panxiang/swiftadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 修复登录缓存BUG

Browse Source
This commit is contained in:
Ying
2022-08-22 19:07:32 +08:00
parent 6e1b38a34b
commit 257cb95123
9 changed files with 74 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/AdminController.php
View File

@@ -11,12 +11,9 @@
namespace app;
use app\admin\library\Auth;
use app\common\model\system\SystemLog;
use Psr\SimpleCache\InvalidArgumentException;
use support\Response;
use think\helper\Str;
use Webman\Http\Request;
define('AdminSession', 'AdminLogin');
class AdminController extends BaseController
{
@@ -74,12 +71,6 @@ class AdminController extends BaseController
*/
public $admin = [];
/**
* 管理员会话标识
* @var string
*/
public $sename = 'AdminLogin';
/**
* 获取模板
* @access protected
@@ -560,11 +551,10 @@ class AdminController extends BaseController
*/
public function logout(): Response
{
request()->session()->set($this->sename, null);
request()->session()->set(AdminSession, null);
return $this->success('退出成功!', $this->JumpUrl);
}
/**
* 错误页面
* @param int $code

42
app/admin/controller/Login.php
View File

@@ -5,6 +5,11 @@ namespace app\admin\controller;
use app\AdminController;
use app\common\model\system\Admin;
use app\common\model\system\LoginLog;
use Psr\SimpleCache\InvalidArgumentException;
use support\Response;
use think\db\exception\DataNotFoundException;
use think\db\exception\DbException;
use think\db\exception\ModelNotFoundException;
use Webman\Event\Event;
use Webman\Http\Request;
@@ -12,8 +17,7 @@ class Login extends AdminController
{
/**
* 初始化方法
* @param Request $request
* @return \support\Response|void
* @return void
* @throws \Exception
*/
public function __construct()
@@ -25,15 +29,16 @@ class Login extends AdminController
/**
* 登录函数
* @return \support\Response
* @throws \think\db\exception\DataNotFoundException
* @throws \think\db\exception\DbException
* @throws \think\db\exception\ModelNotFoundException
* @return Response
* @throws InvalidArgumentException
* @throws DataNotFoundException
* @throws DbException
* @throws ModelNotFoundException
*/
public function index(): \support\Response
{
// 禁止重复访问
if (isset($this->admin['id'])) {
if (isset(request()->adminInfo['id'])) {
return $this->redirect('/admin/index');
}
@@ -42,10 +47,10 @@ class Login extends AdminController
$user = request()->post('name');
$pwd = request()->post('pwd');
$captcha = request()->post('captcha');
if ((isset($this->admin['count'])
&& $this->admin['count'] >= 5)
&& (isset($this->admin['time'])
&& $this->admin['time'] >= strtotime('- 5 minutes'))
if ((isset(request()->adminInfo['count'])
&& request()->adminInfo['count'] >= 5)
&& (isset(request()->adminInfo['time'])
&& request()->adminInfo['time'] >= strtotime('- 5 minutes'))
) {
$error = '错误次数过多,请稍后再试!';
$this->writeLoginLogs($error);
@@ -53,7 +58,7 @@ class Login extends AdminController
}
// 验证码
if (isset($this->admin['isCaptcha'])) {
if (isset(request()->adminInfo['isCaptcha'])) {
if (!$captcha || !$this->captchaCheck($captcha)) {
$error = '验证码错误!';
$this->writeLoginLogs($error);
@@ -70,10 +75,10 @@ class Login extends AdminController
$result = Admin::checkLogin($user, $pwd);
if (empty($result)) {
$this->admin['time'] = time();
$this->admin['isCaptcha'] = true;
$this->admin['count'] = isset($this->admin['count']) ? $this->admin['count'] + 1 : 1;
\request()->session()->set($this->sename, $this->admin);
request()->adminInfo['time'] = time();
request()->adminInfo['isCaptcha'] = true;
request()->adminInfo['count'] = isset(request()->adminInfo['count']) ? request()->adminInfo['count'] + 1 : 1;
request()->session()->set(AdminSession, request()->adminInfo);
$error = '用户名或密码错误!';
$this->writeLoginLogs($error);
Event::emit('adminLoginError', \request()->all());
@@ -93,7 +98,8 @@ class Login extends AdminController
try {
$result->save();
request()->session()->set($this->sename, $result->toArray());
$session = array_merge(request()->adminInfo, $result->toArray());
request()->session()->set(AdminSession, $session);
} catch (\Throwable $th) {
return $this->error($th->getMessage());
}
@@ -106,7 +112,7 @@ class Login extends AdminController
}
return view('login/index', [
'captcha' => $this->admin['isCaptcha'] ?? false,
'captcha' => request()->adminInfo['isCaptcha'] ?? false,
]);
}

25
app/admin/controller/system/Admin.php
View File

@@ -19,6 +19,10 @@ use app\common\model\system\Department;
use app\common\model\system\Admin as AdminModel;
use app\common\model\system\AdminGroup as AdminGroupModel;
use app\common\model\system\AdminAccess as AdminAccessModel;
use think\db\exception\DataNotFoundException;
use think\db\exception\DbException;
use think\db\exception\ModelNotFoundException;
use Webman\Http\Request;
/**
* 管理员管理
@@ -353,14 +357,18 @@ class Admin extends AdminController
/**
* 个人中心
* @param Request $request
* @return mixed
* @throws DataNotFoundException
* @throws DbException
* @throws ModelNotFoundException
*/
public function center(): \support\Response
public function center(Request $request): \support\Response
{
if (request()->isPost()) {
$post = request()->post();
$post['id'] = $this->admin['id'];
$post['id'] = $request->adminId;
if ($this->model->update($post)) {
return $this->success();
}
@@ -369,7 +377,7 @@ class Admin extends AdminController
}
$title = [];
$data = $this->model->find($this->admin['id']);
$data = $this->model->find($request->adminId);
if (!empty($data['group_id'])) {
$group = AdminGroupModel::field('title')
->whereIn('id', $data['group_id'])
@@ -390,11 +398,11 @@ class Admin extends AdminController
/**
* 修改个人资料
*/
public function modify()
public function modify(Request $request)
{
if (request()->isAjax()) {
$post = request()->post();
$id = $this->admin['id'];
$id = $request->adminId;
try {
//code...
switch ($post['field']) {
@@ -445,8 +453,11 @@ class Admin extends AdminController
/**
* 修改密码
* @return mixed
* @throws DataNotFoundException
* @throws DbException
* @throws ModelNotFoundException
*/
public function pwd(): \support\Response
public function pwd(Request $request): \support\Response
{
if (request()->isPost()) {
@@ -457,7 +468,7 @@ class Admin extends AdminController
}
// 查找数据
$where[] = ['id', '=', $this->admin['id']];
$where[] = ['id', '=', $request->admin_id];
$where[] = ['pwd', '=', encryptPwd($pwd)];
$result = $this->model->where($where)->find();

7
app/admin/middleware/system/AdminLogin.php
View File

@@ -16,10 +16,9 @@ class AdminLogin implements MiddlewareInterface
{
public function process(Request $request, callable $handler) : Response
{
$_security = Auth::instance()->getToken('_security');
$_buildToken = 'salt_' . $_security;
if (empty($_security) || !Cache::get($_buildToken)) {
$request->session()->delete('AdminLogin');
$AdminLogin = \request()->session()->get(AdminSession);
if (!isset($AdminLogin['_security'])) {
$request->session()->delete(AdminSession);
return response(request_error(), 404);
}

12
app/admin/middleware/system/AdminPermissions.php
View File

@@ -48,14 +48,17 @@ class AdminPermissions implements MiddlewareInterface
$app = request()->getApp();
$controller = request()->getController();
$action = request()->getAction();
$AdminLogin = request()->session()->get('AdminLogin');
$AdminLogin = request()->session()->get(AdminSession);
if (!isset($AdminLogin['id']) && strtolower($controller) !== 'login') {
return redirect(url('/login/index'));
}
// 判断是否需要鉴权
$request->adminId = $AdminLogin['id'] ?? 0;
$request->adminInfo = $AdminLogin ?? [];
$method = '/' . $controller. '/' .$action;
if (!in_array($method, $this->noNeedAuth) && !in_array('*', $this->noNeedAuth)) {
if (!Auth::instance()->SuperAdmin() && !Auth::instance()->check($method, $AdminLogin['id'])) {
if (!Auth::instance()->SuperAdmin() && !Auth::instance()->check($method, $request->adminId)) {
if (request()->isAjax()) {
return json(['code' => 101, 'msg' => '没有权限']);
} else {
@@ -64,10 +67,7 @@ class AdminPermissions implements MiddlewareInterface
}
}
/**
* 分发请求
* 控制器中间件
*/
// 控制器中间件分发
$id = input('id');
if (\request()->isPost()) {
if ($controller == 'system/Admin') {

10
app/admin/view/system/admin/message.html
View File

@@ -15,7 +15,7 @@
<div class="layui-message-list" >
<volist name="list['msg']" id="vo">
<a class="layui-message-list-item" href="javascript:;">
<img class="layui-message-item-icon" src="__ADMINIMAGES__/message.png">
<img class="layui-message-item-icon" src="__ADMINIMAGES__message.png">
<!-- <i class="layui-message-item-icon layui-icon layui-icon-email"></i> -->
<div class="layui-message-item-right">
<h2 class="layui-message-item-title">{$vo.title}</h2>
@@ -27,7 +27,7 @@
<!-- // 列表为空 -->
<div class="layui-message-list-empty" <empty name="$list['msg']"> style="display:black;" <else/> style="display:none;" </empty> >
<img src="__ADMINIMAGES__/noting.png"><div>{:__('没有通知')}</div>
<img src="__ADMINIMAGES__noting.png"><div>{:__('没有通知')}</div>
</div>
<!-- // 底部操作 -->
@@ -43,7 +43,7 @@
<div class="layui-message-list" >
<volist name="list['comment']" id="vo">
<a class="layui-message-list-item" href="javascript:;">
<img class="layui-message-item-icon" src="__ADMINIMAGES__/head.png">
<img class="layui-message-item-icon" src="__ADMINIMAGES__head.png">
<div class="layui-message-item-right">
<h2 class="layui-message-item-title">{$vo.title}</h2>
<p class="layui-message-item-text">{$vo.content}</p>
@@ -56,7 +56,7 @@
<!-- // 列表为空 -->
<div class="layui-message-list-empty" <empty name="$list['comment']"> style="display:black;" <else/> style="display:none;" </empty> >
<img src="__ADMINIMAGES__/noting.png"><div>{:__('没有私信')}</div>
<img src="__ADMINIMAGES__noting.png"><div>{:__('没有私信')}</div>
</div>
<notempty name="$list['msg']">
<div class="layui-message-footer">
@@ -86,7 +86,7 @@
<!-- // 列表为空 -->
<div class="layui-message-list-empty" <empty name="$list['things']"> style="display:black;" <else/> style="display:none;" </empty> >
<img src="__ADMINIMAGES__/noting.png"><div>{:__('没有待办')}</div>
<img src="__ADMINIMAGES__noting.png"><div>{:__('没有待办')}</div>
</div>
<notempty name="$list['things']">
<div class="layui-message-footer">

2
app/index/middleware/system/IndexPermissions.php
View File

@@ -61,7 +61,7 @@ class IndexPermissions implements MiddlewareInterface
$this->needLogin = $property['needLogin'] ?? false;
$this->noNeedAuth = $property['noNeedAuth'] ?? [];
$this->repeatLogin = $property['repeatLogin'] ?? ['login', 'register'];
$this->JumpUrl = $property['JumpUrl'] ?: '/user/index';
$this->JumpUrl = $property['JumpUrl'] ?? '/user/index';
}
// 是否验证登录器

6
config/route.php
View File

@@ -21,10 +21,8 @@ if ($defineRoute && is_array($defineRoute)) {
}
Route::any('/manage', function () {
$buildToken = request()->buildToken();
$expireTime = config('session.cookie_lifetime');
Cache::set('salt_' . $buildToken, time(), $expireTime);
return redirect('/admin/login')->cookie('_security', $buildToken, $expireTime);
request()->session()->set(AdminSession, ['_security' => request()->buildToken()]);
return redirect('/admin/login');
});
Route::any('/captcha', [app\BaseController::class, 'captcha']);

13
support/Request.php
View File

@@ -20,6 +20,7 @@ use system\Random;
* Class Request
* @package support
*/
class Request extends \Webman\Http\Request
{
/**
@@ -33,6 +34,18 @@ class Request extends \Webman\Http\Request
*/
public $userInfo = [];
/**
* 管理员ID
* @var int
*/
public $adminId = 0;
/**
* 管理员信息
* @return string
*/
public $adminInfo = [];
/**
* 生成请求令牌
* @access public