You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
user_center/app/Http/Controllers/Api/AuthController.php

418 lines
13 KiB

<?php
namespace App\Http\Controllers\Api;
use App\Http\Resources\AuthRule;
use App\Libs\MyLib;
use App\Models\AuthRuleT;
use App\Models\EmployeeGroupT;
use App\Models\EmployeeT;
use Illuminate\Http\Request;
use App\Http\Resources\AuthRuleCollection;
/**
* @title 权限认证管理
* @description 用户登录及权限管理
* @package App\Http\Controllers\Api
* @author zcstatham
* @time 2021/1/28
*/
class AuthController extends BaseController
{
protected $rules = [
'login' => [
'rules' => [
'username' => 'required',
'password' => 'required',
],
'messages' => [
'username.required' => '用户名不能为空',
'password.required' => '密码不能为空'
],
],
'modifyPassword' => [
'rules' => [
'id' => 'bail|min:1',
'oldPassword' => 'required',
'newPassword' => 'required',
],
'custom' => 'exists,App\Models\EmployeeT,id'
],
'resetPassword' => [
'rules' => [
'id' => 'bail|min:1',
],
'custom' => 'exists,App\Models\EmployeeT,id'
],
'EmployeeAuth' => [
'rules' => [
'id' => 'bail|min:1',
'rules' => 'required'
],
'custom' => 'exists,App\Models\EmployeeT,id'
],
'EmployeeGroupAuth' => [
'rules' => [
'id' => 'bail|min:1',
'rules' => 'required'
],
'custom' => 'exists,App\Models\EmployeeGroupT,id'
],
'store' => [
'rules' => [
'title' => 'required|max:20',
'name' => 'bail|required|unique:App\Models\AuthRuleT|max:20',
'method' => 'required|in:GET,POST,PUT,PATCH,DELETE',
'group' => 'required',
'module' => 'required',
],
'custom' => [
'unique,App\Models\AuthRuleT,name'
]
],
'show' => [
'rules' => [
'id' => 'bail|min:1',
],
'custom' => 'exists,App\Models\AuthRuleT,id'
],
'update' => [
'rules' => [
'id' => 'bail|min:1',
'title' => 'required|max:20',
'name' => 'bail|required|max:20',
'method' => 'required|in:GET,POST,PUT,PATCH,DELETE',
'group' => 'required',
'module' => 'required',
],
'custom' => [
'exists,App\Models\AuthRuleT,id',
'unique,App\Models\AuthRuleT,name,id'
]
],
'destroy' => [
'rules' => [
'id' => 'bail|min:1',
],
'custom' => [
'exists,App\Models\AuthRuleT,id',
]
]
];
public function __construct(Request $request)
{
$this->model = new AuthRuleT();
parent::__construct($request);
}
/**
* @title 登录
* @description 登录授权,返回jwt凭据
* @return \Illuminate\Http\JsonResponse
* @author zcstatham
* @time 2021/1/28
*/
public function login()
{
if (!$token = auth('api')->attempt([
'username' => $this->params['username'],
'password' => $this->params['password'],
])) {
return $this->error(401, '登录失败,用户名或密码错误');
}
return $this->success([
'access_token' => $token,
'token_type' => 'bearer',
'expires_in' => auth('api')->factory()->getTTL() * 60
]);
}
/**
* @title 注销登录
* @description 注销登录,全局退出并通知其他系统退出
* @return \Illuminate\Http\JsonResponse
* @author zcstatham
* @time 2021/1/28
*/
public function logout()
{
auth('api')->logout();
return $this->success();
}
/**
* @title 刷新token
* @description 刷新token,如果开启黑名单,以前的token便会失效
* @return \Illuminate\Http\JsonResponse
* @author zcstatham
* @time 2021/1/28
*/
public function refresh()
{
try {
$token = auth('api')->refresh();
return $this->success([
'access_token' => $token,
'token_type' => 'bearer',
'expires_in' => auth('api')->factory()->getTTL() * 60
]);
} catch (\Exception $e){
return $this->error(403, '令牌已过期');
}
}
/**
* @title 修改密码
* @description 本人或管理员修改密码
* @param $id
* @return \Illuminate\Http\JsonResponse
* @author zcstatham
* @time 2021/2/2
*/
public function modifyPassword($id){
$user = auth('api')->user();
if($user['id'] != $id && $user['id'] != 1){
return $this->error(403, '权限不足');
}
$employee = EmployeeT::find($id);
if(!password_verify($this->params['oldPassword'], $employee['password'])){
return $this->error(403, '原密码错误');
};
$employee->password = password_hash($this->params['newPassword'], PASSWORD_DEFAULT);
if($employee->save()){
return $this->success('','密码修改成功');
} else {
return $this->error(500, '配置信息保存失败');
}
}
/**
* @title 重置密码
* @description 管理员重置密码
* @param $id
* @return \Illuminate\Http\JsonResponse
* @author zcstatham
* @time 2021/2/2
*/
public function resetPassword($id)
{
if(auth('api')->user()['id'] != 1){
return $this->error(403, '权限不足');
}
EmployeeT::where('id',$id)->update(['password' => password_hash('123456', PASSWORD_DEFAULT)]);
auth('api')->tokenById('id');
return $this->success('','密码重置成功');
}
/**
* @title 用户授权
* @description 单用户授权
* @param $id
* @return \Illuminate\Http\JsonResponse
* @author zcstatham
* @time 2021/2/2
*/
public function EmployeeAuth($id)
{
$user = EmployeeT::find($id);
$authList = $user->getAuthList();
$rules = array_diff($this->params['rules'], array_intersect($this->params['rules'], $authList));
$user->rules = implode(',', $rules);
if($user->save()){
return $this->success('','权限添加成功,用户需重新登录获取权限');
} else {
return $this->error(500, '配置信息保存失败');
}
}
/**
* @title 用户组授权
* @description 用户组授权
* @param $id
* @return \Illuminate\Http\JsonResponse
* @author zcstatham
* @time 2021/2/3
*/
public function EmployeeGroupAuth($id)
{
$group = EmployeeGroupT::find($id);
$rules = array_diff($this->params['rules'], array_intersect($this->params['rules'], explode(',',$group->rules)));
$group->rules = implode(',', $rules);
if($group->save()){
return $this->success('','权限添加成功,用户需重新登录获取权限');
} else {
return $this->error(500, '配置信息保存失败');
}
}
/**
* @title 节点列表
* @description 权限节点列表
* @return \Illuminate\Http\JsonResponse
* @author zcstatham
* @time 2021/1/28
*/
public function index()
{
$query = AuthRuleT::query();
if(isset($this->params['name']) && $this->params['name'] != ''){
$query->where('name', $this->params['name']);
}
if(isset($this->params['title']) && $this->params['title'] != ''){
$query->where('title', 'like', '%'. $this->params['title'] .'%');
}
if(isset($this->params['status']) && $this->params['status'] >= 0){
$query->where('status', $this->params['status']);
} else {
$query->where('status', 1);
}
$data = $query->paginate();
return $this->success(new AuthRuleCollection($data));
}
/**
* @title 节点新增
* @description 手动创建节点
* @return \Illuminate\Http\JsonResponse
* @author zcstatham
* @time 2021/1/28
*/
public function store()
{
$rule = new AuthRuleT();
$rule->title = $this->params['title'];
$rule->name = $this->params['name'];
$rule->method = $this->params['method'] ?? '';
$rule->desc = $this->params['desc'] ?? '';
$rule->module = $this->params['module'];
$rule->group = $this->params['group'];
$rule->condition = $this->params['condition'] ?? '';
$rule->status = $this->params['status'] ?? 1;
if($rule->save()){
return $this->success(new AuthRule($rule));
} else {
return $this->error(500, '配置信息保存失败');
}
}
/**
* @title 节点详情
* @description 节点详情
* @param $id
* @return mixed
* @author zcstatham
* @time 2021/1/28
*/
public function show($id)
{
$rule = AuthRuleT::find($id);
return $this->success(new AuthRule($rule));
}
/**
* @title 节点更新
* @description 节点更新
* @param $id
* @return \Illuminate\Http\JsonResponse
* @author zcstatham
* @time 2021/1/28
*/
public function update($id)
{
$rule = AuthRuleT::find($id);
$rule->title = $this->params['title'];
$rule->name = $this->params['name'];
$rule->method = $this->params['method'] ?? $rule->method;
$rule->desc = $this->params['desc'] ?? $rule->desc;
$rule->module = $this->params['module'];
$rule->group = $this->params['group'];
$rule->condition = $this->params['condition'] ?? $rule->condition;
$rule->status = $this->params['status'] ?? $rule->status;
if($rule->save()){
return $this->success(new AuthRule($rule));
} else {
return $this->error(500, '配置信息保存失败');
}
}
/**
* @title 节点扫描
* @description 扫描控制器目录,更新或创建权限节点
* @return \Illuminate\Http\JsonResponse
* @throws \ReflectionException
* @author zcstatham
* @time 2021/1/28
*/
public function scanNode(){
$path = app_path('Http/Controllers');
$dirs = scandir($path);
$list = [];
foreach ($dirs as $dir) {
if ($dir != '.' && $dir != '..' && is_dir($path . DIRECTORY_SEPARATOR . $dir)) {
$classes = MyLib::scanFile($path . DIRECTORY_SEPARATOR . $dir);
foreach ($classes as $class) {
if($class == 'BaseController'){
continue;
}
$classname = "App\\Http\\Controllers\\" . $dir . "\\" . $class;
if (class_exists($classname)) {
$reflection = new \ReflectionClass($classname);
$group_doc = MyLib::Parser($reflection->getDocComment());
$methods = $reflection->getMethods(\ReflectionMethod::IS_FINAL | \ReflectionMethod::IS_PUBLIC);
$group_doc['name'] = $class;
foreach ($methods as $key => $method) {
if (!in_array($method->name, ['__construct'])) {
$title_doc = MyLib::Parser($method->getDocComment());
$title_doc['param'] = $title_doc['param'] ?? [];
unset($title_doc['param']['Request']);
if (isset($title_doc['title']) && $title_doc['title']) {
$route = app('router')->getRoutes()->getByAction($classname .'@'. $method->name);
$list[] = array(
'title' => trim($title_doc['title']),
'name' => $route->uri(),
'desc' => trim($title_doc['description']),
'group' => trim($group_doc['title']),
'method' => $route->methods()[0],
'module' => $dir,
);
}
}
}
}
}
}
}
if(AuthRuleT::upsert($list, ['name', 'module'], ['title', 'desc', 'group'])){
return $this->success();
} else {
return $this->error(500,'权限节点更新失败');
}
}
/**
* @title 节点删除
* @description 软删除
* @param $id
* @return \Illuminate\Http\JsonResponse
* @author zcstatham
* @time 2021/1/28
*/
public function destroy($id)
{
$rule = AuthRuleT::find($id);
$rule->status = 0;
if($rule->save()){
return $this->success();
} else {
return $this->error(500, '配置信息保存失败');
}
}
}