-height:1.5;color:#000;margin-top:40px">公告通知</td> <td style="font-size:24px;line-height:1.5;color:#000;margin-top:40px">网站通知</td>
</tr> </tr>
<tr> <tr>
<td style="font-size:14px;color:#333;padding:24px 40px 0 40px"> <td style="font-size:14px;color:#333;padding:24px 40px 0 40px">