From 130ca24c253e55473f23ae4aa0bf29b940c6831b Mon Sep 17 00:00:00 2001 From: liapples Date: Wed, 11 Aug 2021 16:07:06 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0ApiBase=E4=B8=AD=E9=97=B4?= =?UTF-8?q?=E4=BB=B6=EF=BC=8C=E5=88=86=E7=A6=BBController=E4=B8=AD?= =?UTF-8?q?=E7=9A=84=E7=94=A8=E6=88=B7=E5=92=8C=E5=95=86=E6=88=B7=E5=88=A4?= =?UTF-8?q?=E6=96=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/Http/Controllers/Controller.php | 23 ++--------- .../Middleware/{AuthApi.php => ApiAuth.php} | 23 ++++++----- app/Http/Middleware/ApiBase.php | 38 +++++++++++++++++++ routes/api.php | 6 ++- 4 files changed, 59 insertions(+), 31 deletions(-) rename app/Http/Middleware/{AuthApi.php => ApiAuth.php} (54%) create mode 100644 app/Http/Middleware/ApiBase.php diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php index 0c9b7d9..a0069bc 100644 --- a/app/Http/Controllers/Controller.php +++ b/app/Http/Controllers/Controller.php @@ -2,8 +2,6 @@ namespace App\Http\Controllers; -use App\Models\Agent; -use App\Models\User; use Illuminate\Support\Facades\Cache; use Illuminate\Foundation\Auth\Access\AuthorizesRequests; use Illuminate\Foundation\Bus\DispatchesJobs; @@ -25,25 +23,12 @@ class Controller extends BaseController $auth = request()->header('Authentication'); $appid = request()->header('appid'); - //检查用户 + //代理商和用户已经在中间件中检查过了,这里不再重复检查,也避免后台出错 if ($auth) { $this->user_id = Cache::get($auth); - if ($this->user_id) { - $user = User::query()->firstWhere(['id' => $this->user_id, 'status' => 1]); - } - if (empty($user)) { - $this->error('用户不存在或已被禁用' . $this->user_id); - exit(); - } } - //检查代理商 - $agent = Agent::query()->firstWhere(['appid' => $appid, 'status' => 1]); - if (!$agent) { - $this->error('商户不存在或已被禁用'); - exit(); - } - $this->agent_id = $agent->id; + $this->agent_id = Cache::get($appid, 0); } protected function success($data = [], $msg = 'success', $code = 0, $status = 200) @@ -54,7 +39,7 @@ class Controller extends BaseController 'data' => $data, 'status' => $status, 'debug_time' => microtime(true) - LARAVEL_START - ])->send(); + ]); } protected function error($msg = 'error', $code = -1, $status = 500) @@ -65,6 +50,6 @@ class Controller extends BaseController 'data' => [], 'status' => $status, 'debug_time' => microtime(true) - LARAVEL_START - ])->send(); + ]); } } diff --git a/app/Http/Middleware/AuthApi.php b/app/Http/Middleware/ApiAuth.php similarity index 54% rename from app/Http/Middleware/AuthApi.php rename to app/Http/Middleware/ApiAuth.php index efc71f5..c3817fb 100644 --- a/app/Http/Middleware/AuthApi.php +++ b/app/Http/Middleware/ApiAuth.php @@ -2,38 +2,41 @@ namespace App\Http\Middleware; +use App\Models\User; use Closure; use Illuminate\Http\Request; use Illuminate\Support\Facades\Cache; -class AuthApi +class ApiAuth { /** * Handle an incoming request. * - * @param \Illuminate\Http\Request $request - * @param \Closure $next + * @param Request $request + * @param Closure $next * @return mixed */ public function handle(Request $request, Closure $next) { $auth = $request->header('Authentication'); - $appid = $request->header('appid'); - if (!$auth || !$appid) { + + if (empty($auth)) { return response()->json([ 'code' => -1, - 'msg' => 'header参数缺失', + 'msg' => '关键认证参数缺失', 'data' => [], 'status' => 500, ]); } - // TODO 登录部分待优化 - if (!Cache::get($auth)) { + + //检查用户 TODO 登录部分待优化 + $user_id = Cache::get($auth); + if (empty($user_id) || $user_id != User::query()->where(['id' => $user_id, 'status' => 1])->value('id')) { return response()->json([ 'code' => -1, - 'msg' => '请先登录', + 'msg' => '登录已超时或用户不存在,请重新登录', 'data' => [], - 'status' => 500, + 'status' => 403, ]); } return $next($request); diff --git a/app/Http/Middleware/ApiBase.php b/app/Http/Middleware/ApiBase.php new file mode 100644 index 0000000..0d3cb06 --- /dev/null +++ b/app/Http/Middleware/ApiBase.php @@ -0,0 +1,38 @@ +header('appid'); + + if (empty($appid)) { + return response()->json([ + 'code' => -1, + 'msg' => '商户信息缺失', + 'data' => [], + 'status' => 500, + ]); + } + + //检查代理商 + $agent_id = Cache::get($appid); + if (empty($agent_id) || $agent_id != Agent::query()->where(['appid' => $appid, 'status' => 1])->value('id')) { + return response()->json([ + 'code' => -1, + 'msg' => '商户不存在或已被禁用', + 'data' => [], + 'status' => 403, + ]); + } + Cache::put($appid, $agent_id); + return $next($request); + } +} diff --git a/routes/api.php b/routes/api.php index bd1960a..a51e3bf 100644 --- a/routes/api.php +++ b/routes/api.php @@ -22,7 +22,9 @@ use Illuminate\Support\Facades\Route; Route::post('login', 'App\Http\Controllers\Api\LoginController@login'); # 无需登录可获取数据 -Route::namespace('App\Http\Controllers\Api')->group(function () { +Route::namespace('App\Http\Controllers\Api') + ->middleware(App\Http\Middleware\ApiBase::class) + ->group(function () { # 首页 Route::post('index', 'IndexController@index'); @@ -77,7 +79,7 @@ Route::namespace('App\Http\Controllers\Api')->group(function () { # 需要登录才能请求 Route::namespace('App\Http\Controllers\Api') - ->middleware(App\Http\Middleware\AuthApi::class) + ->middleware([App\Http\Middleware\ApiBase::class, App\Http\Middleware\ApiAuth::class]) ->group(function () { # 我的频道 Route::prefix('user_channel')->group(function () {