wanghongjun
1 year ago
16 changed files with 326 additions and 375 deletions
@ -1,90 +1,79 @@ |
|||
<?php |
|||
|
|||
namespace app\api\controller; |
|||
|
|||
use app\api\middleware\LcJWTAuth; |
|||
use app\api\service\LcJWTService; |
|||
use app\api\service\UserService; |
|||
use think\Controller; |
|||
use think\exception\ValidateException; |
|||
use think\response\Json; |
|||
|
|||
/** |
|||
* 用户账户控制器 |
|||
* 功能:MVC 中的C,处理用户输入和反馈给用户 |
|||
*/ |
|||
class Passport extends ApiController{ |
|||
class Passport extends ApiController |
|||
{ |
|||
|
|||
protected $middleware |
|||
= [ |
|||
LcJWTAuth::class => [ |
|||
'except' => ['login', 'register'] |
|||
] |
|||
]; |
|||
|
|||
/** |
|||
* 登录 |
|||
*/ |
|||
public function login():Json |
|||
public function login(): Json |
|||
{ |
|||
if (!$this->request->isPost()) { |
|||
return $this->renderError('不支持GET请求'); |
|||
} |
|||
$data = $this->postData(); |
|||
try { |
|||
validate()->rule([ |
|||
'uname|用户名' => 'require', |
|||
'upass|密码' => 'require', |
|||
])->check($data); |
|||
} catch (ValidateException $v) { |
|||
return $this->renderError($v->getMessage()); |
|||
} |
|||
$model = new UserService; |
|||
// |
|||
$data = $this->postData(); |
|||
if (($userInfo = $model->login($data['uname'],$data['upass'])) === false) { |
|||
if (($userInfo = $model->login($data['uname'], $data['upass'])) === false) { |
|||
return $this->renderError($model->getError() ?: '登录失败'); |
|||
} |
|||
return $this->renderSuccess([ |
|||
'userId' => $userInfo['uid'], |
|||
'token' => $model->getToken($userInfo['uid'],$userInfo['nick_name']) |
|||
], ''); |
|||
'token' => LcJWTService::createToken($userInfo['uid'], $data['uname']) |
|||
], '登录成功'); |
|||
} |
|||
|
|||
/** |
|||
* 用户注册 |
|||
* @return Json |
|||
*/ |
|||
public function register():Json |
|||
public function register(): Json |
|||
{ |
|||
if (!$this->request->isPost()) { |
|||
return $this->renderError('不支持GET请求'); |
|||
} |
|||
$post = $this->postData(); |
|||
try { |
|||
validate()->rule([ |
|||
'uname|用户名' => 'require', |
|||
'upass|密码' => 'require', |
|||
'qr_upass|确认密码' => 'require|confirm:upass', |
|||
'phone|手机号' => 'require|mobile' |
|||
])->check($post); |
|||
} catch (ValidateException $v) { |
|||
return $this->renderError($v->getMessage()); |
|||
} |
|||
$model = new UserService; |
|||
if (($userInfo = $model->register($this->postData())) === false) { |
|||
if (($userInfo = $model->register($post)) === false) { |
|||
return $this->renderError($model->getError() ?: '注册失败'); |
|||
} |
|||
return $this->renderSuccess("注册成功"); |
|||
} |
|||
|
|||
} |
|||
|
|||
// app/controller/Index.php |
|||
// namespace app\controller; |
|||
|
|||
// use app\service\JWTService; |
|||
// use think\Request; |
|||
|
|||
// class IndexController |
|||
// { |
|||
// protected $jwtService; |
|||
|
|||
// public function __construct(JWTService $jwtService) |
|||
// { |
|||
// $this->jwtService = $jwtService; |
|||
// } |
|||
|
|||
// public function login(Request $request) |
|||
// { |
|||
// $username = $request->param('username'); |
|||
// $password = $request->param('password'); |
|||
|
|||
// // 假设验证用户名和密码成功 |
|||
// $claims = ['id' => 1, 'username' => $username]; |
|||
|
|||
// $token = $this->jwtService->createToken($claims); |
|||
|
|||
// return json(['token' => $token]); |
|||
// } |
|||
|
|||
// public function protectedRoute(Request $request) |
|||
// { |
|||
// $claims = $request->attributes->get('claims'); |
|||
|
|||
// if (empty($claims)) { |
|||
// return json(['error' => 'Unauthorized'], 401); |
|||
// } |
|||
|
|||
// return json(['message' => 'Welcome, ' . $claims['username']]); |
|||
// } |
|||
// } |
|||
} |
|||
@ -0,0 +1,32 @@ |
|||
<?php |
|||
|
|||
namespace app\api\controller; |
|||
|
|||
use app\admin\model\User as UserModel; |
|||
use app\api\middleware\LcJWTAuth; |
|||
use think\response\Json; |
|||
|
|||
class User extends ApiController |
|||
{ |
|||
|
|||
public function getUserData():Json |
|||
{ |
|||
if (!$this->request->isPost()) { |
|||
return $this->renderError('不支持GET请求'); |
|||
} |
|||
$data = $this->postData(); |
|||
$model = new UserModel(); |
|||
$field = 'password,salt,last_login_time,create_time,update_time,delete_time'; |
|||
$row = $model->where('uid', $data['uid'])->withoutField($field)->find(); |
|||
if ($row->isEmpty()) { |
|||
return $this->renderError($model->getError() ?: '用户不存在'); |
|||
} |
|||
if ($row['status'] != 1) return $this->renderError('用户被禁用'); |
|||
unset($row['status']); |
|||
if ($row['gender']) { |
|||
$row['gender'] = $model->genderArr[$row['gender']] ?? ''; |
|||
} |
|||
return $this->renderSuccess($row->toArray()); |
|||
} |
|||
|
|||
} |
|||
@ -1,40 +0,0 @@ |
|||
<?php |
|||
namespace app\api\middleware; |
|||
|
|||
use app\Request; |
|||
use CsrfVerify\drive\ThinkphpCache; |
|||
use CsrfVerify\entity\CsrfVerifyEntity; |
|||
use CsrfVerify\interfaces\CsrfVerifyInterface; |
|||
use think\facade\Session; |
|||
|
|||
class CsrfMiddleware |
|||
{ |
|||
use \app\common\traits\JumpTrait; |
|||
|
|||
public function handle(Request $request, \Closure $next) |
|||
{ |
|||
if (env('EASYADMIN.IS_CSRF', true)) { |
|||
if (!in_array($request->method(), ['GET', 'HEAD', 'OPTIONS'])) { |
|||
|
|||
// 跨域校验 |
|||
$refererUrl = $request->header('REFERER', null); |
|||
$refererInfo = parse_url($refererUrl); |
|||
$host = $request->host(true); |
|||
if (!isset($refererInfo['host']) || $refererInfo['host'] != $host) { |
|||
$this->error('当前请求不合法!'); |
|||
} |
|||
|
|||
// CSRF校验 |
|||
$ckCsrfToken = $request->post('ckCsrfToken', null); |
|||
$data = !empty($ckCsrfToken) ? ['__token__' => $ckCsrfToken] : []; |
|||
|
|||
$check = $request->checkToken('__token__', $data); |
|||
if (!$check) { |
|||
$this->error('请求验证失败,请重新刷新页面!'); |
|||
} |
|||
|
|||
} |
|||
} |
|||
return $next($request); |
|||
} |
|||
} |
|||
@ -1,36 +0,0 @@ |
|||
<?php |
|||
namespace app\api\middleware; |
|||
|
|||
use app\api\service\JWTService; |
|||
use think\Exception; |
|||
use think\Request; |
|||
|
|||
class JWTAuth |
|||
{ |
|||
protected $jwtService; |
|||
|
|||
public function __construct(JWTService $jwtService) |
|||
{ |
|||
$this->jwtService = $jwtService; |
|||
} |
|||
|
|||
public function handle(Request $request, \Closure $next) |
|||
{ |
|||
$token = $request->header('Authorization'); |
|||
|
|||
if (!$token) { |
|||
throw new Exception('Missing token'); |
|||
} |
|||
|
|||
$claims = $this->jwtService->verifyToken($token); |
|||
|
|||
if (empty($claims)) { |
|||
throw new Exception('Invalid token'); |
|||
} |
|||
|
|||
// 将 claims 存储到 request 对象中 |
|||
$request->attributes->set('claims', $claims); |
|||
|
|||
return $next($request); |
|||
} |
|||
} |
|||
@ -0,0 +1,29 @@ |
|||
<?php |
|||
|
|||
namespace app\api\middleware; |
|||
|
|||
use app\api\service\LcJWTService; |
|||
use app\Request; |
|||
|
|||
class LcJWTAuth |
|||
{ |
|||
public function handle(Request $request, \Closure $next) |
|||
{ |
|||
$token = $request->header('token'); |
|||
|
|||
if (!$token) { |
|||
return json(['code' => 401, 'msg' => 'token cannot be empty']); |
|||
} |
|||
|
|||
$data = LcJWTService::parseToken($token); |
|||
$claims = $data['claims']; |
|||
|
|||
$validateRes = LcJWTService::validationToken($token, $claims->get('uid')); |
|||
|
|||
if ($validateRes !== true) { |
|||
return json(['code' => 401, 'msg' => 'token verification failed']); |
|||
} |
|||
|
|||
return $next($request); |
|||
} |
|||
} |
|||
@ -1,147 +0,0 @@ |
|||
<?php |
|||
namespace app\api\service; |
|||
|
|||
|
|||
use Lcobucci\JWT\Builder; |
|||
use Lcobucci\JWT\Signer\Hmac\Sha256; |
|||
use Lcobucci\JWT\Signer\Key\InMemory; |
|||
use Lcobucci\JWT\Token; |
|||
use DateTimeImmutable; |
|||
|
|||
class JWTService |
|||
{ |
|||
private $secret; |
|||
|
|||
public function __construct() |
|||
{ |
|||
$this->secret = config('jwt.secret'); |
|||
} |
|||
|
|||
public function createToken(array $claims): string |
|||
{ |
|||
$signer = new Sha256(); |
|||
$key = InMemory::plainText($this->secret); |
|||
|
|||
$now = new DateTimeImmutable(); // 当前时间 |
|||
|
|||
$builder = new Builder(); |
|||
|
|||
// 设置发行时间和过期时间 |
|||
$secondsToAdd = (int) config('jwt.token_ttl'); |
|||
$expiresAt = $now->add(new \DateInterval('PT' . $secondsToAdd . 'S')); |
|||
|
|||
$token = $builder |
|||
->issuedAt($now) // iat: 发行时间 |
|||
->expiresAt($expiresAt) // exp: 过期时间 |
|||
|
|||
// 使用专用方法设置注册声明 |
|||
->withIssuer('your_issuer') // iss: 发行人 |
|||
->withSubject('your_subject') // sub: 主题 |
|||
->withAudience('your_audience'); // aud: 受众 |
|||
|
|||
// 添加自定义 Claims |
|||
foreach ($claims as $key => $value) { |
|||
$token = $token->withClaim($key, $value); // 自定义声明仍然可以使用 withClaim |
|||
} |
|||
|
|||
// 构建并签名 Token |
|||
$signedToken = $token->sign($signer, $key); |
|||
|
|||
return (string) $signedToken; |
|||
} |
|||
|
|||
public function verifyToken(string $token): array |
|||
{ |
|||
try { |
|||
$parser = new \Lcobucci\JWT\Parser(); |
|||
$token = $parser->parse($token); |
|||
|
|||
if ($token->verify(new Sha256(), InMemory::plainText($this->secret))) { |
|||
return $token->getClaims(); |
|||
} |
|||
} catch (\Exception $e) { |
|||
// 处理异常 |
|||
} |
|||
|
|||
return []; |
|||
} |
|||
} |
|||
// app/service/JWTService.php |
|||
namespace app\service; |
|||
|
|||
use Lcobucci\JWT\Builder; |
|||
use Lcobucci\JWT\Signer\Hmac\Sha256; |
|||
use Lcobucci\JWT\Signer\Key\InMemory; |
|||
use Lcobucci\JWT\Token; |
|||
use DateTimeImmutable; |
|||
|
|||
class JWTService |
|||
{ |
|||
private $secret; |
|||
|
|||
public function __construct() |
|||
{ |
|||
$this->secret = config('jwt.secret'); |
|||
} |
|||
|
|||
public function createToken(array $claims): string |
|||
{ |
|||
$signer = new Sha256(); |
|||
$key = InMemory::plainText($this->secret); |
|||
|
|||
$now = new DateTimeImmutable(); // 当前时间 |
|||
|
|||
$builder = new Builder(); |
|||
|
|||
// 设置发行时间和过期时间 |
|||
$secondsToAdd = (int) config('jwt.token_ttl'); |
|||
$expiresAt = $now->add(new \DateInterval('PT' . $secondsToAdd . 'S')); |
|||
|
|||
$token = $builder |
|||
->issuedAt($now) // iat: 发行时间 |
|||
->expiresAt($expiresAt) // exp: 过期时间 |
|||
|
|||
// 使用辅助方法设置注册声明 |
|||
->withRegisteredClaim('iss', 'your_issuer') // iss: 发行人 |
|||
->withRegisteredClaim('sub', 'your_subject') // sub: 主题 |
|||
->withRegisteredClaim('aud', 'your_audience'); // aud: 受众 |
|||
|
|||
// 添加自定义 Claims |
|||
foreach ($claims as $key => $value) { |
|||
$token = $token->withClaim($key, $value); // 自定义声明仍然可以使用 withClaim |
|||
} |
|||
|
|||
// 构建并签名 Token |
|||
$signedToken = $token->sign($signer, $key); |
|||
|
|||
return (string) $signedToken; |
|||
} |
|||
|
|||
public function verifyToken(string $token): array |
|||
{ |
|||
try { |
|||
$parser = new \Lcobucci\JWT\Parser(); |
|||
$token = $parser->parse($token); |
|||
|
|||
if ($token->verify(new Sha256(), InMemory::plainText($this->secret))) { |
|||
return $token->getClaims(); |
|||
} |
|||
} catch (\Exception $e) { |
|||
// 处理异常 |
|||
} |
|||
|
|||
return []; |
|||
} |
|||
|
|||
/** |
|||
* 辅助方法用于设置注册声明。 |
|||
* |
|||
* @param string $claimName |
|||
* @param mixed $claimValue |
|||
* @return \Lcobucci\JWT\Builder |
|||
*/ |
|||
private function withRegisteredClaim(string $claimName, $claimValue): Builder |
|||
{ |
|||
return (new Builder())->withClaim($claimName, $claimValue); |
|||
} |
|||
} |
|||
@ -0,0 +1,128 @@ |
|||
<?php |
|||
|
|||
namespace app\api\service; |
|||
|
|||
use Lcobucci\JWT\Configuration; |
|||
use Lcobucci\JWT\Signer\Hmac\Sha256; |
|||
use Lcobucci\JWT\Signer\Key\InMemory; |
|||
use DateTimeImmutable; |
|||
use Lcobucci\JWT\Token\Plain; |
|||
use Lcobucci\JWT\Validation\RequiredConstraintsViolated; |
|||
use Lcobucci\JWT\Validation\Constraint\SignedWith; |
|||
|
|||
class LcJWTService |
|||
{ |
|||
protected static $url = 'https://douyin.xingtongworld.com/'; |
|||
/** |
|||
* 配置秘钥加密 |
|||
* @return Configuration |
|||
*/ |
|||
public static function getConfig() |
|||
{ |
|||
$configuration = Configuration::forSymmetricSigner( |
|||
// You may use any HMAC variations (256, 384, and 512) |
|||
new Sha256(), |
|||
// replace the value below with a key of your own! |
|||
InMemory::base64Encoded(config('jwt.secret')) |
|||
// You may also override the JOSE encoder/decoder if needed by providing extra arguments here |
|||
); |
|||
return $configuration; |
|||
} |
|||
|
|||
/** |
|||
* 签发令牌 |
|||
*/ |
|||
public static function createToken(int $userId,string $uname) |
|||
{ |
|||
$config = self::getConfig(); |
|||
assert($config instanceof Configuration); |
|||
|
|||
$now = new DateTimeImmutable(); |
|||
|
|||
$token = $config->builder() |
|||
// 签发人 |
|||
->issuedBy(self::$url) |
|||
// 受众 |
|||
->permittedFor(self::$url) |
|||
// JWT ID 编号 唯一标识 |
|||
->identifiedBy($userId) |
|||
// 签发时间 |
|||
->issuedAt($now) |
|||
// 在1分钟后才可使用 |
|||
// ->canOnlyBeUsedAfter($now->modify('+1 minute')) |
|||
// 过期时间1小时 |
|||
->expiresAt($now->modify('+1 hour')) |
|||
// 自定义uid 额外参数 |
|||
->withClaim('uid', $userId) |
|||
->withClaim('name', $uname) |
|||
// 自定义header 参数 |
|||
->withHeader('foo', 'bar') |
|||
// 生成token |
|||
->getToken($config->signer(), $config->signingKey()); |
|||
|
|||
return $token->toString(); |
|||
} |
|||
|
|||
/** |
|||
* 解析令牌 |
|||
*/ |
|||
public static function parseToken(string $token) |
|||
{ |
|||
$config = self::getConfig(); |
|||
assert($config instanceof Configuration); |
|||
|
|||
$token = $config->parser()->parse($token); |
|||
|
|||
assert($token instanceof Plain); |
|||
|
|||
return [ |
|||
'header' => $token->headers(),// Retrieves the token headers |
|||
'claims' => $token->claims()// Retrieves the token claims |
|||
]; |
|||
} |
|||
|
|||
/** |
|||
* 验证令牌 |
|||
*/ |
|||
public static function validationToken(string $token, int $userId) |
|||
{ |
|||
$config = self::getConfig(); |
|||
assert($config instanceof Configuration); |
|||
|
|||
$token = $config->parser()->parse($token); |
|||
assert($token instanceof Plain); |
|||
|
|||
//Lcobucci\JWT\Validation\Constraint\IdentifiedBy: 验证jwt id是否匹配 |
|||
//Lcobucci\JWT\Validation\Constraint\IssuedBy: 验证签发人参数是否匹配 |
|||
//Lcobucci\JWT\Validation\Constraint\PermittedFor: 验证受众人参数是否匹配 |
|||
//Lcobucci\JWT\Validation\Constraint\RelatedTo: 验证自定义cliam参数是否匹配 |
|||
//Lcobucci\JWT\Validation\Constraint\SignedWith: 验证令牌是否已使用预期的签名者和密钥签名 |
|||
//Lcobucci\JWT\Validation\Constraint\ValidAt: 验证要求iat,nbf和exp(支持余地配置) |
|||
|
|||
//验证jwt id是否匹配 |
|||
$validate_jwt_id = new \Lcobucci\JWT\Validation\Constraint\IdentifiedBy($userId); |
|||
$config->setValidationConstraints($validate_jwt_id); |
|||
//验证签发人url是否正确 |
|||
$validate_issued = new \Lcobucci\JWT\Validation\Constraint\IssuedBy(self::$url); |
|||
$config->setValidationConstraints($validate_issued); |
|||
//验证客户端url是否匹配 |
|||
$validate_aud = new \Lcobucci\JWT\Validation\Constraint\PermittedFor(self::$url); |
|||
$config->setValidationConstraints($validate_aud); |
|||
|
|||
//验证是否过期 |
|||
$timezone = new \DateTimeZone('Asia/Shanghai'); |
|||
$now = new \Lcobucci\Clock\SystemClock($timezone); |
|||
$validate_jwt_at = new \Lcobucci\JWT\Validation\Constraint\ValidAt($now); |
|||
$config->setValidationConstraints($validate_jwt_at); |
|||
|
|||
$constraints = $config->validationConstraints(); |
|||
|
|||
try { |
|||
$config->validator()->assert($token, ...$constraints); |
|||
return true; |
|||
} catch (RequiredConstraintsViolated $e) { |
|||
// list of constraints violation exceptions: |
|||
return $e->getMessage(); |
|||
} |
|||
} |
|||
} |
|||
Loading…
Reference in new issue