panxiang/swiftadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix:优化auth权限,登录逻辑获取信息

Browse Source
This commit is contained in:
Ying
2022-12-02 11:16:57 +08:00
parent 66c75fb6b4
commit 1cba17c91c
31 changed files with 668 additions and 811 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
app/admin/controller/Login.php
View File

@@ -37,57 +37,45 @@ class Login extends AdminController
public function index(): \support\Response
{
// 禁止重复访问
if (isset(request()->adminData['id'])) {
$session = get_admin_info();
if (isset($session['id'])) {
return $this->redirect('/admin/index');
}
if (request()->isPost()) {
$user = request()->post('name');
$pwd = request()->post('pwd');
$captcha = request()->post('captcha');
if ((isset(request()->adminData['count'])
&& request()->adminData['count'] >= 5)
&& (isset(request()->adminData['time'])
&& request()->adminData['time'] >= strtotime('- 5 minutes'))
) {
$error = '错误次数过多,请稍后再试!';
$this->writeLoginLogs($error);
return $this->error($error);
if ((isset($session['count']) && $session['count'] >= 5)
&& (isset($session['time']) && $session['time'] >= strtotime('- 5 minutes'))) {
return $this->displayResponse('错误次数过多,请稍后再试!');
}
// 验证码
if (isset(request()->adminData['isCaptcha'])) {
if (isset($session['isCaptcha'])) {
if (!$captcha || !$this->captchaCheck($captcha)) {
$error = '验证码错误!';
$this->writeLoginLogs($error);
return $this->error($error);
return $this->displayResponse('验证码错误!');
}
}
// 验证表单令牌
if (!request()->checkToken('__token__', \request()->all())) {
$error = '表单令牌错误!';
$this->writeLoginLogs($error);
return $this->error($error, '', ['token' => token()]);
if (!request()->checkToken('__token__', request()->all())) {
return $this->displayResponse('表单令牌错误!', ['token' => token()]);
} else {
$result = Admin::checkLogin($user, $pwd);
if (empty($result)) {
request()->adminData['time'] = time();
request()->adminData['isCaptcha'] = true;
request()->adminData['count'] = isset(request()->adminData['count']) ? request()->adminData['count'] + 1 : 1;
request()->session()->set(AdminSession, request()->adminData);
$error = '用户名或密码错误!';
$this->writeLoginLogs($error);
Event::emit('adminLoginError', \request()->all());
return $this->error($error, '', ['token' => token()]);
$session['time'] = time();
$session['isCaptcha'] = true;
$session['count'] = isset($session['count']) ? $session['count'] + 1 : 1;
request()->session()->set(AdminSession, $session);
// 执行登录失败事件
Event::emit('adminLoginError', request()->all());
return $this->displayResponse('用户名或密码错误!', ['token' => token()]);
}
if ($result['status'] !== 1) {
$error = '账号已被禁用!';
$this->writeLoginLogs($error);
return $this->error($error);
return $this->displayResponse('账号已被禁用!');
}
$result->login_ip = request()->getRealIp();
@@ -97,30 +85,41 @@ class Login extends AdminController
try {
$result->save();
$session = array_merge(request()->adminData, $result->toArray());
$session = array_merge($session, $result->toArray());
request()->session()->set(AdminSession, $session);
} catch (\Throwable $th) {
return $this->error($th->getMessage());
}
$success = '登录成功!';
$this->writeLoginLogs($success, true);
Event::emit('adminLoginSuccess', $result->toArray());
return $this->success($success, $this->JumpUrl);
return $this->displayResponse('登录成功!', [] , $this->JumpUrl);
}
}
return view('login/index', [
'captcha' => request()->adminData['isCaptcha'] ?? false,
'captcha' => $session['isCaptcha'] ?? false,
]);
}
/**
* 退出登录
* @param string $msg
* @param array $data
* @param string $url
* @return Response
*/
private function displayResponse(string $msg = 'error', array $data = [], string $url = ''): Response
{
$this->adminLoginLog($msg, $url ? 1 : 0);
return empty($url) ? $this->error($msg, $url, $data) : $this->success($msg, $url);
}
/**
* 写入登录日志
* @param string $error
* @param int $status
*/
private function writeLoginLogs(string $error, int $status = 0)
private function adminLoginLog(string $error, int $status = 0)
{
$name = \request()->input('name');
$userAgent = \request()->header('user-agent');
@@ -131,7 +130,7 @@ class Login extends AdminController
$user_os = '未知';
}
$user_browser = preg_replace('/[^(]+\((.*?)[^)]+\) .*?/','$1',$userAgent);
$user_browser = preg_replace('/[^(]+\((.*?)[^)]+\) .*?/', '$1', $userAgent);
$data = [
'user_ip' => request()->getRealIp(),

23
app/admin/controller/system/Admin.php
View File

@@ -325,7 +325,7 @@ class Admin extends AdminController
$page = input('page', 1);
$limit = input('limit', 3);
// 计算最大页码
$data = AdminNotice::with(['admin'])->where(['type' => $type, 'admin_id' => \request()->admin_id])
$data = AdminNotice::with(['admin'])->where(['type' => $type, 'admin_id' => get_admin_id()])
->order('id', 'desc')->paginate(['list_rows' => $limit, 'page' => $page])->toArray();
return $this->success('获取成功', '', $data);
}
@@ -333,7 +333,7 @@ class Admin extends AdminController
foreach ($array as $item) {
$where = [
['type', '=', $item],
['admin_id', '=', request()->admin_id]
['admin_id', '=', get_admin_id()]
];
$count[$item] = AdminNotice::where($where)->where('status', 0)->count();
$list[$item] = AdminNotice::with(['admin'])->withoutField('content')->where($where)->limit(3)->order('id desc')->select()->toArray();
@@ -358,7 +358,7 @@ class Admin extends AdminController
$type = input('type', 'notice');
if (!empty($id)) {
$detail = AdminNotice::with(['admin'])->where(['id' => $id, 'admin_id' => \request()->admin_id])->find();
$detail = AdminNotice::with(['admin'])->where(['id' => $id, 'admin_id' => get_admin_id()])->find();
if (empty($detail)) {
return $this->error('404 Not Found');
}
@@ -383,7 +383,7 @@ class Admin extends AdminController
{
if (\request()->post()) {
$post = request()->post();
$post['send_id'] = request()->admin_id;
$post['send_id'] = get_admin_id();
$post['type'] = 'message';
$post['send_ip'] = request()->getRealIp();
$post['create_time'] = time();
@@ -404,7 +404,7 @@ class Admin extends AdminController
if (empty($id)) {
throw new Exception('参数错误');
}
AdminNotice::where(['id' => $id, 'admin_id' => request()->admin_id])->update(['status' => $status]);
AdminNotice::where(['id' => $id, 'admin_id' => get_admin_id()])->update(['status' => $status]);
} catch (Exception $e) {
return $this->error('更新失败');
}
@@ -424,7 +424,7 @@ class Admin extends AdminController
$where = [
['type', '=', $type],
['status', '=', 1],
['admin_id', '=', request()->admin_id]
['admin_id', '=', get_admin_id()]
];
try {
AdminNotice::where($where)->delete();
@@ -446,7 +446,7 @@ class Admin extends AdminController
$type = input('type', 'notice');
$where = [
['type', '=', $type],
['admin_id', '=', request()->admin_id]
['admin_id', '=', get_admin_id()]
];
try {
AdminNotice::where($where)->update(['status' => 1]);
@@ -468,10 +468,9 @@ class Admin extends AdminController
*/
public function center(Request $request): \support\Response
{
if (request()->isPost()) {
$post = request()->post();
$post['id'] = $request->admin_id;
$post['id'] = get_admin_id();
if ($this->model->update($post)) {
return $this->success();
}
@@ -480,7 +479,7 @@ class Admin extends AdminController
}
$title = [];
$data = $this->model->find($request->admin_id);
$data = $this->model->find(get_admin_id());
if (!empty($data['group_id'])) {
$group = AdminGroupModel::field('title')
->whereIn('id', $data['group_id'])
@@ -505,7 +504,7 @@ class Admin extends AdminController
{
if (request()->isAjax()) {
$post = request()->post();
$id = $request->admin_id;
$id = get_admin_id();
try {
//code...
switch ($post['field']) {
@@ -571,7 +570,7 @@ class Admin extends AdminController
}
// 查找数据
$where[] = ['id', '=', request()->admin_id];
$where[] = ['id', '=', get_admin_id()];
$where[] = ['pwd', '=', encryptPwd($pwd)];
$result = $this->model->where($where)->find();

7
app/admin/controller/system/Plugin.php
View File

@@ -1,5 +1,6 @@
<?php
declare (strict_types=1);
// +----------------------------------------------------------------------
// | swiftAdmin 极速开发框架 [基于WebMan开发]
// +----------------------------------------------------------------------
@@ -11,8 +12,7 @@ declare (strict_types=1);
// +----------------------------------------------------------------------
namespace app\admin\controller\system;
set_time_limit(600);
use GuzzleHttp\Exception\TransferException;
use support\Response;
use system\File;
@@ -276,6 +276,9 @@ class Plugin extends AdminController
public function config(): Response
{
$name = input('name');
if (!empty($name)) {
$name = strtolower(trim($name));
}
if (preg_replace('/[^a-zA-Z0-9]/i', '', $name) !== $name) {
return $this->error('插件名称只能是字母和数字');
}

53
app/admin/library/Auth.php
View File

@@ -103,9 +103,9 @@ class Auth
* @param string $mode 执行check的模式
* @param string $relation 如果为 'or' 表示满足任一条规则即通过验证;如果为 'and'则表示需满足所有规则才能通过验证
* @return bool 通过验证返回true;失败返回false
* @throws \think\db\exception\DataNotFoundException
* @throws \think\db\exception\DbException
* @throws \think\db\exception\ModelNotFoundException
* @throws DataNotFoundException
* @throws DbException
* @throws ModelNotFoundException
*/
public function check($name, int $admin_id = 0, int $type = 1, string $mode = 'url', string $relation = 'or'): bool
{
@@ -203,9 +203,9 @@ class Auth
* 获取权限菜单
* @access public
* @return mixed
* @throws \think\db\exception\DataNotFoundException
* @throws \think\db\exception\DbException
* @throws \think\db\exception\ModelNotFoundException
* @throws DataNotFoundException
* @throws DbException
* @throws ModelNotFoundException
*/
public function getRulesMenu()
{
@@ -231,9 +231,9 @@ class Auth
* @param $admin_id
* @param array $nodes
* @return array
* @throws \think\db\exception\DataNotFoundException
* @throws \think\db\exception\DbException
* @throws \think\db\exception\ModelNotFoundException
* @throws DataNotFoundException
* @throws DbException
* @throws ModelNotFoundException
*/
public function getAuthList($admin_id, array $nodes = []): array
{
@@ -342,11 +342,11 @@ class Auth
/**
* 超级管理员
* @access public
* @return bool
* @throws \think\db\exception\DataNotFoundException
* @throws \think\db\exception\DbException
* @throws \think\db\exception\ModelNotFoundException
* @access public
* @return bool
* @throws DataNotFoundException
* @throws DbException
* @throws ModelNotFoundException
*/
public function superAdmin(): bool
{
@@ -363,9 +363,9 @@ class Auth
* 管理组分级鉴权
* @param array $groupIDs
* @return bool
* @throws \think\db\exception\DataNotFoundException
* @throws \think\db\exception\DbException
* @throws \think\db\exception\ModelNotFoundException
* @throws DataNotFoundException
* @throws DbException
* @throws ModelNotFoundException
*/
public function checkRulesForGroup(array $groupIDs = []): bool
{
@@ -395,23 +395,22 @@ class Auth
* 获取用户信息
* @param $admin_id
* @return array
* @throws \think\db\exception\DataNotFoundException
* @throws \think\db\exception\DbException
* @throws \think\db\exception\ModelNotFoundException
* @throws DataNotFoundException
* @throws DbException
* @throws ModelNotFoundException
*/
public function getAdminData($admin_id): array
public function getAdminInfo($admin_id): array
{
$admin_id = $admin_id ?? session('AdminLogin.id');
static $AdminData = [];
$admin_id = $admin_id ?? get_admin_id();
static $AdminArray = [];
$user = Db::name('admin');
// 获取用户表主键
$_pk = is_string($user->getPk()) ? $user->getPk() : 'id';
if (!isset($AdminData[$admin_id])) {
$AdminData[$admin_id] = $user->where($_pk, $admin_id)->find();
if (!isset($AdminArray[$admin_id])) {
$AdminArray[$admin_id] = $user->where($_pk, $admin_id)->find();
}
return $AdminData[$admin_id];
return $AdminArray[$admin_id];
}
/**

40
app/admin/middleware/system/AdminPermissions.php
View File

@@ -41,24 +41,28 @@ class AdminPermissions implements MiddlewareInterface
* @throws DataNotFoundException
* @throws DbException
* @throws InvalidArgumentException
* @throws ModelNotFoundException
* @throws ModelNotFoundException|\ReflectionException
*/
public function process(Request $request, callable $handler): Response
{
$app = request()->getApp();
$app = request()->getApp();
$controller = request()->getController();
$action = request()->getAction();
$action = request()->getAction();
$AdminLogin = request()->session()->get(AdminSession);
if (!isset($AdminLogin['id']) && strtolower($controller) !== 'login') {
return redirect(url('/login/index'));
}
// 判断是否需要鉴权
$request->admin_id = $AdminLogin['id'] ?? 0;
$request->adminData = $AdminLogin ?? [];
$method = '/' . $controller. '/' .$action;
if (!in_array($method, $this->noNeedAuth) && !in_array('*', $this->noNeedAuth)) {
if (!Auth::instance()->SuperAdmin() && !Auth::instance()->check($method, $request->admin_id)) {
// 获取权限列表
$class = new \ReflectionClass($request->controller);
$properties = $class->getDefaultProperties();
$this->noNeedAuth = $properties['noNeedAuth'] ?? $this->noNeedAuth;
// 控制器鉴权
$method = '/' . $controller . '/' . $action;
if (!in_array('*', $this->noNeedAuth)
&& !in_array(strtolower($method), array_map('strtolower', $this->noNeedAuth))) {
if (!Auth::instance()->SuperAdmin() && !Auth::instance()->check($method, get_admin_id())) {
if (request()->isAjax()) {
return json(['code' => 101, 'msg' => '没有权限']);
} else {
@@ -67,9 +71,14 @@ class AdminPermissions implements MiddlewareInterface
}
}
// 控制器中间件分发
$id = input('id');
/**
* Admin应用
* 控制器权限分发
*/
if (\request()->isPost()) {
$id = input('id');
if ($controller == 'system/Admin') {
if ($data = AdminModel::getById($id)) {
$group_id = input('group_id');
@@ -79,7 +88,9 @@ class AdminPermissions implements MiddlewareInterface
return json(ResultCode::AUTH_ERROR);
}
}
} else if ($controller == 'system/AdminGroup') {
}
if ($controller == 'system/AdminGroup') {
if (!empty($id) && $id >= 1) {
if (!Auth::instance()->checkRulesForGroup((array)$id)) {
return json(ResultCode::AUTH_ERROR);
@@ -88,11 +99,12 @@ class AdminPermissions implements MiddlewareInterface
}
}
// 分配当前管理员信息
View::assign('app', $app);
View::assign('controller', $controller);
View::assign('action', $action);
View::assign('AdminLogin', $AdminLogin);
$this->writeAdminRequestLogs();
self::writeAdminRequestLogs();
return $handler($request);
}
@@ -103,7 +115,7 @@ class AdminPermissions implements MiddlewareInterface
* @throws DbException
* @throws ModelNotFoundException
*/
public function writeAdminRequestLogs()
public static function writeAdminRequestLogs()
{
if (saenv('system_logs')) {

2
app/admin/view/system/admin/center.html
View File

@@ -160,7 +160,7 @@
</div>
<div class="dash"></div>
<h3>{:__('标签')} <i class="layui-inputags layui-icon layui-icon-add-1" style="color: #666"></i> </h3>
<div class="layui-badge-list" style="padding-top: 6px;"> <volist name="$data.tags" id="vo">
<div class="layui-badge-list" style="padding-top: 6px;"> <volist name="$data['tags']" id="vo">
<span class="layui-badge layui-bg-gray"><i class="layui-icon layui-icon-close"></i>{$vo}</span>
</volist>
</div>