gitea
/
webman_duanju
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
webman_duanju/app/common/library/Auth.php

649 lines
18 KiB
PHP
Raw Blame History

<?php
namespace app\common\library;
use app\api\model\TbUser;
use app\api\model\TbUserBlacklist;
use app\api\model\UserInfo;
use app\common\model\Common;
use app\common\model\SysUser;
use app\utils\JwtUtils;
use think\facade\Cache;
use Throwable;
use ba\Random;
use think\facade\Db;
use think\facade\Event;
use think\facade\Config;
use app\common\model\User;
use think\facade\Validate;
use app\common\facade\Token;
/**
* 公共权限类(会员权限类)
* @property int $id 会员ID
* @property string $username 会员用户名
* @property string $nickname 会员昵称
* @property string $email 会员邮箱
* @property string $mobile 会员手机号
* @property string $password 密码密文
* @property string $salt 密码盐
*/
class Auth
{
/**
* 需要登录时/无需登录时的响应状态代码
*/
public const LOGIN_RESPONSE_CODE = 401;
/**
* 需要登录标记 - 前台应清理 token、记录当前路由 path、跳转到登录页
*/
public const NEED_LOGIN = 'need login';
/**
* 已经登录标记 - 前台应跳转到基础路由
*/
public const LOGGED_IN = 'logged in';
/**
* token 入库 type
*/
public const TOKEN_TYPE = 'user';
/**
* 是否登录
* @var bool
*/
protected bool $loginEd = false;
/**
* 错误消息
* @var string
*/
protected string $error = '';
/**
* Model实例
* @var ?User
*/
protected $model = null;
protected $user_id_db_connect = null;
/**
* 令牌
* @var string
*/
protected string $token = '';
/**
* 刷新令牌
* @var string
*/
protected string $refreshToken = '';
/**
* 令牌默认有效期
* 可在 config/buildadmin.php 内修改默认值
* @var int
*/
protected int $keepTime = 0;
/**
* 刷新令牌有效期
* @var int
*/
protected int $refreshTokenKeepTime = 0;
/**
* 允许输出的字段
* @var array
*/
protected array $allowFields = ['user_id', 'username', 'nickname', 'email', 'mobile', 'avatar', 'gender', 'birthday', 'money', 'score', 'join_time', 'motto', 'last_login_time', 'last_login_ip'];
public function __construct(array $config = [])
{
// parent::__construct(array_merge([
// 'auth_group' => 'user_group', // 用户组数据表名
// 'auth_group_access' => '', // 用户-用户组关系表(关系字段)
// 'auth_rule' => 'user_rule', // 权限规则表
// ], $config));
//
// $this->setKeepTime((int)config('buildadmin.user_token_keep_time'));
}
/**
* 魔术方法-会员信息字段
* @param $name
* @return mixed 字段信息
*/
public function __get($name): mixed
{
return $this->model[$name];
}
/**
* 初始化
* @access public
* @param array $options 传递给 /ba/Auth 的参数
* @return Auth
*/
public static function instance(array $options = []): Auth
{
$request = request();
if (!isset($request->userAuth)) {
$request->userAuth = new static($options);
}
return $request->userAuth;
}
/**
* 根据Token初始化会员登录态
* @param $token
* @return bool
* @throws Throwable
*/
public function init($token): bool
{
$jwtUtil = (new JwtUtils());
$tokenData = $jwtUtil->getClaimByToken($token);
if ($tokenData) {
/**
* 过期检查,过期则抛出 @see TokenExpirationException
*/
$userId = $tokenData->sub;
if (!isset($tokenData->type) || ($tokenData->type == self::TOKEN_TYPE && $userId > 0)) {
$where = $sale = ['user_id' => $userId];
$user_id_db_name = DatabaseRoute::getConnection('tb_user', $sale);
$this->model = Db::connect($user_id_db_name)->name('tb_user')->where($where)->find();
if (!$this->model) {
$this->setError('Account not exist');
return false;
}
if ($this->model['status'] != 1) {
$this->setError('Account disabled');
return false;
}
$this->token = $token;
$this->newloginSuccessful();
return true;
}
}
$this->setError('Token login failed');
$this->reset();
return false;
}
/**
* 会员注册,可使用关键词参数方式调用:$auth->register('u18888888888', email: 'test@qq.com')
* @param string $username
* @param string $password
* @param string $mobile
* @param string $email
* @param int $group 会员分组 ID 号
* @param array $extend 扩展数据,如 ['status' => 'disable']
* @return bool
*/
public function register(string $username, string $password = '', string $mobile = '', string $email = '', int $group = 1, array $extend = []): bool
{
$validate = Validate::rule([
'email|' . __('Email') => 'email|unique:user',
'mobile|' . __('Mobile') => 'mobile|unique:user',
'username|' . __('Username') => 'require|regex:^[a-zA-Z][a-zA-Z0-9_]{2,15}$|unique:user',
'password|' . __('Password') => 'regex:^(?!.*[&<>"\'\n\r]).{6,32}$',
]);
$params = [
'username' => $username,
'password' => $password,
'mobile' => $mobile,
'email' => $email,
];
if (!$validate->check($params)) {
$this->setError($validate->getError());
return false;
}
// 按需生成随机密码
if (!$password) {
$password = Random::build();
}
// 用户昵称
$nickname = preg_replace_callback('/1[3-9]\d{9}/', function ($matches) {
// 对 username 中出现的所有手机号进行脱敏处理
$mobile = $matches[0];
return substr($mobile, 0, 3) . '****' . substr($mobile, 7);
}, $username);
$ip = request()->ip();
$time = time();
$data = [
'group_id' => $group,
'nickname' => $nickname,
'join_ip' => $ip,
'join_time' => $time,
'last_login_ip' => $ip,
'last_login_time' => $time,
'status' => 'enable', // 状态:enable=启用,disable=禁用,使用 string 存储可以自定义其他状态
];
$data = array_merge($params, $data);
$data = array_merge($data, $extend);
Db::startTrans();
try {
$this->model = User::create($data);
$this->token = Random::uuid();
Token::set($this->token, self::TOKEN_TYPE, $this->model->id, $this->keepTime);
Db::commit();
$this->model->resetPassword($this->model->id, $password);
Event::trigger('userRegisterSuccess', $this->model);
} catch (Throwable $e) {
$this->setError($e->getMessage());
Db::rollback();
return false;
}
return true;
}
/**
* 会员登录
* @param string $username 用户名
* @param string $password 密码
* @param bool $keep 是否保持登录
* @return bool
* @throws Throwable
*/
public function login(string $username, string $password, bool $keep): bool
{
// 判断账户类型
$accountType = false;
$validate = Validate::rule([
'mobile' => 'mobile',
'email' => 'email',
'username' => 'regex:^[a-zA-Z][a-zA-Z0-9_]{2,15}$',
]);
if ($validate->check(['mobile' => $username])) $accountType = 'mobile';
if ($validate->check(['email' => $username])) $accountType = 'email';
if ($validate->check(['username' => $username])) $accountType = 'username';
if (!$accountType) {
$this->setError('Account not exist');
return false;
}
$this->model = User::where($accountType, $username)->find();
if (!$this->model) {
$this->setError('Account not exist');
return false;
}
if ($this->model->status == 'disable') {
$this->setError('Account disabled');
return false;
}
// 登录失败重试检查
$userLoginRetry = Config::get('buildadmin.user_login_retry');
if ($userLoginRetry && $this->model->last_login_time) {
// 重置失败次数
if ($this->model->login_failure > 0 && time() - $this->model->last_login_time >= 86400) {
$this->model->login_failure = 0;
$this->model->save();
// 重获模型实例,避免单实例多次更新
$this->model = User::where($accountType, $username)->find();
}
if ($this->model->login_failure >= $userLoginRetry) {
$this->setError('Please try again after 1 day');
return false;
}
}
// 密码检查
if (!verify_password($password, $this->model->password, ['salt' => $this->model->salt])) {
$this->loginFailed();
$this->setError('Password is incorrect');
return false;
}
// 清理 token
if (Config::get('buildadmin.user_sso')) {
Token::clear(self::TOKEN_TYPE, $this->model->id);
Token::clear(self::TOKEN_TYPE . '-refresh', $this->model->id);
}
if ($keep) {
$this->setRefreshToken($this->refreshTokenKeepTime);
}
$this->loginSuccessful();
return true;
}
/**
* 会员登录
* @param string $username 用户名
* @param string $password 密码
* @param bool $keep 是否保持登录
* @return bool
* @throws Throwable
*/
public function newlogin(string $phone, string $password, bool $keep): bool
{
$this->model = TbUser::GetByusername($phone);
if (!$this->model) {
$this->setError('未注册, 请先注册');
return false;
}
if ($this->model['status'] == 0) {
$this->setError('账号已被禁用,请联系客服处理!');
return false;
}
if(empty($this->model['password'])) {
$this->setError('当前账号未绑定密码,请前往忘记密码中进行重置!');
return false;
}
// 验证密码
if(TbUser::CheckPassword($this->model['password'], $password)) {
// 实名认证信息
$userInfo = DatabaseRoute::getDb('user_info', $this->model['user_id'])->find();
if($userInfo && $userInfo['cert_no']) {
// 继续查黑名单表
$userBlack = TbUserBlacklist::where(['id_card_no' => $userInfo['cert_no']])->find();
if($userBlack) {
$this->setError('系统正在维护中,请稍后再试!');
return false;
}
}
// if ($keep) {
// $this->setRefreshToken($this->refreshTokenKeepTime);
// }
$this->newloginSuccessful();
return true;
}else {
$this->setError('账号或密码不正确!');
return false;
}
}
/**
* 直接登录会员账号
* @param int $userId 用户ID
* @return bool
* @throws Throwable
*/
public function direct(int $userId): bool
{
$this->model = User::find($userId);
if (!$this->model) return false;
if (Config::get('buildadmin.user_sso')) {
Token::clear(self::TOKEN_TYPE, $this->model->id);
Token::clear(self::TOKEN_TYPE . '-refresh', $this->model->id);
}
return $this->loginSuccessful();
}
/**
* 直接登录会员账号 new
* @param int $userId 用户ID
* @return bool
* @throws Throwable
*/
public function newdirect(int $userId): bool
{
if (Config::get('buildadmin.user_sso')) {
Token::clear(self::TOKEN_TYPE, $this->model->id);
Token::clear(self::TOKEN_TYPE . '-refresh', $this->model->id);
}
return $this->newloginSuccessful();
}
/**
* 登录成功 new
* @return bool
*/
public function newloginSuccessful(): bool
{
if (!$this->model) {
return false;
}
// 新增登录时间
$db = Db::connect(DatabaseRoute::getConnection('tb_user', ['user_id' => $this->model['user_id']], true));
$db->name('tb_user')->where(['user_id' => $this->model['user_id']])->update(['on_line_time' => date('Y-m-d H:i:s')]);
$this->loginEd = true;
if (!$this->token) {
$this->token = (new JwtUtils())->generateToken($this->model['user_id'], 'user');
}
return true;
}
/**
* 检查旧密码是否正确
* @param $password
* @return bool
* @deprecated 请使用 verify_password 公共函数代替
*/
public function checkPassword($password): bool
{
return verify_password($password, $this->model->password, ['salt' => $this->model->salt]);
}
/**
* 登录成功
* @return bool
*/
public function loginSuccessful(): bool
{
if (!$this->model) {
return false;
}
$this->model->startTrans();
try {
$this->model->login_failure = 0;
$this->model->last_login_time = time();
$this->model->last_login_ip = request()->ip();
$this->model->save();
$this->loginEd = true;
if (!$this->token) {
$this->token = Random::uuid();
Token::set($this->token, self::TOKEN_TYPE, $this->model->id, $this->keepTime);
}
$this->model->commit();
} catch (Throwable $e) {
$this->model->rollback();
$this->setError($e->getMessage());
return false;
}
return true;
}
/**
* 登录失败
* @return bool
*/
public function loginFailed(): bool
{
if (!$this->model) return false;
$this->model->startTrans();
try {
$this->model->login_failure++;
$this->model->last_login_time = time();
$this->model->last_login_ip = request()->ip();
$this->model->save();
$this->model->commit();
} catch (Throwable $e) {
$this->model->rollback();
$this->setError($e->getMessage());
return false;
}
return $this->reset();
}
public function get_user_id_db_connect()
{
return $this->user_id_db_connect;
}
/**
* 退出登录
* @return bool
*/
public function logout(): bool
{
if (!$this->loginEd) {
$this->setError('You are not logged in');
return false;
}
return $this->reset();
}
/**
* 是否登录
* @return bool
*/
public function isLogin(): bool
{
return $this->loginEd;
}
/**
* 获取会员模型
* @return User
*/
public function getUser()
{
return $this->model;
}
/**
* 获取会员Token
* @return string
*/
public function getToken(): string
{
return $this->token;
}
/**
* 设置刷新Token
* @param int $keepTime
* @return void
*/
public function setRefreshToken(int $keepTime = 0): void
{
$this->refreshToken = Random::uuid();
Token::set($this->refreshToken, self::TOKEN_TYPE . '-refresh', $this->model->id, $keepTime);
}
/**
* 获取会员刷新Token
* @return string
*/
public function getRefreshToken(): string
{
return $this->refreshToken;
}
/**
* 获取会员信息 - 只输出允许输出的字段
* @return array
*/
public function getUserInfo(): array
{
if (!$this->model) return [];
$info = $this->model;
$info = array_intersect_key($info, array_flip($this->getAllowFields()));
$info['token'] = $this->getToken();
$info['refresh_token'] = $this->getRefreshToken();
return $info;
}
/**
* 获取允许输出字段
* @return array
*/
public function getAllowFields(): array
{
return $this->allowFields;
}
/**
* 设置允许输出字段
* @param $fields
* @return void
*/
public function setAllowFields($fields): void
{
$this->allowFields = $fields;
}
/**
* 设置Token有效期
* @param int $keepTime
* @return void
*/
public function setKeepTime(int $keepTime = 0): void
{
$this->keepTime = $keepTime;
}
/**
* 设置错误消息
* @param string $error
* @return Auth
*/
public function setError(string $error): Auth
{
$this->error = $error;
return $this;
}
/**
* 获取错误消息
* @return string
*/
public function getError(): string
{
return $this->error ? $this->error : '';
}
/**
* 属性重置(注销、登录失败、重新初始化等将单例数据销毁)
*/
protected function reset(bool $deleteToken = true): bool
{
if ($deleteToken && $this->token) {
// Token::delete($this->token);
}
$this->token = '';
$this->loginEd = false;
$this->model = null;
$this->refreshToken = '';
$this->setError('');
$this->setKeepTime((int)Config('buildadmin.user_token_keep_time'));
return true;
}
}
Reference in New Issue View Git Blame Copy Permalink