You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
419 lines
13 KiB
419 lines
13 KiB
4 years ago
|
<?php
|
||
|
|
|
||
|
|
namespace App\Http\Controllers\Api;
|
||
|
|
|
||
|
|
use App\Http\Resources\AuthRule;
|
||
|
|
use App\Libs\MyLib;
|
||
|
|
use App\Models\AuthRuleT;
|
||
|
|
use App\Models\EmployeeGroupT;
|
||
|
|
use App\Models\EmployeeT;
|
||
|
|
use Illuminate\Http\Request;
|
||
|
|
use App\Http\Resources\AuthRuleCollection;
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 权限认证管理
|
||
|
|
* @description 用户登录及权限管理
|
||
|
|
* @package App\Http\Controllers\Api
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/1/28
|
||
|
|
*/
|
||
|
|
class AuthController extends BaseController
|
||
|
|
{
|
||
|
|
|
||
|
|
protected $rules = [
|
||
|
|
'login' => [
|
||
|
|
'rules' => [
|
||
|
|
'username' => 'required',
|
||
|
|
'password' => 'required',
|
||
|
|
],
|
||
|
|
'messages' => [
|
||
|
|
'username.required' => '用户名不能为空',
|
||
|
|
'password.required' => '密码不能为空'
|
||
|
|
],
|
||
|
|
],
|
||
|
|
'modifyPassword' => [
|
||
|
|
'rules' => [
|
||
|
|
'id' => 'bail|min:1',
|
||
|
|
'oldPassword' => 'required',
|
||
|
|
'newPassword' => 'required',
|
||
|
|
],
|
||
|
|
'custom' => 'exists,App\Models\EmployeeT,id'
|
||
|
|
],
|
||
|
|
'resetPassword' => [
|
||
|
|
'rules' => [
|
||
|
|
'id' => 'bail|min:1',
|
||
|
|
],
|
||
|
|
'custom' => 'exists,App\Models\EmployeeT,id'
|
||
|
|
],
|
||
|
|
'EmployeeAuth' => [
|
||
|
|
'rules' => [
|
||
|
|
'id' => 'bail|min:1',
|
||
|
|
'rules' => 'required'
|
||
|
|
],
|
||
|
|
'custom' => 'exists,App\Models\EmployeeT,id'
|
||
|
|
],
|
||
|
|
'EmployeeGroupAuth' => [
|
||
|
|
'rules' => [
|
||
|
|
'id' => 'bail|min:1',
|
||
|
|
'rules' => 'required'
|
||
|
|
],
|
||
|
|
'custom' => 'exists,App\Models\EmployeeGroupT,id'
|
||
|
|
],
|
||
|
|
'store' => [
|
||
|
|
'rules' => [
|
||
|
|
'title' => 'required|max:20',
|
||
|
|
'name' => 'bail|required|unique:App\Models\AuthRuleT|max:20',
|
||
|
|
'method' => 'required|in:GET,POST,PUT,PATCH,DELETE',
|
||
|
|
'group' => 'required',
|
||
|
|
'module' => 'required',
|
||
|
|
],
|
||
|
|
'custom' => [
|
||
|
|
'unique,App\Models\AuthRuleT,name'
|
||
|
|
]
|
||
|
|
],
|
||
|
|
'show' => [
|
||
|
|
'rules' => [
|
||
|
|
'id' => 'bail|min:1',
|
||
|
|
],
|
||
|
|
'custom' => 'exists,App\Models\AuthRuleT,id'
|
||
|
|
],
|
||
|
|
'update' => [
|
||
|
|
'rules' => [
|
||
|
|
'id' => 'bail|min:1',
|
||
|
|
'title' => 'required|max:20',
|
||
|
|
'name' => 'bail|required|max:20',
|
||
|
|
'method' => 'required|in:GET,POST,PUT,PATCH,DELETE',
|
||
|
|
'group' => 'required',
|
||
|
|
'module' => 'required',
|
||
|
|
],
|
||
|
|
'custom' => [
|
||
|
|
'exists,App\Models\AuthRuleT,id',
|
||
|
|
'unique,App\Models\AuthRuleT,name,id'
|
||
|
|
]
|
||
|
|
],
|
||
|
|
'destroy' => [
|
||
|
|
'rules' => [
|
||
|
|
'id' => 'bail|min:1',
|
||
|
|
],
|
||
|
|
'custom' => [
|
||
|
|
'exists,App\Models\AuthRuleT,id',
|
||
|
|
]
|
||
|
|
]
|
||
|
|
];
|
||
|
|
|
||
|
|
|
||
|
|
public function __construct(Request $request)
|
||
|
|
{
|
||
|
|
$this->model = new AuthRuleT();
|
||
|
|
parent::__construct($request);
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 登录
|
||
|
|
* @description 登录授权,返回jwt凭据
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/1/28
|
||
|
|
*/
|
||
|
|
public function login()
|
||
|
|
{
|
||
|
|
if (!$token = auth('api')->attempt([
|
||
|
|
'username' => $this->params['username'],
|
||
|
|
'password' => $this->params['password'],
|
||
|
|
])) {
|
||
|
|
return $this->error(401, '登录失败,用户名或密码错误');
|
||
|
|
}
|
||
|
|
|
||
|
|
return $this->success([
|
||
|
|
'access_token' => $token,
|
||
|
|
'token_type' => 'bearer',
|
||
|
|
'expires_in' => auth('api')->factory()->getTTL() * 60
|
||
|
|
]);
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 注销登录
|
||
|
|
* @description 注销登录,全局退出并通知其他系统退出
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/1/28
|
||
|
|
*/
|
||
|
|
public function logout()
|
||
|
|
{
|
||
|
|
auth('api')->logout();
|
||
|
|
return $this->success();
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 刷新token
|
||
|
|
* @description 刷新token,如果开启黑名单,以前的token便会失效
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/1/28
|
||
|
|
*/
|
||
|
|
public function refresh()
|
||
|
|
{
|
||
|
|
try {
|
||
|
|
$token = auth('api')->refresh();
|
||
|
|
return $this->success([
|
||
|
|
'access_token' => $token,
|
||
|
|
'token_type' => 'bearer',
|
||
|
|
'expires_in' => auth('api')->factory()->getTTL() * 60
|
||
|
|
]);
|
||
|
|
} catch (\Exception $e){
|
||
|
|
return $this->error(403, '令牌已过期');
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 修改密码
|
||
|
|
* @description 本人或管理员修改密码
|
||
|
|
* @param $id
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/2/2
|
||
|
|
*/
|
||
|
|
public function modifyPassword($id){
|
||
|
|
$user = auth('api')->user();
|
||
|
|
if($user['id'] != $id && $user['id'] != 1){
|
||
|
|
return $this->error(403, '权限不足');
|
||
|
|
}
|
||
|
|
$employee = EmployeeT::find($id);
|
||
|
|
if(!password_verify($this->params['oldPassword'], $employee['password'])){
|
||
|
|
return $this->error(403, '原密码错误');
|
||
|
|
};
|
||
|
|
$employee->password = password_hash($this->params['newPassword'], PASSWORD_DEFAULT);
|
||
|
|
if($employee->save()){
|
||
|
|
return $this->success('','密码修改成功');
|
||
|
|
} else {
|
||
|
|
return $this->error(500, '配置信息保存失败');
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 重置密码
|
||
|
|
* @description 管理员重置密码
|
||
|
|
* @param $id
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/2/2
|
||
|
|
*/
|
||
|
|
public function resetPassword($id)
|
||
|
|
{
|
||
|
|
if(auth('api')->user()['id'] != 1){
|
||
|
|
return $this->error(403, '权限不足');
|
||
|
|
}
|
||
|
|
EmployeeT::where('id',$id)->update(['password' => password_hash('123456', PASSWORD_DEFAULT)]);
|
||
|
|
auth('api')->tokenById('id');
|
||
|
|
return $this->success('','密码重置成功');
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 用户授权
|
||
|
|
* @description 单用户授权
|
||
|
|
* @param $id
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/2/2
|
||
|
|
*/
|
||
|
|
public function EmployeeAuth($id)
|
||
|
|
{
|
||
|
|
$user = EmployeeT::find($id);
|
||
|
|
$authList = $user->getAuthList();
|
||
|
|
$rules = array_diff($this->params['rules'], array_intersect($this->params['rules'], $authList));
|
||
|
|
$user->rules = implode(',', $rules);
|
||
|
|
if($user->save()){
|
||
|
|
return $this->success('','权限添加成功,用户需重新登录获取权限');
|
||
|
|
} else {
|
||
|
|
return $this->error(500, '配置信息保存失败');
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 用户组授权
|
||
|
|
* @description 用户组授权
|
||
|
|
* @param $id
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/2/3
|
||
|
|
*/
|
||
|
|
public function EmployeeGroupAuth($id)
|
||
|
|
{
|
||
|
|
$group = EmployeeGroupT::find($id);
|
||
|
|
$rules = array_diff($this->params['rules'], array_intersect($this->params['rules'], explode(',',$group->rules)));
|
||
|
|
$group->rules = implode(',', $rules);
|
||
|
|
if($group->save()){
|
||
|
|
return $this->success('','权限添加成功,用户需重新登录获取权限');
|
||
|
|
} else {
|
||
|
|
return $this->error(500, '配置信息保存失败');
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 节点列表
|
||
|
|
* @description 权限节点列表
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/1/28
|
||
|
|
*/
|
||
|
|
public function index()
|
||
|
|
{
|
||
|
|
$query = AuthRuleT::query();
|
||
|
|
if(isset($this->params['name']) && $this->params['name'] != ''){
|
||
|
|
$query->where('name', $this->params['name']);
|
||
|
|
}
|
||
|
|
if(isset($this->params['title']) && $this->params['title'] != ''){
|
||
|
|
$query->where('title', 'like', '%'. $this->params['title'] .'%');
|
||
|
|
}
|
||
|
|
|
||
|
|
if(isset($this->params['status']) && $this->params['status'] >= 0){
|
||
|
|
$query->where('status', $this->params['status']);
|
||
|
|
} else {
|
||
|
|
$query->where('status', 1);
|
||
|
|
}
|
||
|
|
|
||
|
|
$data = $query->paginate();
|
||
|
|
|
||
|
|
return $this->success(new AuthRuleCollection($data));
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 节点新增
|
||
|
|
* @description 手动创建节点
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/1/28
|
||
|
|
*/
|
||
|
|
public function store()
|
||
|
|
{
|
||
|
|
$rule = new AuthRuleT();
|
||
|
|
$rule->title = $this->params['title'];
|
||
|
|
$rule->name = $this->params['name'];
|
||
|
|
$rule->method = $this->params['method'] ?? '';
|
||
|
|
$rule->desc = $this->params['desc'] ?? '';
|
||
|
|
$rule->module = $this->params['module'];
|
||
|
|
$rule->group = $this->params['group'];
|
||
|
|
$rule->condition = $this->params['condition'] ?? '';
|
||
|
|
$rule->status = $this->params['status'] ?? 1;
|
||
|
|
if($rule->save()){
|
||
|
|
return $this->success(new AuthRule($rule));
|
||
|
|
} else {
|
||
|
|
return $this->error(500, '配置信息保存失败');
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 节点详情
|
||
|
|
* @description 节点详情
|
||
|
|
* @param $id
|
||
|
|
* @return mixed
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/1/28
|
||
|
|
*/
|
||
|
|
public function show($id)
|
||
|
|
{
|
||
|
|
$rule = AuthRuleT::find($id);
|
||
|
|
return $this->success(new AuthRule($rule));
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 节点更新
|
||
|
|
* @description 节点更新
|
||
|
|
* @param $id
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/1/28
|
||
|
|
*/
|
||
|
|
public function update($id)
|
||
|
|
{
|
||
|
|
$rule = AuthRuleT::find($id);
|
||
|
|
$rule->title = $this->params['title'];
|
||
|
|
$rule->name = $this->params['name'];
|
||
|
|
$rule->method = $this->params['method'] ?? $rule->method;
|
||
|
|
$rule->desc = $this->params['desc'] ?? $rule->desc;
|
||
|
|
$rule->module = $this->params['module'];
|
||
|
|
$rule->group = $this->params['group'];
|
||
|
|
$rule->condition = $this->params['condition'] ?? $rule->condition;
|
||
|
|
$rule->status = $this->params['status'] ?? $rule->status;
|
||
|
|
if($rule->save()){
|
||
|
|
return $this->success(new AuthRule($rule));
|
||
|
|
} else {
|
||
|
|
return $this->error(500, '配置信息保存失败');
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 节点扫描
|
||
|
|
* @description 扫描控制器目录,更新或创建权限节点
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @throws \ReflectionException
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/1/28
|
||
|
|
*/
|
||
|
|
public function scanNode(){
|
||
|
|
$path = app_path('Http/Controllers');
|
||
|
|
$dirs = scandir($path);
|
||
|
|
$list = [];
|
||
|
|
foreach ($dirs as $dir) {
|
||
|
|
if ($dir != '.' && $dir != '..' && is_dir($path . DIRECTORY_SEPARATOR . $dir)) {
|
||
|
|
$classes = MyLib::scanFile($path . DIRECTORY_SEPARATOR . $dir);
|
||
|
|
foreach ($classes as $class) {
|
||
|
|
if($class == 'BaseController'){
|
||
|
|
continue;
|
||
|
|
}
|
||
|
|
$classname = "App\\Http\\Controllers\\" . $dir . "\\" . $class;
|
||
|
|
if (class_exists($classname)) {
|
||
|
|
$reflection = new \ReflectionClass($classname);
|
||
|
|
$group_doc = MyLib::Parser($reflection->getDocComment());
|
||
|
|
$methods = $reflection->getMethods(\ReflectionMethod::IS_FINAL | \ReflectionMethod::IS_PUBLIC);
|
||
|
|
$group_doc['name'] = $class;
|
||
|
|
foreach ($methods as $key => $method) {
|
||
|
|
if (!in_array($method->name, ['__construct'])) {
|
||
|
|
$title_doc = MyLib::Parser($method->getDocComment());
|
||
|
|
$title_doc['param'] = $title_doc['param'] ?? [];
|
||
|
|
unset($title_doc['param']['Request']);
|
||
|
|
if (isset($title_doc['title']) && $title_doc['title']) {
|
||
|
|
$route = app('router')->getRoutes()->getByAction($classname .'@'. $method->name);
|
||
|
|
$list[] = array(
|
||
|
|
'title' => trim($title_doc['title']),
|
||
|
|
'name' => $route->uri(),
|
||
|
|
'desc' => trim($title_doc['description']),
|
||
|
|
'group' => trim($group_doc['title']),
|
||
|
|
'method' => $route->methods()[0],
|
||
|
|
'module' => $dir,
|
||
|
|
);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
if(AuthRuleT::upsert($list, ['name', 'module'], ['title', 'desc', 'group'])){
|
||
|
|
return $this->success();
|
||
|
|
} else {
|
||
|
|
return $this->error(500,'权限节点更新失败');
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @title 节点删除
|
||
|
|
* @description 软删除
|
||
|
|
* @param $id
|
||
|
|
* @return \Illuminate\Http\JsonResponse
|
||
|
|
* @author zcstatham
|
||
|
|
* @time 2021/1/28
|
||
|
|
*/
|
||
|
|
public function destroy($id)
|
||
|
|
{
|
||
|
|
$rule = AuthRuleT::find($id);
|
||
|
|
$rule->status = 0;
|
||
|
|
if($rule->save()){
|
||
|
|
return $this->success();
|
||
|
|
} else {
|
||
|
|
return $this->error(500, '配置信息保存失败');
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|