token = $_SERVER["HTTP_AUTHORIZATION"] ?? $_SERVER['HTTP_TOKEN'] ?? $this->request->param('token'); $this->controller = $this->app->request->controller(true); $this->action = strtoupper($this->app->request->action(true)); $this->noNeedLogin = array_map('strtoupper', $this->noNeedLogin); //无需登录的请求当然也不需要权限,所以无需权限的与无需登录合并 $this->noNeedAuth = array_map('strtoupper', array_merge($this->noNeedAuth, $this->noNeedLogin)); $this->checkLogin(); //是否开启后台验证新增/编辑 $sysValidate = cache('develop_validate'); if (empty($sysValidate)) { $sysValidate = sysconfig('develop.validate'); cache('develop_validate', $sysValidate, 86400); } $this->noNeedValidate = array_map('strtoupper', $this->noNeedValidate); if ($sysValidate == 1 && !in_array(strtoupper($this->action), $this->noNeedValidate)) { $this->checkValidate(); } } /** * @title: 验证登录 * @desc: 描述 * @return {*} * @author: Rock * @method: POST * @Date: 2022-06-24 16:23:10 */ private function checkLogin() { //无需登录--需登录或者需要权限的请求都要验证登录 if (!in_array($this->action, $this->noNeedLogin)) { $checkTokenRes = $this->checkToken($this->token); if ($checkTokenRes['code'] != 1) { throw new \Exception($checkTokenRes['msg'], 2); } else { $this->userinfo = $checkTokenRes['data']; $this->org = null; } // 如果要验证权限,必须先验证登录 if (!$this->debug) { $this->checkAuth(); } } } /** * @title: 验证权限 * @desc: 添加权限缓存 * @return {*} * @author: Rock * @method: POST * @Date: 2022-06-24 16:23:28 */ protected function checkAuth() { if (empty($this->userinfo)) { throw new \Exception("请先登录", 2); } if (!IsWxApplet() && !in_array($this->action, $this->noNeedAuth)) { $action = strtolower("/" . $this->controller . "/" . $this->action); $menu_request = Menurequest::where('path', $action)->find(); if($menu_request){ if (empty($list)) { $userid = $this->userinfo['user_id'] ?? 0; $list = User::getUserRole($userid,"base",$this->token); if (!isset($list[$action])) { throw new \Exception("没有权限", 2); } // $userRoleids = UserRole::where('user_id', $userid)->column('role_id'); // if (!in_array(1, $userRoleids)) { // $arr = OrgRole::where('role_id', 'IN', $userRoleids)->column('request_ids'); // $request_list = []; // foreach ($arr as $request_id) { // $one_data = explode(',', $request_id); // $mergedArray = array_merge($request_list, $one_data); // $request_list = array_unique($mergedArray); // } // $request_ids = is_array($request_list) ? $request_list : explode(',', $request_list); // $requestlist = Menurequest::where('menu_request_id', 'IN', $request_ids)->column('path', 'menu_request_id'); // foreach ($requestlist as $req_id => $path) { // $list[strtolower($path)] = $req_id; // } // if (!isset($list[$action])) { // throw new \Exception("没有权限", 2); // } // } } } } } /** 通用验证TOKEN是否有效 */ protected function checkToken($token = "") { $tokenModel = new Token; //检查token是否有效 if (!$tokenModel->checktoken($token)) { return Result(-1, "登录失效,请重新登录"); } $user = $tokenModel->tokenUser($token); // if (!$user) { // return Result(0, "未找到用户"); // } elseif ($user['status'] == 2) { // return Result(0, "您的帐号已被禁用,请联系管理员"); // } elseif ($user['role_code'] != 'SUPERADMIN' && empty($user['role'])) { // return Result(0, "用户角色未找到或被禁用"); // } elseif ($user['role_code'] != 'SUPERADMIN' && empty($user['role']['org'])) { // return Result(0, "用户所在组织未找到"); // } elseif ($user['role_code'] != 'SUPERADMIN' && $user['role']['org']['status'] == 2) { // return Result(0, "您所在的组织已被禁用,请联系管理员"); // } else { // return Result(1, "验证成功", $user); // } if (!$user) { return Result(0, "未找到用户"); } elseif ($user['status'] == 2) { return Result(0, "您的帐号已被禁用,请联系管理员"); } else { return Result(1, "验证成功", $user); } } /**通用验证编辑数据 */ protected function checkValidate() { $data = $this->request->param(); $controller = $this->app->request->controller(); $action = $this->app->request->action(); $validatePath = "app\\admin\\validate\\"; if (strtolower($action) == 'doedit') { $controllerStr = implode('\\', explode('.', $controller)); $validatePath .= $controllerStr; if (class_exists($validatePath)) { $check = $this->validate($data, $validatePath); //验证字段 if (true !== $check) { throw new \Exception($check, 2); } } else { throw new \Exception("验证器" . $controller . "不存在", 2); } } } /** * @title: 获取每个客户端的标识,用于存储不用客户端的缓存 * @desc: 描述 * @return {*} * @author: Rock * @method: POST * @Date: 2023-05-23 15:35:46 */ protected function getClientID() { return md5($_SERVER['HTTP_USER_AGENT'] . GetIP()); } /** * @title: PHP输出验证码 * @desc: * @param {} * @return {stream} {} {} {验证码数据} * @Author: Rock * @Date: 2021-12-03 10:23:30 * @LastEditTime: Do not edit */ protected function captcha() { $img = new \image\Image; $code = substr(str_shuffle('ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjklmnpqrstuvwxyz123456789'), mt_rand(1, 50), 4); cache('captcha_code' . $this->getClientID(), $code, 300); return $img::getAuthImage2($code); } /** * @title: 检查验证码是否正确 * @desc: * @param {string} {code} {} {验证码} * @return {*} * @Author: Rock * @Date: 2021-12-03 10:24:03 * @LastEditTime: Do not edit */ protected function captcha_check($code): bool { $cCode = cache('captcha_code' . $this->getClientID()); return strtolower(trim($code)) == strtolower($cCode); } }