Base.php 8.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228
  1. <?php
  2. namespace app\admin\controller;
  3. /**
  4. * @title : 后台管理模块基础继承控制器
  5. * @desc :
  6. * @Author : Rock
  7. * @Date : 2023-03-14 19:09:30
  8. */
  9. use app\BaseController;
  10. use app\common\model\base\menu\Menurequest;
  11. use app\common\model\base\user\Token;
  12. use app\common\model\base\org\Org;
  13. use app\common\model\base\org\OrgRole;
  14. use app\common\model\base\user\User;
  15. use app\common\model\base\user\UserRole;
  16. use app\common\model\base\user\Wxauth;
  17. use think\facade\Cache;
  18. class Base extends BaseController
  19. {
  20. /** 用户信息 */
  21. protected $userinfo;
  22. protected $org;
  23. /** 无需登录的方法 */
  24. protected $noNeedLogin = [];
  25. /** 无需权限的方法 */
  26. protected $noNeedAuth = [];
  27. /** 不使用全局验证的方法 */
  28. protected $noNeedValidate = [];
  29. protected $debug = false;
  30. public function initialize()
  31. {
  32. parent::initialize();
  33. $this->token = $_SERVER["HTTP_AUTHORIZATION"] ?? $_SERVER['HTTP_TOKEN'] ?? $this->request->param('token');
  34. $this->controller = $this->app->request->controller(true);
  35. $this->action = strtoupper($this->app->request->action(true));
  36. $this->noNeedLogin = array_map('strtoupper', $this->noNeedLogin);
  37. //无需登录的请求当然也不需要权限,所以无需权限的与无需登录合并
  38. $this->noNeedAuth = array_map('strtoupper', array_merge($this->noNeedAuth, $this->noNeedLogin));
  39. $this->checkLogin();
  40. //是否开启后台验证新增/编辑
  41. $sysValidate = cache('develop_validate');
  42. if (empty($sysValidate)) {
  43. $sysValidate = sysconfig('develop.validate');
  44. cache('develop_validate', $sysValidate, 86400);
  45. }
  46. $this->noNeedValidate = array_map('strtoupper', $this->noNeedValidate);
  47. if ($sysValidate == 1 && !in_array(strtoupper($this->action), $this->noNeedValidate)) {
  48. $this->checkValidate();
  49. }
  50. }
  51. /**
  52. * @title: 验证登录
  53. * @desc: 描述
  54. * @return {*}
  55. * @author: Rock
  56. * @method: POST
  57. * @Date: 2022-06-24 16:23:10
  58. */
  59. private function checkLogin()
  60. {
  61. //无需登录--需登录或者需要权限的请求都要验证登录
  62. if (!in_array($this->action, $this->noNeedLogin)) {
  63. $checkTokenRes = $this->checkToken($this->token);
  64. if ($checkTokenRes['code'] != 1) {
  65. throw new \Exception($checkTokenRes['msg'], 2);
  66. } else {
  67. $this->userinfo = $checkTokenRes['data'];
  68. $this->org = null;
  69. }
  70. // 如果要验证权限,必须先验证登录
  71. if (!$this->debug) {
  72. $this->checkAuth();
  73. }
  74. }
  75. }
  76. /**
  77. * @title: 验证权限
  78. * @desc: 添加权限缓存
  79. * @return {*}
  80. * @author: Rock
  81. * @method: POST
  82. * @Date: 2022-06-24 16:23:28
  83. */
  84. protected function checkAuth()
  85. {
  86. if (empty($this->userinfo)) {
  87. throw new \Exception("请先登录", 2);
  88. }
  89. if (!IsWxApplet() && !in_array($this->action, $this->noNeedAuth)) {
  90. $action = strtolower("/" . $this->controller . "/" . $this->action);
  91. $menu_request = Menurequest::where('path', $action)->find();
  92. if($menu_request){
  93. if (empty($list)) {
  94. $userid = $this->userinfo['user_id'] ?? 0;
  95. $list = User::getUserRole($userid,"base",$this->token);
  96. if (!isset($list[$action])) {
  97. throw new \Exception("没有权限", 2);
  98. }
  99. // $userRoleids = UserRole::where('user_id', $userid)->column('role_id');
  100. // if (!in_array(1, $userRoleids)) {
  101. // $arr = OrgRole::where('role_id', 'IN', $userRoleids)->column('request_ids');
  102. // $request_list = [];
  103. // foreach ($arr as $request_id) {
  104. // $one_data = explode(',', $request_id);
  105. // $mergedArray = array_merge($request_list, $one_data);
  106. // $request_list = array_unique($mergedArray);
  107. // }
  108. // $request_ids = is_array($request_list) ? $request_list : explode(',', $request_list);
  109. // $requestlist = Menurequest::where('menu_request_id', 'IN', $request_ids)->column('path', 'menu_request_id');
  110. // foreach ($requestlist as $req_id => $path) {
  111. // $list[strtolower($path)] = $req_id;
  112. // }
  113. // if (!isset($list[$action])) {
  114. // throw new \Exception("没有权限", 2);
  115. // }
  116. // }
  117. }
  118. }
  119. }
  120. }
  121. /** 通用验证TOKEN是否有效 */
  122. protected function checkToken($token = "")
  123. {
  124. $tokenModel = new Token;
  125. //检查token是否有效
  126. if (!$tokenModel->checktoken($token)) {
  127. return Result(-1, "登录失效,请重新登录");
  128. }
  129. $user = $tokenModel->tokenUser($token);
  130. // if (!$user) {
  131. // return Result(0, "未找到用户");
  132. // } elseif ($user['status'] == 2) {
  133. // return Result(0, "您的帐号已被禁用,请联系管理员");
  134. // } elseif ($user['role_code'] != 'SUPERADMIN' && empty($user['role'])) {
  135. // return Result(0, "用户角色未找到或被禁用");
  136. // } elseif ($user['role_code'] != 'SUPERADMIN' && empty($user['role']['org'])) {
  137. // return Result(0, "用户所在组织未找到");
  138. // } elseif ($user['role_code'] != 'SUPERADMIN' && $user['role']['org']['status'] == 2) {
  139. // return Result(0, "您所在的组织已被禁用,请联系管理员");
  140. // } else {
  141. // return Result(1, "验证成功", $user);
  142. // }
  143. if (!$user) {
  144. return Result(0, "未找到用户");
  145. } elseif ($user['status'] == 2) {
  146. return Result(0, "您的帐号已被禁用,请联系管理员");
  147. } else {
  148. return Result(1, "验证成功", $user);
  149. }
  150. }
  151. /**通用验证编辑数据 */
  152. protected function checkValidate()
  153. {
  154. $data = $this->request->param();
  155. $controller = $this->app->request->controller();
  156. $action = $this->app->request->action();
  157. $validatePath = "app\\admin\\validate\\";
  158. if (strtolower($action) == 'doedit') {
  159. $controllerStr = implode('\\', explode('.', $controller));
  160. $validatePath .= $controllerStr;
  161. if (class_exists($validatePath)) {
  162. $check = $this->validate($data, $validatePath);
  163. //验证字段
  164. if (true !== $check) {
  165. throw new \Exception($check, 2);
  166. }
  167. } else {
  168. throw new \Exception("验证器" . $controller . "不存在", 2);
  169. }
  170. }
  171. }
  172. /**
  173. * @title: 获取每个客户端的标识,用于存储不用客户端的缓存
  174. * @desc: 描述
  175. * @return {*}
  176. * @author: Rock
  177. * @method: POST
  178. * @Date: 2023-05-23 15:35:46
  179. */
  180. protected function getClientID()
  181. {
  182. return md5($_SERVER['HTTP_USER_AGENT'] . GetIP());
  183. }
  184. /**
  185. * @title: PHP输出验证码
  186. * @desc:
  187. * @param {}
  188. * @return {stream} {} {} {验证码数据}
  189. * @Author: Rock
  190. * @Date: 2021-12-03 10:23:30
  191. * @LastEditTime: Do not edit
  192. */
  193. protected function captcha()
  194. {
  195. $img = new \image\Image;
  196. $code = substr(str_shuffle('ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjklmnpqrstuvwxyz123456789'), mt_rand(1, 50), 4);
  197. cache('captcha_code' . $this->getClientID(), $code, 300);
  198. return $img::getAuthImage2($code);
  199. }
  200. /**
  201. * @title: 检查验证码是否正确
  202. * @desc:
  203. * @param {string} {code} {} {验证码}
  204. * @return {*}
  205. * @Author: Rock
  206. * @Date: 2021-12-03 10:24:03
  207. * @LastEditTime: Do not edit
  208. */
  209. protected function captcha_check($code): bool
  210. {
  211. $cCode = cache('captcha_code' . $this->getClientID());
  212. return strtolower(trim($code)) == strtolower($cCode);
  213. }
  214. }