fix: 修复登录缓存BUG

app/AdminController.php

@@ -11,12 +11,9 @@
 namespace app;
 
 use app\admin\library\Auth;
-use app\common\model\system\SystemLog;
-use Psr\SimpleCache\InvalidArgumentException;
 use support\Response;
 use think\helper\Str;
-use Webman\Http\Request;
+define('AdminSession', 'AdminLogin');
-
 class AdminController extends BaseController
 {
 
@@ -74,12 +71,6 @@ class AdminController extends BaseController
      */
     public $admin = [];
 
-    /**
-     * 管理员会话标识
-     * @var string
-     */
-    public $sename = 'AdminLogin';
-
     /**
      * 获取模板
      * @access   protected
@@ -560,11 +551,10 @@ class AdminController extends BaseController
      */
     public function logout(): Response
     {
-        request()->session()->set($this->sename, null);
+        request()->session()->set(AdminSession, null);
         return $this->success('退出成功！', $this->JumpUrl);
     }
 
-
     /**
      * 错误页面
      * @param int $code

app/admin/controller/Login.php

@@ -5,6 +5,11 @@ namespace app\admin\controller;
 use app\AdminController;
 use app\common\model\system\Admin;
 use app\common\model\system\LoginLog;
+use Psr\SimpleCache\InvalidArgumentException;
+use support\Response;
+use think\db\exception\DataNotFoundException;
+use think\db\exception\DbException;
+use think\db\exception\ModelNotFoundException;
 use Webman\Event\Event;
 use Webman\Http\Request;
 
@@ -12,8 +17,7 @@ class Login extends AdminController
 {
     /**
      * 初始化方法
-     * @param Request $request
+     * @return void
-     * @return \support\Response|void
      * @throws \Exception
      */
     public function __construct()
@@ -25,15 +29,16 @@ class Login extends AdminController
 
     /**
      * 登录函数
-     * @return \support\Response
+     * @return Response
-     * @throws \think\db\exception\DataNotFoundException
+     * @throws InvalidArgumentException
-     * @throws \think\db\exception\DbException
+     * @throws DataNotFoundException
-     * @throws \think\db\exception\ModelNotFoundException
+     * @throws DbException
+     * @throws ModelNotFoundException
      */
     public function index(): \support\Response
     {
         // 禁止重复访问
-        if (isset($this->admin['id'])) {
+        if (isset(request()->adminInfo['id'])) {
             return $this->redirect('/admin/index');
         }
 
@@ -42,10 +47,10 @@ class Login extends AdminController
             $user = request()->post('name');
             $pwd = request()->post('pwd');
             $captcha = request()->post('captcha');
-            if ((isset($this->admin['count'])
+            if ((isset(request()->adminInfo['count'])
-                    && $this->admin['count'] >= 5)
+                    && request()->adminInfo['count'] >= 5)
-                && (isset($this->admin['time'])
+                && (isset(request()->adminInfo['time'])
-                    && $this->admin['time'] >= strtotime('- 5 minutes'))
+                    && request()->adminInfo['time'] >= strtotime('- 5 minutes'))
             ) {
                 $error = '错误次数过多，请稍后再试！';
                 $this->writeLoginLogs($error);
@@ -53,7 +58,7 @@ class Login extends AdminController
             }
 
             // 验证码
-            if (isset($this->admin['isCaptcha'])) {
+            if (isset(request()->adminInfo['isCaptcha'])) {
                 if (!$captcha || !$this->captchaCheck($captcha)) {
                     $error = '验证码错误！';
                     $this->writeLoginLogs($error);
@@ -70,10 +75,10 @@ class Login extends AdminController
 
                 $result = Admin::checkLogin($user, $pwd);
                 if (empty($result)) {
-                    $this->admin['time'] = time();
+                    request()->adminInfo['time'] = time();
-                    $this->admin['isCaptcha'] = true;
+                    request()->adminInfo['isCaptcha'] = true;
-                    $this->admin['count'] = isset($this->admin['count']) ? $this->admin['count'] + 1 : 1;
+                    request()->adminInfo['count'] = isset(request()->adminInfo['count']) ? request()->adminInfo['count'] + 1 : 1;
-                    \request()->session()->set($this->sename, $this->admin);
+                    request()->session()->set(AdminSession, request()->adminInfo);
                     $error = '用户名或密码错误！';
                     $this->writeLoginLogs($error);
                     Event::emit('adminLoginError', \request()->all());
@@ -93,7 +98,8 @@ class Login extends AdminController
                 try {
 
                     $result->save();
-                    request()->session()->set($this->sename, $result->toArray());
+                    $session = array_merge(request()->adminInfo, $result->toArray());
+                    request()->session()->set(AdminSession, $session);
                 } catch (\Throwable $th) {
                     return $this->error($th->getMessage());
                 }
@@ -106,7 +112,7 @@ class Login extends AdminController
         }
 
         return view('login/index', [
-            'captcha' => $this->admin['isCaptcha'] ?? false,
+            'captcha' => request()->adminInfo['isCaptcha'] ?? false,
         ]);
     }
 

app/admin/controller/system/Admin.php

@@ -19,6 +19,10 @@ use app\common\model\system\Department;
 use app\common\model\system\Admin as AdminModel;
 use app\common\model\system\AdminGroup as AdminGroupModel;
 use app\common\model\system\AdminAccess as AdminAccessModel;
+use think\db\exception\DataNotFoundException;
+use think\db\exception\DbException;
+use think\db\exception\ModelNotFoundException;
+use Webman\Http\Request;
 
 /**
  * 管理员管理
@@ -353,14 +357,18 @@ class Admin extends AdminController
 
     /**
      * 个人中心
+     * @param Request $request
      * @return mixed
+     * @throws DataNotFoundException
+     * @throws DbException
+     * @throws ModelNotFoundException
      */
-    public function center(): \support\Response
+    public function center(Request $request): \support\Response
     {
 
         if (request()->isPost()) {
             $post = request()->post();
-            $post['id'] = $this->admin['id'];
+            $post['id'] = $request->adminId;
             if ($this->model->update($post)) {
                 return $this->success();
             }
@@ -369,7 +377,7 @@ class Admin extends AdminController
         }
 
         $title = [];
-        $data = $this->model->find($this->admin['id']);
+        $data = $this->model->find($request->adminId);
         if (!empty($data['group_id'])) {
             $group = AdminGroupModel::field('title')
                                     ->whereIn('id', $data['group_id'])
@@ -390,11 +398,11 @@ class Admin extends AdminController
     /**
      * 修改个人资料
      */
-    public function modify()
+    public function modify(Request $request)
     {
         if (request()->isAjax()) {
             $post = request()->post();
-            $id = $this->admin['id'];
+            $id = $request->adminId;
             try {
                 //code...
                 switch ($post['field']) {
@@ -445,8 +453,11 @@ class Admin extends AdminController
     /**
      * 修改密码
      * @return mixed
+     * @throws DataNotFoundException
+     * @throws DbException
+     * @throws ModelNotFoundException
      */
-    public function pwd(): \support\Response
+    public function pwd(Request $request): \support\Response
     {
         if (request()->isPost()) {
 
@@ -457,7 +468,7 @@ class Admin extends AdminController
             }
 
             // 查找数据
-            $where[] = ['id', '=', $this->admin['id']];
+            $where[] = ['id', '=', $request->admin_id];
             $where[] = ['pwd', '=', encryptPwd($pwd)];
             $result = $this->model->where($where)->find();
 

app/admin/middleware/system/AdminLogin.php

@@ -16,10 +16,9 @@ class AdminLogin implements MiddlewareInterface
 {
     public function process(Request $request, callable $handler) : Response
     {
-        $_security = Auth::instance()->getToken('_security');
+        $AdminLogin = \request()->session()->get(AdminSession);
-        $_buildToken = 'salt_' . $_security;
+        if (!isset($AdminLogin['_security'])) {
-        if (empty($_security) || !Cache::get($_buildToken)) {
+            $request->session()->delete(AdminSession);
-            $request->session()->delete('AdminLogin');
             return response(request_error(), 404);
         }
 

app/admin/middleware/system/AdminPermissions.php

@@ -48,14 +48,17 @@ class AdminPermissions implements MiddlewareInterface
         $app        = request()->getApp();
         $controller = request()->getController();
         $action     = request()->getAction();
-        $AdminLogin = request()->session()->get('AdminLogin');
+        $AdminLogin = request()->session()->get(AdminSession);
         if (!isset($AdminLogin['id']) && strtolower($controller) !== 'login') {
             return redirect(url('/login/index'));
         }
 
+        // 判断是否需要鉴权
+        $request->adminId  = $AdminLogin['id'] ?? 0;
+        $request->adminInfo = $AdminLogin ?? [];
         $method = '/' . $controller. '/' .$action;
         if (!in_array($method, $this->noNeedAuth) && !in_array('*', $this->noNeedAuth)) {
-            if (!Auth::instance()->SuperAdmin() && !Auth::instance()->check($method, $AdminLogin['id'])) {
+            if (!Auth::instance()->SuperAdmin() && !Auth::instance()->check($method, $request->adminId)) {
                 if (request()->isAjax()) {
                     return json(['code' => 101, 'msg' => '没有权限']);
                 } else {
@@ -64,10 +67,7 @@ class AdminPermissions implements MiddlewareInterface
             }
         }
 
-        /**
+        // 控制器中间件分发
-         * 分发请求
-         * 控制器中间件
-         */
         $id = input('id');
         if (\request()->isPost()) {
             if ($controller == 'system/Admin') {

app/admin/view/system/admin/message.html

@@ -15,7 +15,7 @@
             <div class="layui-message-list" >
                 <volist  name="list['msg']" id="vo">
                     <a class="layui-message-list-item" href="javascript:;">
-                    <img class="layui-message-item-icon" src="__ADMINIMAGES__/message.png">
+                    <img class="layui-message-item-icon" src="__ADMINIMAGES__message.png">
                     <!-- <i class="layui-message-item-icon layui-icon layui-icon-email"></i> -->
                     <div class="layui-message-item-right">
                         <h2 class="layui-message-item-title">{$vo.title}</h2>
@@ -27,7 +27,7 @@
 
             <!-- // 列表为空 -->
             <div class="layui-message-list-empty" <empty name="$list['msg']"> style="display:black;" <else/>  style="display:none;" </empty>  >
-                <img src="__ADMINIMAGES__/noting.png"><div>{:__('没有通知')}</div>
+                <img src="__ADMINIMAGES__noting.png"><div>{:__('没有通知')}</div>
             </div>  
 
             <!-- // 底部操作 -->
@@ -43,7 +43,7 @@
             <div class="layui-message-list" >
                 <volist  name="list['comment']" id="vo">
                 <a class="layui-message-list-item" href="javascript:;">
-                    <img class="layui-message-item-icon" src="__ADMINIMAGES__/head.png">
+                    <img class="layui-message-item-icon" src="__ADMINIMAGES__head.png">
                     <div class="layui-message-item-right">
                         <h2 class="layui-message-item-title">{$vo.title}</h2>
                         <p class="layui-message-item-text">{$vo.content}</p>
@@ -56,7 +56,7 @@
 
             <!-- // 列表为空 -->
             <div class="layui-message-list-empty" <empty name="$list['comment']"> style="display:black;" <else/>  style="display:none;" </empty>  >
-                <img src="__ADMINIMAGES__/noting.png"><div>{:__('没有私信')}</div>
+                <img src="__ADMINIMAGES__noting.png"><div>{:__('没有私信')}</div>
             </div>  
             <notempty name="$list['msg']">
             <div class="layui-message-footer">
@@ -86,7 +86,7 @@
            
             <!-- // 列表为空 -->
             <div class="layui-message-list-empty" <empty name="$list['things']"> style="display:black;" <else/>  style="display:none;" </empty>  >
-                <img src="__ADMINIMAGES__/noting.png"><div>{:__('没有待办')}</div>
+                <img src="__ADMINIMAGES__noting.png"><div>{:__('没有待办')}</div>
             </div>  
             <notempty name="$list['things']">
             <div class="layui-message-footer">

app/index/middleware/system/IndexPermissions.php

@@ -61,7 +61,7 @@ class IndexPermissions implements MiddlewareInterface
             $this->needLogin = $property['needLogin'] ?? false;
             $this->noNeedAuth = $property['noNeedAuth'] ?? [];
             $this->repeatLogin = $property['repeatLogin'] ?? ['login', 'register'];
-            $this->JumpUrl = $property['JumpUrl'] ?: '/user/index';
+            $this->JumpUrl = $property['JumpUrl'] ?? '/user/index';
         }
 
         // 是否验证登录器

config/route.php

@@ -21,10 +21,8 @@ if ($defineRoute && is_array($defineRoute)) {
 }
 
 Route::any('/manage', function () {
-    $buildToken = request()->buildToken();
+    request()->session()->set(AdminSession, ['_security' => request()->buildToken()]);
-    $expireTime = config('session.cookie_lifetime');
+    return redirect('/admin/login');
-    Cache::set('salt_' . $buildToken, time(), $expireTime);
-    return redirect('/admin/login')->cookie('_security', $buildToken, $expireTime);
 });
 
 Route::any('/captcha', [app\BaseController::class, 'captcha']);

support/Request.php

@@ -20,6 +20,7 @@ use system\Random;
  * Class Request
  * @package support
  */
+
 class Request extends \Webman\Http\Request
 {
     /**
@@ -33,6 +34,18 @@ class Request extends \Webman\Http\Request
      */
     public $userInfo = [];
 
+    /**
+     * 管理员ID
+     * @var int
+     */
+    public $adminId = 0;
+
+    /**
+     * 管理员信息
+     * @return string
+     */
+    public $adminInfo = [];
+
     /**
      * 生成请求令牌
      * @access public