first
This commit is contained in:
wushumin
69
server-api/app/middleware/AdminAuthMiddleware.php
Normal file
69
server-api/app/middleware/AdminAuthMiddleware.php
Normal file
@@ -0,0 +1,69 @@
|
||||
<?php
|
||||
|
||||
namespace app\middleware;
|
||||
|
||||
use app\support\AdminAuthService;
|
||||
use Webman\Http\Request;
|
||||
use Webman\Http\Response;
|
||||
use Webman\MiddlewareInterface;
|
||||
|
||||
class AdminAuthMiddleware implements MiddlewareInterface
|
||||
{
|
||||
public function process(Request $request, callable $handler): Response
|
||||
{
|
||||
$path = $request->path();
|
||||
if (!str_starts_with($path, '/api/admin')) {
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
if (in_array($path, ['/api/admin/ping', '/api/admin/auth/login'], true)) {
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
$authService = new AdminAuthService();
|
||||
$adminInfo = $authService->current($request);
|
||||
if (!$adminInfo) {
|
||||
return api_error('未登录或登录已过期', 401);
|
||||
}
|
||||
|
||||
$permissionCode = $this->permissionCode($path);
|
||||
if ($permissionCode !== '' && !$authService->hasPermission($adminInfo, $permissionCode)) {
|
||||
return api_error('无权访问该后台功能', 403);
|
||||
}
|
||||
|
||||
$request->setHeader('x-admin-id', (string)$adminInfo['id']);
|
||||
$request->setHeader('x-admin-name', (string)$adminInfo['name']);
|
||||
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
private function permissionCode(string $path): string
|
||||
{
|
||||
return match (true) {
|
||||
str_starts_with($path, '/api/admin/dashboard') => 'dashboard.view',
|
||||
str_starts_with($path, '/api/admin/orders'),
|
||||
str_starts_with($path, '/api/admin/order/') => 'orders.manage',
|
||||
str_starts_with($path, '/api/admin/appraisal-tasks'),
|
||||
str_starts_with($path, '/api/admin/appraisal-task/') => 'appraisal_tasks.manage',
|
||||
str_starts_with($path, '/api/admin/catalog/') => 'catalog.manage',
|
||||
str_starts_with($path, '/api/admin/reports'),
|
||||
str_starts_with($path, '/api/admin/report/') => 'reports.manage',
|
||||
str_starts_with($path, '/api/admin/messages') => 'messages.manage',
|
||||
str_starts_with($path, '/api/admin/tickets'),
|
||||
str_starts_with($path, '/api/admin/ticket/') => 'tickets.manage',
|
||||
str_starts_with($path, '/api/admin/users'),
|
||||
str_starts_with($path, '/api/admin/user/') => 'users.manage',
|
||||
str_starts_with($path, '/api/admin/customers'),
|
||||
str_starts_with($path, '/api/admin/customer/') => 'customers.manage',
|
||||
str_starts_with($path, '/api/admin/warehouses'),
|
||||
str_starts_with($path, '/api/admin/warehouse/') => 'warehouses.manage',
|
||||
str_starts_with($path, '/api/admin/material/') => 'materials.manage',
|
||||
str_starts_with($path, '/api/admin/access/') => 'access.manage',
|
||||
str_starts_with($path, '/api/admin/content/') => 'system.manage',
|
||||
str_starts_with($path, '/api/admin/system-configs') => 'system.manage',
|
||||
str_starts_with($path, '/api/admin/auth/me'),
|
||||
str_starts_with($path, '/api/admin/auth/logout') => '',
|
||||
default => '',
|
||||
};
|
||||
}
|
||||
}
|
||||
57
server-api/app/middleware/AppAuthMiddleware.php
Normal file
57
server-api/app/middleware/AppAuthMiddleware.php
Normal file
@@ -0,0 +1,57 @@
|
||||
<?php
|
||||
|
||||
namespace app\middleware;
|
||||
|
||||
use app\support\AppAuthService;
|
||||
use Webman\Http\Request;
|
||||
use Webman\Http\Response;
|
||||
use Webman\MiddlewareInterface;
|
||||
|
||||
class AppAuthMiddleware implements MiddlewareInterface
|
||||
{
|
||||
public function process(Request $request, callable $handler): Response
|
||||
{
|
||||
$path = $request->path();
|
||||
if (!str_starts_with($path, '/api/app')) {
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
if ($request->method() === 'OPTIONS') {
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
$authService = new AppAuthService();
|
||||
$userInfo = $authService->current($request);
|
||||
if ($userInfo) {
|
||||
$request->appUser = $userInfo;
|
||||
}
|
||||
|
||||
if ($this->isPublicPath($path)) {
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
if (!$userInfo) {
|
||||
return api_error('未登录或登录已过期', 401);
|
||||
}
|
||||
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
private function isPublicPath(string $path): bool
|
||||
{
|
||||
return in_array($path, [
|
||||
'/api/app/home/index',
|
||||
'/api/app/content/page-visuals',
|
||||
'/api/app/catalog/brands',
|
||||
'/api/app/help-center',
|
||||
'/api/app/help-article/detail',
|
||||
'/api/app/report/detail',
|
||||
'/api/app/verify',
|
||||
'/api/app/material-tag',
|
||||
'/api/app/material-tag/verify',
|
||||
'/api/app/auth/send-code',
|
||||
'/api/app/auth/login/code',
|
||||
'/api/app/auth/login/password',
|
||||
], true);
|
||||
}
|
||||
}
|
||||
28
server-api/app/middleware/CorsMiddleware.php
Normal file
28
server-api/app/middleware/CorsMiddleware.php
Normal file
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
namespace app\middleware;
|
||||
|
||||
use Webman\MiddlewareInterface;
|
||||
use Webman\Http\Request;
|
||||
use Webman\Http\Response;
|
||||
|
||||
class CorsMiddleware implements MiddlewareInterface
|
||||
{
|
||||
public function process(Request $request, callable $handler): Response
|
||||
{
|
||||
$headers = [
|
||||
'Access-Control-Allow-Origin' => $request->header('origin', '*'),
|
||||
'Access-Control-Allow-Methods' => 'GET, POST, PUT, PATCH, DELETE, OPTIONS',
|
||||
'Access-Control-Allow-Headers' => 'Content-Type, Authorization, X-Requested-With, X-AXY-App-Key, X-AXY-Timestamp, X-AXY-Nonce, X-AXY-Signature',
|
||||
'Access-Control-Allow-Credentials' => 'true',
|
||||
];
|
||||
|
||||
if ($request->method() === 'OPTIONS') {
|
||||
return response('', 204, $headers);
|
||||
}
|
||||
|
||||
/** @var Response $response */
|
||||
$response = $handler($request);
|
||||
return $response->withHeaders($headers);
|
||||
}
|
||||
}
|
||||
42
server-api/app/middleware/StaticFile.php
Normal file
42
server-api/app/middleware/StaticFile.php
Normal file
@@ -0,0 +1,42 @@
|
||||
<?php
|
||||
/**
|
||||
* This file is part of webman.
|
||||
*
|
||||
* Licensed under The MIT License
|
||||
* For full copyright and license information, please see the MIT-LICENSE.txt
|
||||
* Redistributions of files must retain the above copyright notice.
|
||||
*
|
||||
* @author walkor<walkor@workerman.net>
|
||||
* @copyright walkor<walkor@workerman.net>
|
||||
* @link http://www.workerman.net/
|
||||
* @license http://www.opensource.org/licenses/mit-license.php MIT License
|
||||
*/
|
||||
|
||||
namespace app\middleware;
|
||||
|
||||
use Webman\MiddlewareInterface;
|
||||
use Webman\Http\Response;
|
||||
use Webman\Http\Request;
|
||||
|
||||
/**
|
||||
* Class StaticFile
|
||||
* @package app\middleware
|
||||
*/
|
||||
class StaticFile implements MiddlewareInterface
|
||||
{
|
||||
public function process(Request $request, callable $handler): Response
|
||||
{
|
||||
// Access to files beginning with. Is prohibited
|
||||
if (strpos($request->path(), '/.') !== false) {
|
||||
return response('<h1>403 forbidden</h1>', 403);
|
||||
}
|
||||
/** @var Response $response */
|
||||
$response = $handler($request);
|
||||
// Add cross domain HTTP header
|
||||
/*$response->withHeaders([
|
||||
'Access-Control-Allow-Origin' => '*',
|
||||
'Access-Control-Allow-Credentials' => 'true',
|
||||
]);*/
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user