first commit
This commit is contained in:
wushumin
134
app/admin/controller/AdminUserController.php
Normal file
134
app/admin/controller/AdminUserController.php
Normal file
@@ -0,0 +1,134 @@
|
||||
<?php
|
||||
namespace app\admin\controller;
|
||||
|
||||
use support\Request;
|
||||
use app\common\model\AdminUser;
|
||||
use Illuminate\Database\Capsule\Manager as DB;
|
||||
|
||||
class AdminUserController
|
||||
{
|
||||
public function list(Request $request)
|
||||
{
|
||||
$page = (int)$request->get('page', 1);
|
||||
$limit = (int)$request->get('limit', 15);
|
||||
|
||||
$query = AdminUser::with('roles');
|
||||
|
||||
if ($username = $request->get('username')) {
|
||||
$query->where('username', 'like', "%{$username}%");
|
||||
}
|
||||
|
||||
$total = $query->count();
|
||||
$list = $query->offset(($page - 1) * $limit)
|
||||
->limit($limit)
|
||||
->orderBy('id', 'desc')
|
||||
->get();
|
||||
|
||||
return jsonResponse([
|
||||
'total' => $total,
|
||||
'list' => $list
|
||||
]);
|
||||
}
|
||||
|
||||
public function create(Request $request)
|
||||
{
|
||||
$username = trim($request->post('username', ''));
|
||||
$password = $request->post('password', '');
|
||||
$roleIds = $request->post('role_ids', []);
|
||||
|
||||
if (!$username || !$password) {
|
||||
return jsonResponse(null, '用户名和密码必填', 400);
|
||||
}
|
||||
|
||||
if (AdminUser::where('username', $username)->exists()) {
|
||||
return jsonResponse(null, '用户名已存在', 400);
|
||||
}
|
||||
|
||||
DB::beginTransaction();
|
||||
try {
|
||||
$admin = AdminUser::create([
|
||||
'username' => $username,
|
||||
'password_hash' => password_hash($password, PASSWORD_DEFAULT),
|
||||
'status' => (int)$request->post('status', 1),
|
||||
'is_super' => (int)$request->post('is_super', 0),
|
||||
]);
|
||||
|
||||
if (!empty($roleIds)) {
|
||||
$admin->roles()->sync($roleIds);
|
||||
}
|
||||
DB::commit();
|
||||
return jsonResponse(null, '创建成功');
|
||||
} catch (\Exception $e) {
|
||||
DB::rollBack();
|
||||
return jsonResponse(null, '创建失败: ' . $e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
public function update(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$admin = AdminUser::find($id);
|
||||
if (!$admin) {
|
||||
return jsonResponse(null, '用户不存在', 404);
|
||||
}
|
||||
|
||||
$username = trim($request->post('username', ''));
|
||||
if ($username && $username !== $admin->username) {
|
||||
if (AdminUser::where('username', $username)->exists()) {
|
||||
return jsonResponse(null, '用户名已存在', 400);
|
||||
}
|
||||
$admin->username = $username;
|
||||
}
|
||||
|
||||
$password = $request->post('password');
|
||||
if ($password) {
|
||||
$admin->password_hash = password_hash($password, PASSWORD_DEFAULT);
|
||||
}
|
||||
|
||||
if ($request->post('status') !== null) {
|
||||
$admin->status = (int)$request->post('status');
|
||||
}
|
||||
|
||||
if ($request->post('is_super') !== null) {
|
||||
$admin->is_super = (int)$request->post('is_super');
|
||||
}
|
||||
|
||||
$roleIds = $request->post('role_ids');
|
||||
|
||||
DB::beginTransaction();
|
||||
try {
|
||||
$admin->save();
|
||||
if (is_array($roleIds)) {
|
||||
$admin->roles()->sync($roleIds);
|
||||
}
|
||||
DB::commit();
|
||||
return jsonResponse(null, '更新成功');
|
||||
} catch (\Exception $e) {
|
||||
DB::rollBack();
|
||||
return jsonResponse(null, '更新失败: ' . $e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
public function delete(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
if ($id === 1) {
|
||||
return jsonResponse(null, '超级管理员不可删除', 403);
|
||||
}
|
||||
$admin = AdminUser::find($id);
|
||||
if (!$admin) {
|
||||
return jsonResponse(null, '用户不存在', 404);
|
||||
}
|
||||
|
||||
DB::beginTransaction();
|
||||
try {
|
||||
$admin->roles()->detach();
|
||||
$admin->delete();
|
||||
DB::commit();
|
||||
return jsonResponse(null, '删除成功');
|
||||
} catch (\Exception $e) {
|
||||
DB::rollBack();
|
||||
return jsonResponse(null, '删除失败: ' . $e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
}
|
||||
64
app/admin/controller/AuthController.php
Normal file
64
app/admin/controller/AuthController.php
Normal file
@@ -0,0 +1,64 @@
|
||||
<?php
|
||||
namespace app\admin\controller;
|
||||
|
||||
use support\Request;
|
||||
use app\common\model\AdminUser;
|
||||
use app\common\service\AuthService;
|
||||
|
||||
class AuthController
|
||||
{
|
||||
public function login(Request $request)
|
||||
{
|
||||
$username = trim((string)$request->post('username', ''));
|
||||
$password = (string)$request->post('password', '');
|
||||
if ($username === '' || $password === '') {
|
||||
return jsonResponse(null, '参数错误', 400);
|
||||
}
|
||||
|
||||
$admin = AdminUser::where('username', $username)->first();
|
||||
if (!$admin) {
|
||||
return jsonResponse(null, '账号或密码错误', 401);
|
||||
}
|
||||
if (intval($admin->status) !== 1) {
|
||||
return jsonResponse(null, '账号已禁用', 403);
|
||||
}
|
||||
if (!password_verify($password, $admin->password_hash)) {
|
||||
return jsonResponse(null, '账号或密码错误', 401);
|
||||
}
|
||||
|
||||
$token = AuthService::issueAdminToken($admin);
|
||||
return jsonResponse([
|
||||
'token' => $token,
|
||||
'admin' => $admin
|
||||
], '登录成功');
|
||||
}
|
||||
|
||||
public function me(Request $request)
|
||||
{
|
||||
$admin = $request->admin;
|
||||
$permissions = [];
|
||||
if (intval($admin->is_super) === 1) {
|
||||
$permissions = ['*'];
|
||||
} else {
|
||||
$admin->loadMissing(['roles.permissions']);
|
||||
$map = [];
|
||||
foreach ($admin->roles as $role) {
|
||||
foreach ($role->permissions as $permission) {
|
||||
$map[$permission->code] = true;
|
||||
}
|
||||
}
|
||||
$permissions = array_keys($map);
|
||||
}
|
||||
return jsonResponse([
|
||||
'admin' => $admin,
|
||||
'permissions' => $permissions
|
||||
]);
|
||||
}
|
||||
|
||||
public function logout(Request $request)
|
||||
{
|
||||
AuthService::revokeAdminToken($request->token ?? null);
|
||||
return jsonResponse(null, '已退出登录');
|
||||
}
|
||||
}
|
||||
|
||||
26
app/admin/controller/DashboardController.php
Normal file
26
app/admin/controller/DashboardController.php
Normal file
@@ -0,0 +1,26 @@
|
||||
<?php
|
||||
namespace app\admin\controller;
|
||||
|
||||
use support\Request;
|
||||
use app\common\model\User;
|
||||
use app\common\model\Order;
|
||||
use app\common\model\Report;
|
||||
|
||||
class DashboardController
|
||||
{
|
||||
public function stat(Request $request)
|
||||
{
|
||||
$today = date('Y-m-d');
|
||||
|
||||
$stat = [
|
||||
'today_orders' => Order::where('created_at', '>=', $today . ' 00:00:00')->count(),
|
||||
'wait_receive_orders' => Order::whereIn('status', ['shipping', 'wait_receive'])->count(),
|
||||
'inspecting_orders' => Order::where('status', 'inspecting')->count(),
|
||||
'today_reports' => Report::where('created_at', '>=', $today . ' 00:00:00')->count(),
|
||||
'total_users' => User::count(),
|
||||
'total_amount' => Order::where('status', 'finished')->sum('total_price') ?? 0
|
||||
];
|
||||
|
||||
return jsonResponse($stat);
|
||||
}
|
||||
}
|
||||
85
app/admin/controller/OrderController.php
Normal file
85
app/admin/controller/OrderController.php
Normal file
@@ -0,0 +1,85 @@
|
||||
<?php
|
||||
namespace app\admin\controller;
|
||||
|
||||
use support\Request;
|
||||
use app\common\model\Order;
|
||||
|
||||
class OrderController
|
||||
{
|
||||
public function list(Request $request)
|
||||
{
|
||||
$status = $request->get('status', 'all');
|
||||
$page = max(1, intval($request->get('page', 1)));
|
||||
$pageSize = min(50, max(1, intval($request->get('page_size', 10))));
|
||||
|
||||
$query = Order::query();
|
||||
if ($status !== 'all') {
|
||||
$query->where('status', $status);
|
||||
}
|
||||
|
||||
if ($orderNo = $request->get('order_no')) {
|
||||
$query->where('order_no', 'like', "%{$orderNo}%");
|
||||
}
|
||||
|
||||
$total = $query->count();
|
||||
$items = $query->orderBy('id', 'desc')
|
||||
->offset(($page - 1) * $pageSize)
|
||||
->limit($pageSize)
|
||||
->get();
|
||||
|
||||
return jsonResponse([
|
||||
'items' => $items,
|
||||
'total' => $total,
|
||||
'page' => $page,
|
||||
'page_size' => $pageSize
|
||||
]);
|
||||
}
|
||||
|
||||
public function detail(Request $request)
|
||||
{
|
||||
$id = (int)$request->get('id');
|
||||
$order = Order::with(['logs'])->find($id);
|
||||
|
||||
if (!$order) {
|
||||
return jsonResponse(null, '订单不存在', 404);
|
||||
}
|
||||
|
||||
return jsonResponse($order);
|
||||
}
|
||||
|
||||
public function receive(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$order = Order::find($id);
|
||||
|
||||
if (!$order) {
|
||||
return jsonResponse(null, '订单不存在', 404);
|
||||
}
|
||||
|
||||
try {
|
||||
\app\common\service\OrderFlowService::adminReceive($order, $request->admin->id);
|
||||
return jsonResponse(null, '确认收件成功,已进入鉴定状态');
|
||||
} catch (\Exception $e) {
|
||||
return jsonResponse(null, $e->getMessage(), 400);
|
||||
}
|
||||
}
|
||||
|
||||
public function returnShip(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$expressCompany = trim((string)$request->post('express_company', ''));
|
||||
$expressNo = trim((string)$request->post('express_no', ''));
|
||||
|
||||
$order = Order::find($id);
|
||||
if (!$order) {
|
||||
return jsonResponse(null, '订单不存在', 404);
|
||||
}
|
||||
|
||||
try {
|
||||
\app\common\service\OrderFlowService::adminReturnShip($order, $request->admin->id, $expressCompany, $expressNo);
|
||||
return jsonResponse(null, '回寄信息已提交');
|
||||
} catch (\Exception $e) {
|
||||
return jsonResponse(null, $e->getMessage(), 400);
|
||||
}
|
||||
}
|
||||
}
|
||||
94
app/admin/controller/PermissionController.php
Normal file
94
app/admin/controller/PermissionController.php
Normal file
@@ -0,0 +1,94 @@
|
||||
<?php
|
||||
namespace app\admin\controller;
|
||||
|
||||
use support\Request;
|
||||
use app\common\model\Permission;
|
||||
|
||||
class PermissionController
|
||||
{
|
||||
public function list(Request $request)
|
||||
{
|
||||
// 返回树形结构或者普通列表
|
||||
$permissions = Permission::orderBy('sort', 'asc')->get();
|
||||
return jsonResponse($permissions);
|
||||
}
|
||||
|
||||
public function create(Request $request)
|
||||
{
|
||||
$name = trim($request->post('name', ''));
|
||||
$code = trim($request->post('code', ''));
|
||||
$parent_id = (int)$request->post('parent_id', 0);
|
||||
$type = (int)$request->post('type', 1); // 1菜单 2按钮
|
||||
$sort = (int)$request->post('sort', 0);
|
||||
|
||||
if (!$name || !$code) {
|
||||
return jsonResponse(null, '名称和代码必填', 400);
|
||||
}
|
||||
|
||||
if (Permission::where('code', $code)->exists()) {
|
||||
return jsonResponse(null, '代码已存在', 400);
|
||||
}
|
||||
|
||||
$permission = Permission::create([
|
||||
'name' => $name,
|
||||
'code' => $code,
|
||||
'parent_id' => $parent_id,
|
||||
'type' => $type,
|
||||
'sort' => $sort,
|
||||
]);
|
||||
|
||||
return jsonResponse($permission, '创建成功');
|
||||
}
|
||||
|
||||
public function update(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$permission = Permission::find($id);
|
||||
if (!$permission) {
|
||||
return jsonResponse(null, '权限不存在', 404);
|
||||
}
|
||||
|
||||
$name = trim($request->post('name', ''));
|
||||
$code = trim($request->post('code', ''));
|
||||
|
||||
if ($name) $permission->name = $name;
|
||||
if ($code && $code !== $permission->code) {
|
||||
if (Permission::where('code', $code)->exists()) {
|
||||
return jsonResponse(null, '代码已存在', 400);
|
||||
}
|
||||
$permission->code = $code;
|
||||
}
|
||||
|
||||
if ($request->post('parent_id') !== null) {
|
||||
$permission->parent_id = (int)$request->post('parent_id');
|
||||
}
|
||||
if ($request->post('type') !== null) {
|
||||
$permission->type = (int)$request->post('type');
|
||||
}
|
||||
if ($request->post('sort') !== null) {
|
||||
$permission->sort = (int)$request->post('sort');
|
||||
}
|
||||
|
||||
$permission->save();
|
||||
return jsonResponse(null, '更新成功');
|
||||
}
|
||||
|
||||
public function delete(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$permission = Permission::find($id);
|
||||
if (!$permission) {
|
||||
return jsonResponse(null, '权限不存在', 404);
|
||||
}
|
||||
|
||||
if (Permission::where('parent_id', $id)->exists()) {
|
||||
return jsonResponse(null, '存在子权限,不可删除', 400);
|
||||
}
|
||||
|
||||
$permission->delete();
|
||||
// Remove from role_permissions
|
||||
\Illuminate\Database\Capsule\Manager::table('role_permissions')->where('permission_id', $id)->delete();
|
||||
|
||||
return jsonResponse(null, '删除成功');
|
||||
}
|
||||
}
|
||||
114
app/admin/controller/ReportController.php
Normal file
114
app/admin/controller/ReportController.php
Normal file
@@ -0,0 +1,114 @@
|
||||
<?php
|
||||
namespace app\admin\controller;
|
||||
|
||||
use support\Request;
|
||||
use app\common\model\Order;
|
||||
use app\common\model\Report;
|
||||
use app\common\service\OrderFlowService;
|
||||
use Illuminate\Database\Capsule\Manager as DB;
|
||||
|
||||
class ReportController
|
||||
{
|
||||
public function list(Request $request)
|
||||
{
|
||||
$page = max(1, intval($request->get('page', 1)));
|
||||
$pageSize = min(50, max(1, intval($request->get('page_size', 10))));
|
||||
|
||||
$query = Report::with(['order', 'inspector']);
|
||||
|
||||
if ($reportNo = $request->get('report_no')) {
|
||||
$query->where('report_no', 'like', "%{$reportNo}%");
|
||||
}
|
||||
|
||||
$total = $query->count();
|
||||
$items = $query->orderBy('id', 'desc')
|
||||
->offset(($page - 1) * $pageSize)
|
||||
->limit($pageSize)
|
||||
->get();
|
||||
|
||||
return jsonResponse([
|
||||
'items' => $items,
|
||||
'total' => $total,
|
||||
'page' => $page,
|
||||
'page_size' => $pageSize
|
||||
]);
|
||||
}
|
||||
|
||||
public function detail(Request $request)
|
||||
{
|
||||
$id = (int)$request->get('id');
|
||||
$report = Report::with(['order.logs', 'inspector'])->find($id);
|
||||
|
||||
if (!$report) {
|
||||
return jsonResponse(null, '报告不存在', 404);
|
||||
}
|
||||
|
||||
return jsonResponse($report);
|
||||
}
|
||||
|
||||
public function create(Request $request)
|
||||
{
|
||||
$orderId = (int)$request->post('order_id');
|
||||
$conclusion = trim($request->post('conclusion', '')); // REAL, FAKE, DOUBT
|
||||
$level = trim($request->post('level', ''));
|
||||
$flawsJson = $request->post('flaws_json', []);
|
||||
$imagesJson = $request->post('images_json', []);
|
||||
|
||||
if (!in_array($conclusion, ['REAL', 'FAKE', 'DOUBT'])) {
|
||||
return jsonResponse(null, '鉴定结论不合法', 400);
|
||||
}
|
||||
|
||||
if (empty($imagesJson)) {
|
||||
return jsonResponse(null, '必须上传证据图片', 400);
|
||||
}
|
||||
|
||||
$order = Order::find($orderId);
|
||||
if (!$order) {
|
||||
return jsonResponse(null, '订单不存在', 404);
|
||||
}
|
||||
|
||||
if ($order->status !== 'inspecting') {
|
||||
return jsonResponse(null, '订单当前状态不可出具报告', 400);
|
||||
}
|
||||
|
||||
if (Report::where('order_id', $orderId)->exists()) {
|
||||
return jsonResponse(null, '该订单已出具报告,不可重复出具', 400);
|
||||
}
|
||||
|
||||
DB::beginTransaction();
|
||||
try {
|
||||
$reportNo = 'R' . date('YmdHis') . rand(1000, 9999);
|
||||
$verifyCode = bin2hex(random_bytes(8)); // 16字符防伪码
|
||||
|
||||
$report = Report::create([
|
||||
'report_no' => $reportNo,
|
||||
'order_id' => $orderId,
|
||||
'conclusion' => $conclusion,
|
||||
'level' => $level,
|
||||
'flaws_json' => $flawsJson,
|
||||
'images_json' => $imagesJson,
|
||||
'inspector_id' => $request->admin->id,
|
||||
'verify_code' => $verifyCode
|
||||
]);
|
||||
|
||||
// 扭转订单状态
|
||||
$order->status = 'finished';
|
||||
$order->save();
|
||||
|
||||
$conclusionMap = [
|
||||
'REAL' => '正品',
|
||||
'FAKE' => '仿品',
|
||||
'DOUBT' => '存疑'
|
||||
];
|
||||
$conclusionText = $conclusionMap[$conclusion] ?? '未知';
|
||||
|
||||
OrderFlowService::addLog($orderId, 'report_generated', '报告已出具', "鉴定结论:{$conclusionText}", 'admin', $request->admin->id);
|
||||
|
||||
DB::commit();
|
||||
return jsonResponse($report, '报告出具成功');
|
||||
} catch (\Exception $e) {
|
||||
DB::rollBack();
|
||||
return jsonResponse(null, '出具报告失败: ' . $e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
}
|
||||
140
app/admin/controller/RoleController.php
Normal file
140
app/admin/controller/RoleController.php
Normal file
@@ -0,0 +1,140 @@
|
||||
<?php
|
||||
namespace app\admin\controller;
|
||||
|
||||
use support\Request;
|
||||
use app\common\model\Role;
|
||||
use Illuminate\Database\Capsule\Manager as DB;
|
||||
|
||||
class RoleController
|
||||
{
|
||||
public function list(Request $request)
|
||||
{
|
||||
$page = (int)$request->get('page', 1);
|
||||
$limit = (int)$request->get('limit', 15);
|
||||
|
||||
$query = Role::with('permissions');
|
||||
|
||||
if ($name = $request->get('name')) {
|
||||
$query->where('name', 'like', "%{$name}%");
|
||||
}
|
||||
|
||||
$total = $query->count();
|
||||
$list = $query->offset(($page - 1) * $limit)
|
||||
->limit($limit)
|
||||
->orderBy('id', 'desc')
|
||||
->get();
|
||||
|
||||
return jsonResponse([
|
||||
'total' => $total,
|
||||
'list' => $list
|
||||
]);
|
||||
}
|
||||
|
||||
public function all(Request $request)
|
||||
{
|
||||
$roles = Role::all();
|
||||
return jsonResponse($roles);
|
||||
}
|
||||
|
||||
public function create(Request $request)
|
||||
{
|
||||
$name = trim($request->post('name', ''));
|
||||
$code = trim($request->post('code', ''));
|
||||
$description = trim($request->post('description', ''));
|
||||
$permissionIds = $request->post('permission_ids', []);
|
||||
|
||||
if (!$name || !$code) {
|
||||
return jsonResponse(null, '角色名称和编码必填', 400);
|
||||
}
|
||||
|
||||
if (Role::where('name', $name)->exists()) {
|
||||
return jsonResponse(null, '角色名称已存在', 400);
|
||||
}
|
||||
if (Role::where('code', $code)->exists()) {
|
||||
return jsonResponse(null, '角色编码已存在', 400);
|
||||
}
|
||||
|
||||
DB::beginTransaction();
|
||||
try {
|
||||
$role = Role::create([
|
||||
'name' => $name,
|
||||
'code' => $code,
|
||||
'description' => $description,
|
||||
]);
|
||||
|
||||
if (!empty($permissionIds)) {
|
||||
$role->permissions()->sync($permissionIds);
|
||||
}
|
||||
DB::commit();
|
||||
return jsonResponse(null, '创建成功');
|
||||
} catch (\Exception $e) {
|
||||
DB::rollBack();
|
||||
return jsonResponse(null, '创建失败: ' . $e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
public function update(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$role = Role::find($id);
|
||||
if (!$role) {
|
||||
return jsonResponse(null, '角色不存在', 404);
|
||||
}
|
||||
|
||||
$name = trim($request->post('name', ''));
|
||||
if ($name && $name !== $role->name) {
|
||||
if (Role::where('name', $name)->exists()) {
|
||||
return jsonResponse(null, '角色名称已存在', 400);
|
||||
}
|
||||
$role->name = $name;
|
||||
}
|
||||
|
||||
$code = trim($request->post('code', ''));
|
||||
if ($code && $code !== $role->code) {
|
||||
if (Role::where('code', $code)->exists()) {
|
||||
return jsonResponse(null, '角色编码已存在', 400);
|
||||
}
|
||||
$role->code = $code;
|
||||
}
|
||||
|
||||
if ($request->post('description') !== null) {
|
||||
$role->description = trim($request->post('description'));
|
||||
}
|
||||
|
||||
$permissionIds = $request->post('permission_ids');
|
||||
|
||||
DB::beginTransaction();
|
||||
try {
|
||||
$role->save();
|
||||
if (is_array($permissionIds)) {
|
||||
$role->permissions()->sync($permissionIds);
|
||||
}
|
||||
DB::commit();
|
||||
return jsonResponse(null, '更新成功');
|
||||
} catch (\Exception $e) {
|
||||
DB::rollBack();
|
||||
return jsonResponse(null, '更新失败: ' . $e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
public function delete(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$role = Role::find($id);
|
||||
if (!$role) {
|
||||
return jsonResponse(null, '角色不存在', 404);
|
||||
}
|
||||
|
||||
DB::beginTransaction();
|
||||
try {
|
||||
$role->permissions()->detach();
|
||||
$role->delete();
|
||||
DB::table('admin_roles')->where('role_id', $id)->delete();
|
||||
DB::commit();
|
||||
return jsonResponse(null, '删除成功');
|
||||
} catch (\Exception $e) {
|
||||
DB::rollBack();
|
||||
return jsonResponse(null, '删除失败: ' . $e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
}
|
||||
37
app/admin/controller/UploadController.php
Normal file
37
app/admin/controller/UploadController.php
Normal file
@@ -0,0 +1,37 @@
|
||||
<?php
|
||||
namespace app\admin\controller;
|
||||
|
||||
use support\Request;
|
||||
use Webman\Http\UploadFile;
|
||||
|
||||
class UploadController
|
||||
{
|
||||
public function image(Request $request)
|
||||
{
|
||||
$file = $request->file('file');
|
||||
if (!$file || !$file->isValid()) {
|
||||
return jsonResponse(null, '未找到文件或文件无效', 400);
|
||||
}
|
||||
|
||||
$ext = strtolower($file->getUploadExtension());
|
||||
if (!in_array($ext, ['jpg', 'jpeg', 'png', 'gif', 'webp'])) {
|
||||
return jsonResponse(null, '仅支持图片文件', 400);
|
||||
}
|
||||
|
||||
$dir = public_path() . '/upload/images/' . date('Ymd');
|
||||
if (!is_dir($dir)) {
|
||||
mkdir($dir, 0777, true);
|
||||
}
|
||||
|
||||
$filename = uniqid() . bin2hex(random_bytes(4)) . '.' . $ext;
|
||||
$path = $dir . '/' . $filename;
|
||||
$file->move($path);
|
||||
|
||||
$url = '/upload/images/' . date('Ymd') . '/' . $filename;
|
||||
|
||||
return jsonResponse([
|
||||
'url' => $url,
|
||||
'name' => $file->getUploadName(),
|
||||
], '上传成功');
|
||||
}
|
||||
}
|
||||
53
app/admin/controller/UserController.php
Normal file
53
app/admin/controller/UserController.php
Normal file
@@ -0,0 +1,53 @@
|
||||
<?php
|
||||
namespace app\admin\controller;
|
||||
|
||||
use support\Request;
|
||||
use app\common\model\User;
|
||||
|
||||
class UserController
|
||||
{
|
||||
public function list(Request $request)
|
||||
{
|
||||
$page = max(1, intval($request->get('page', 1)));
|
||||
$pageSize = min(50, max(1, intval($request->get('page_size', 10))));
|
||||
|
||||
$query = User::query();
|
||||
|
||||
if ($mobile = $request->get('mobile')) {
|
||||
$query->where('mobile', 'like', "%{$mobile}%");
|
||||
}
|
||||
|
||||
if ($nickname = $request->get('nickname')) {
|
||||
$query->where('nickname', 'like', "%{$nickname}%");
|
||||
}
|
||||
|
||||
$total = $query->count();
|
||||
$items = $query->orderBy('id', 'desc')
|
||||
->offset(($page - 1) * $pageSize)
|
||||
->limit($pageSize)
|
||||
->get();
|
||||
|
||||
return jsonResponse([
|
||||
'items' => $items,
|
||||
'total' => $total,
|
||||
'page' => $page,
|
||||
'page_size' => $pageSize
|
||||
]);
|
||||
}
|
||||
|
||||
public function updateStatus(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$status = (int)$request->post('status');
|
||||
|
||||
$user = User::find($id);
|
||||
if (!$user) {
|
||||
return jsonResponse(null, '用户不存在', 404);
|
||||
}
|
||||
|
||||
$user->status = $status === 1 ? 1 : 0;
|
||||
$user->save();
|
||||
|
||||
return jsonResponse(null, '更新状态成功');
|
||||
}
|
||||
}
|
||||
136
app/admin/controller/WechatAppController.php
Normal file
136
app/admin/controller/WechatAppController.php
Normal file
@@ -0,0 +1,136 @@
|
||||
<?php
|
||||
namespace app\admin\controller;
|
||||
|
||||
use support\Request;
|
||||
use app\common\model\WechatApp;
|
||||
use Illuminate\Database\Capsule\Manager as DB;
|
||||
|
||||
class WechatAppController
|
||||
{
|
||||
public function list(Request $request)
|
||||
{
|
||||
$page = (int)$request->get('page', 1);
|
||||
$limit = (int)$request->get('limit', 15);
|
||||
if ($page < 1) $page = 1;
|
||||
if ($limit < 1) $limit = 15;
|
||||
|
||||
$query = WechatApp::query();
|
||||
if (($name = trim((string)$request->get('name', ''))) !== '') {
|
||||
$query->where('name', 'like', "%{$name}%");
|
||||
}
|
||||
if (($appId = trim((string)$request->get('app_id', ''))) !== '') {
|
||||
$query->where('app_id', 'like', "%{$appId}%");
|
||||
}
|
||||
if (($type = trim((string)$request->get('type', ''))) !== '') {
|
||||
$query->where('type', $type);
|
||||
}
|
||||
if ($request->get('status') !== null && $request->get('status') !== '') {
|
||||
$query->where('status', (int)$request->get('status'));
|
||||
}
|
||||
|
||||
$total = $query->count();
|
||||
$list = $query->select([
|
||||
'id',
|
||||
'name',
|
||||
'type',
|
||||
'app_id',
|
||||
'status',
|
||||
'remark',
|
||||
'created_at',
|
||||
])
|
||||
->selectRaw("IF(app_secret IS NULL OR app_secret = '', 0, 1) as has_secret")
|
||||
->orderByDesc('id')
|
||||
->offset(($page - 1) * $limit)
|
||||
->limit($limit)
|
||||
->get();
|
||||
|
||||
return jsonResponse([
|
||||
'total' => $total,
|
||||
'list' => $list,
|
||||
]);
|
||||
}
|
||||
|
||||
public function create(Request $request)
|
||||
{
|
||||
$name = trim((string)$request->post('name', ''));
|
||||
$type = trim((string)$request->post('type', 'h5'));
|
||||
$appId = trim((string)$request->post('app_id', ''));
|
||||
$appSecret = trim((string)$request->post('app_secret', ''));
|
||||
$status = (int)$request->post('status', 1);
|
||||
$remark = trim((string)$request->post('remark', ''));
|
||||
|
||||
if ($name === '' || $appId === '') {
|
||||
return jsonResponse(null, '名称和AppID必填', 400);
|
||||
}
|
||||
if (!in_array($type, ['h5', 'mini'], true)) {
|
||||
return jsonResponse(null, '类型不合法', 400);
|
||||
}
|
||||
|
||||
try {
|
||||
$row = WechatApp::create([
|
||||
'name' => $name,
|
||||
'type' => $type,
|
||||
'app_id' => $appId,
|
||||
'app_secret' => $appSecret ?: null,
|
||||
'status' => $status ? 1 : 0,
|
||||
'remark' => $remark ?: null,
|
||||
]);
|
||||
return jsonResponse($row, '创建成功');
|
||||
} catch (\Throwable $e) {
|
||||
return jsonResponse(null, '创建失败: ' . $e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
public function update(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$row = WechatApp::find($id);
|
||||
if (!$row) {
|
||||
return jsonResponse(null, '应用不存在', 404);
|
||||
}
|
||||
|
||||
$name = trim((string)$request->post('name', $row->name));
|
||||
$type = trim((string)$request->post('type', $row->type));
|
||||
$appId = trim((string)$request->post('app_id', $row->app_id));
|
||||
$appSecret = trim((string)$request->post('app_secret', ''));
|
||||
$status = (int)$request->post('status', $row->status);
|
||||
$remark = trim((string)$request->post('remark', $row->remark ?? ''));
|
||||
|
||||
if ($name === '' || $appId === '') {
|
||||
return jsonResponse(null, '名称和AppID必填', 400);
|
||||
}
|
||||
if (!in_array($type, ['h5', 'mini'], true)) {
|
||||
return jsonResponse(null, '类型不合法', 400);
|
||||
}
|
||||
|
||||
DB::beginTransaction();
|
||||
try {
|
||||
$row->name = $name;
|
||||
$row->type = $type;
|
||||
$row->app_id = $appId;
|
||||
if ($appSecret !== '') {
|
||||
$row->app_secret = $appSecret;
|
||||
}
|
||||
$row->status = $status ? 1 : 0;
|
||||
$row->remark = $remark ?: null;
|
||||
$row->save();
|
||||
DB::commit();
|
||||
return jsonResponse(null, '更新成功');
|
||||
} catch (\Throwable $e) {
|
||||
DB::rollBack();
|
||||
return jsonResponse(null, '更新失败: ' . $e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
public function delete(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$row = WechatApp::find($id);
|
||||
if (!$row) {
|
||||
return jsonResponse(null, '应用不存在', 404);
|
||||
}
|
||||
$row->delete();
|
||||
return jsonResponse(null, '删除成功');
|
||||
}
|
||||
}
|
||||
|
||||
336
app/admin/controller/WechatMerchantController.php
Normal file
336
app/admin/controller/WechatMerchantController.php
Normal file
@@ -0,0 +1,336 @@
|
||||
<?php
|
||||
namespace app\admin\controller;
|
||||
|
||||
use support\Request;
|
||||
use app\common\model\WechatMerchant;
|
||||
use Illuminate\Database\Capsule\Manager as DB;
|
||||
use Webman\Http\UploadFile;
|
||||
|
||||
class WechatMerchantController
|
||||
{
|
||||
public function list(Request $request)
|
||||
{
|
||||
$page = (int)$request->get('page', 1);
|
||||
$limit = (int)$request->get('limit', 15);
|
||||
if ($page < 1) $page = 1;
|
||||
if ($limit < 1) $limit = 15;
|
||||
|
||||
$query = WechatMerchant::query();
|
||||
|
||||
if (($name = trim((string)$request->get('name', ''))) !== '') {
|
||||
$query->where('name', 'like', "%{$name}%");
|
||||
}
|
||||
if (($mchId = trim((string)$request->get('mch_id', ''))) !== '') {
|
||||
$query->where('mch_id', 'like', "%{$mchId}%");
|
||||
}
|
||||
if ($request->get('status') !== null && $request->get('status') !== '') {
|
||||
$query->where('status', (int)$request->get('status'));
|
||||
}
|
||||
|
||||
$total = $query->count();
|
||||
$list = $query->select([
|
||||
'id',
|
||||
'name',
|
||||
'mode',
|
||||
'mch_id',
|
||||
'app_id',
|
||||
'sub_mch_id',
|
||||
'sub_app_id',
|
||||
'service_provider',
|
||||
'serial_no',
|
||||
'notify_url',
|
||||
'is_default',
|
||||
'status',
|
||||
'remark',
|
||||
'apiclient_cert_path',
|
||||
'apiclient_key_path',
|
||||
'created_at',
|
||||
])
|
||||
->selectRaw("IF(api_v3_key IS NULL OR api_v3_key = '', 0, 1) as has_api_v3_key")
|
||||
->selectRaw("IF((private_key_pem IS NULL OR private_key_pem = '') AND (apiclient_key_path IS NULL OR apiclient_key_path = ''), 0, 1) as has_private_key")
|
||||
->selectRaw("IF(apiclient_cert_path IS NULL OR apiclient_cert_path = '', 0, 1) as has_apiclient_cert")
|
||||
->orderByDesc('is_default')
|
||||
->orderByDesc('id')
|
||||
->offset(($page - 1) * $limit)
|
||||
->limit($limit)
|
||||
->get();
|
||||
|
||||
return jsonResponse([
|
||||
'total' => $total,
|
||||
'list' => $list,
|
||||
]);
|
||||
}
|
||||
|
||||
public function create(Request $request)
|
||||
{
|
||||
$name = trim((string)$request->post('name', ''));
|
||||
$mode = trim((string)$request->post('mode', 'direct'));
|
||||
$mchId = trim((string)$request->post('mch_id', ''));
|
||||
$appId = trim((string)$request->post('app_id', ''));
|
||||
$subMchId = trim((string)$request->post('sub_mch_id', ''));
|
||||
$subAppId = trim((string)$request->post('sub_app_id', ''));
|
||||
$serviceProvider = trim((string)$request->post('service_provider', ''));
|
||||
$serialNo = trim((string)$request->post('serial_no', ''));
|
||||
$apiV3Key = trim((string)$request->post('api_v3_key', ''));
|
||||
$privateKeyPem = trim((string)$request->post('private_key_pem', ''));
|
||||
$notifyUrl = trim((string)$request->post('notify_url', ''));
|
||||
$remark = trim((string)$request->post('remark', ''));
|
||||
$status = (int)$request->post('status', 1);
|
||||
$isDefault = (int)$request->post('is_default', 0) ? 1 : 0;
|
||||
|
||||
if ($name === '' || $mchId === '') {
|
||||
return jsonResponse(null, '名称和商户号必填', 400);
|
||||
}
|
||||
if (!in_array($mode, ['direct', 'service_provider', 'third_party'], true)) {
|
||||
return jsonResponse(null, '商户类型不合法', 400);
|
||||
}
|
||||
if ($mode === 'service_provider' && $subMchId === '') {
|
||||
return jsonResponse(null, '服务商模式必须填写子商户号', 400);
|
||||
}
|
||||
|
||||
if ($this->existsConflict(0, $mode, $mchId, $subMchId, $appId, $subAppId)) {
|
||||
return jsonResponse(null, '该商户配置已存在', 400);
|
||||
}
|
||||
|
||||
DB::beginTransaction();
|
||||
try {
|
||||
if ($isDefault === 1) {
|
||||
WechatMerchant::where('is_default', 1)->update(['is_default' => 0]);
|
||||
}
|
||||
$row = WechatMerchant::create([
|
||||
'name' => $name,
|
||||
'mode' => $mode,
|
||||
'mch_id' => $mchId,
|
||||
'app_id' => $appId ?: null,
|
||||
'serial_no' => $serialNo ?: null,
|
||||
'api_v3_key' => $apiV3Key ?: null,
|
||||
'private_key_pem' => $privateKeyPem ?: null,
|
||||
'notify_url' => $notifyUrl ?: null,
|
||||
'sub_mch_id' => $subMchId ?: null,
|
||||
'sub_app_id' => $subAppId ?: null,
|
||||
'service_provider' => $serviceProvider ?: null,
|
||||
'remark' => $remark ?: null,
|
||||
'status' => $status ? 1 : 0,
|
||||
'is_default' => $isDefault,
|
||||
]);
|
||||
DB::commit();
|
||||
return jsonResponse($row, '创建成功');
|
||||
} catch (\Throwable $e) {
|
||||
DB::rollBack();
|
||||
return jsonResponse(null, '创建失败: ' . $e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
public function update(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$row = WechatMerchant::find($id);
|
||||
if (!$row) {
|
||||
return jsonResponse(null, '商户号不存在', 404);
|
||||
}
|
||||
|
||||
$name = trim((string)$request->post('name', $row->name));
|
||||
$mode = trim((string)$request->post('mode', $row->mode));
|
||||
$mchId = trim((string)$request->post('mch_id', $row->mch_id));
|
||||
$appId = trim((string)$request->post('app_id', $row->app_id ?? ''));
|
||||
$subMchId = trim((string)$request->post('sub_mch_id', $row->sub_mch_id ?? ''));
|
||||
$subAppId = trim((string)$request->post('sub_app_id', $row->sub_app_id ?? ''));
|
||||
$serviceProvider = trim((string)$request->post('service_provider', $row->service_provider ?? ''));
|
||||
$serialNo = trim((string)$request->post('serial_no', $row->serial_no ?? ''));
|
||||
$apiV3Key = trim((string)$request->post('api_v3_key', ''));
|
||||
$privateKeyPem = trim((string)$request->post('private_key_pem', ''));
|
||||
$notifyUrl = trim((string)$request->post('notify_url', $row->notify_url ?? ''));
|
||||
$remark = trim((string)$request->post('remark', $row->remark ?? ''));
|
||||
$status = (int)$request->post('status', $row->status);
|
||||
$isDefault = $request->post('is_default') !== null ? ((int)$request->post('is_default') ? 1 : 0) : (int)$row->is_default;
|
||||
|
||||
if ($name === '' || $mchId === '') {
|
||||
return jsonResponse(null, '名称和商户号必填', 400);
|
||||
}
|
||||
if (!in_array($mode, ['direct', 'service_provider', 'third_party'], true)) {
|
||||
return jsonResponse(null, '商户类型不合法', 400);
|
||||
}
|
||||
if ($mode === 'service_provider' && $subMchId === '') {
|
||||
return jsonResponse(null, '服务商模式必须填写子商户号', 400);
|
||||
}
|
||||
|
||||
if ($this->existsConflict($id, $mode, $mchId, $subMchId, $appId, $subAppId)) {
|
||||
return jsonResponse(null, '该商户配置已存在', 400);
|
||||
}
|
||||
|
||||
DB::beginTransaction();
|
||||
try {
|
||||
if ($isDefault === 1) {
|
||||
WechatMerchant::where('is_default', 1)->where('id', '<>', $id)->update(['is_default' => 0]);
|
||||
}
|
||||
$row->name = $name;
|
||||
$row->mode = $mode;
|
||||
$row->mch_id = $mchId;
|
||||
$row->app_id = $appId ?: null;
|
||||
$row->serial_no = $serialNo ?: null;
|
||||
if ($apiV3Key !== '') {
|
||||
$row->api_v3_key = $apiV3Key;
|
||||
}
|
||||
if ($privateKeyPem !== '') {
|
||||
$row->private_key_pem = $privateKeyPem;
|
||||
}
|
||||
$row->notify_url = $notifyUrl ?: null;
|
||||
$row->sub_mch_id = $subMchId ?: null;
|
||||
$row->sub_app_id = $subAppId ?: null;
|
||||
$row->service_provider = $serviceProvider ?: null;
|
||||
$row->remark = $remark ?: null;
|
||||
$row->status = $status ? 1 : 0;
|
||||
$row->is_default = $isDefault;
|
||||
$row->save();
|
||||
DB::commit();
|
||||
return jsonResponse(null, '更新成功');
|
||||
} catch (\Throwable $e) {
|
||||
DB::rollBack();
|
||||
return jsonResponse(null, '更新失败: ' . $e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
public function delete(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$row = WechatMerchant::find($id);
|
||||
if (!$row) {
|
||||
return jsonResponse(null, '商户号不存在', 404);
|
||||
}
|
||||
if ((int)$row->is_default === 1) {
|
||||
return jsonResponse(null, '默认商户号不可删除', 400);
|
||||
}
|
||||
$row->delete();
|
||||
return jsonResponse(null, '删除成功');
|
||||
}
|
||||
|
||||
public function uploadApiclientCert(Request $request)
|
||||
{
|
||||
return $this->uploadPem($request, 'apiclient_cert');
|
||||
}
|
||||
|
||||
public function uploadApiclientKey(Request $request)
|
||||
{
|
||||
return $this->uploadPem($request, 'apiclient_key');
|
||||
}
|
||||
|
||||
public function uploadApiV3Key(Request $request)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$row = WechatMerchant::find($id);
|
||||
if (!$row) {
|
||||
return jsonResponse(null, '商户号不存在', 404);
|
||||
}
|
||||
|
||||
/** @var UploadFile|null $file */
|
||||
$file = $request->file('file');
|
||||
if (!$file || !$file->isValid()) {
|
||||
return jsonResponse(null, '未找到文件或文件无效', 400);
|
||||
}
|
||||
|
||||
$size = $file->getSize();
|
||||
if ($size === false || $size > 1024) {
|
||||
return jsonResponse(null, '文件过大', 400);
|
||||
}
|
||||
|
||||
$content = file_get_contents($file->getPathname());
|
||||
$content = is_string($content) ? $content : '';
|
||||
$key = preg_replace('/\s+/', '', $content);
|
||||
$key = is_string($key) ? trim($key) : '';
|
||||
if ($key === '' || strlen($key) !== 32) {
|
||||
return jsonResponse(null, 'APIv3 Key 格式不正确(应为32位)', 400);
|
||||
}
|
||||
|
||||
$row->api_v3_key = $key;
|
||||
$row->save();
|
||||
|
||||
return jsonResponse([
|
||||
'id' => $row->id,
|
||||
'has_api_v3_key' => 1,
|
||||
], '上传成功');
|
||||
}
|
||||
|
||||
private function uploadPem(Request $request, string $type)
|
||||
{
|
||||
$id = (int)$request->post('id');
|
||||
$row = WechatMerchant::find($id);
|
||||
if (!$row) {
|
||||
return jsonResponse(null, '商户号不存在', 404);
|
||||
}
|
||||
|
||||
/** @var UploadFile|null $file */
|
||||
$file = $request->file('file');
|
||||
if (!$file || !$file->isValid()) {
|
||||
return jsonResponse(null, '未找到文件或文件无效', 400);
|
||||
}
|
||||
$ext = strtolower($file->getUploadExtension());
|
||||
if ($ext !== 'pem') {
|
||||
return jsonResponse(null, '仅支持 pem 文件', 400);
|
||||
}
|
||||
|
||||
$dir = runtime_path() . '/wechatpay/merchants/' . $row->id;
|
||||
if (!is_dir($dir)) {
|
||||
mkdir($dir, 0700, true);
|
||||
}
|
||||
$filename = $type === 'apiclient_cert' ? 'apiclient_cert.pem' : 'apiclient_key.pem';
|
||||
$path = $dir . '/' . $filename;
|
||||
$file->move($path);
|
||||
@chmod($path, 0600);
|
||||
|
||||
if ($type === 'apiclient_cert') {
|
||||
$row->apiclient_cert_path = $path;
|
||||
try {
|
||||
$certPem = file_get_contents($path);
|
||||
$x509 = openssl_x509_read($certPem);
|
||||
if ($x509) {
|
||||
$info = openssl_x509_parse($x509);
|
||||
$serialHex = $info['serialNumberHex'] ?? '';
|
||||
if (is_string($serialHex) && $serialHex !== '') {
|
||||
$row->serial_no = $row->serial_no ?: strtoupper($serialHex);
|
||||
}
|
||||
}
|
||||
} catch (\Throwable $e) {
|
||||
}
|
||||
} else {
|
||||
$row->apiclient_key_path = $path;
|
||||
}
|
||||
$row->save();
|
||||
|
||||
return jsonResponse([
|
||||
'id' => $row->id,
|
||||
'serial_no' => $row->serial_no,
|
||||
'has_apiclient_cert' => $row->apiclient_cert_path ? 1 : 0,
|
||||
'has_private_key' => ($row->private_key_pem || $row->apiclient_key_path) ? 1 : 0,
|
||||
], '上传成功');
|
||||
}
|
||||
|
||||
private function existsConflict(int $id, string $mode, string $mchId, string $subMchId, string $appId, string $subAppId): bool
|
||||
{
|
||||
$query = WechatMerchant::query()->where('mode', $mode)->where('mch_id', $mchId);
|
||||
if ($mode === 'service_provider') {
|
||||
$query->where('sub_mch_id', $subMchId);
|
||||
} else {
|
||||
$query->where(function ($q) {
|
||||
$q->whereNull('sub_mch_id')->orWhere('sub_mch_id', '');
|
||||
});
|
||||
}
|
||||
if ($appId !== '') {
|
||||
$query->where('app_id', $appId);
|
||||
} else {
|
||||
$query->where(function ($q) {
|
||||
$q->whereNull('app_id')->orWhere('app_id', '');
|
||||
});
|
||||
}
|
||||
if ($subAppId !== '') {
|
||||
$query->where('sub_app_id', $subAppId);
|
||||
} else {
|
||||
$query->where(function ($q) {
|
||||
$q->whereNull('sub_app_id')->orWhere('sub_app_id', '');
|
||||
});
|
||||
}
|
||||
if ($id > 0) {
|
||||
$query->where('id', '<>', $id);
|
||||
}
|
||||
return $query->exists();
|
||||
}
|
||||
}
|
||||
35
app/admin/middleware/AuthMiddleware.php
Normal file
35
app/admin/middleware/AuthMiddleware.php
Normal file
@@ -0,0 +1,35 @@
|
||||
<?php
|
||||
namespace app\admin\middleware;
|
||||
|
||||
use Webman\MiddlewareInterface;
|
||||
use Webman\Http\Request;
|
||||
use Webman\Http\Response;
|
||||
use app\common\service\AuthService;
|
||||
|
||||
class AuthMiddleware implements MiddlewareInterface
|
||||
{
|
||||
public function process(Request $request, callable $handler): Response
|
||||
{
|
||||
$token = $this->getBearerToken($request);
|
||||
$admin = AuthService::getAdminByToken($token);
|
||||
if (!$admin) {
|
||||
return jsonResponse(null, '未登录', 401);
|
||||
}
|
||||
$request->admin = $admin;
|
||||
$request->token = $token;
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
protected function getBearerToken(Request $request): ?string
|
||||
{
|
||||
$authorization = $request->header('authorization');
|
||||
if (!$authorization) {
|
||||
return null;
|
||||
}
|
||||
if (stripos($authorization, 'Bearer ') === 0) {
|
||||
return trim(substr($authorization, 7));
|
||||
}
|
||||
return trim($authorization);
|
||||
}
|
||||
}
|
||||
|
||||
39
app/admin/middleware/PermissionMiddleware.php
Normal file
39
app/admin/middleware/PermissionMiddleware.php
Normal file
@@ -0,0 +1,39 @@
|
||||
<?php
|
||||
namespace app\admin\middleware;
|
||||
|
||||
use Webman\MiddlewareInterface;
|
||||
use Webman\Http\Request;
|
||||
use Webman\Http\Response;
|
||||
|
||||
class PermissionMiddleware implements MiddlewareInterface
|
||||
{
|
||||
public function process(Request $request, callable $handler): Response
|
||||
{
|
||||
$admin = $request->admin ?? null;
|
||||
if (!$admin) {
|
||||
return jsonResponse(null, '未登录', 401);
|
||||
}
|
||||
if (intval($admin->is_super) === 1) {
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
$route = $request->route;
|
||||
$permissionCode = $route ? $route->getName() : null;
|
||||
if (!$permissionCode) {
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
$admin->loadMissing(['roles.permissions']);
|
||||
$codes = [];
|
||||
foreach ($admin->roles as $role) {
|
||||
foreach ($role->permissions as $permission) {
|
||||
$codes[$permission->code] = true;
|
||||
}
|
||||
}
|
||||
if (!isset($codes[$permissionCode])) {
|
||||
return jsonResponse(null, '无权限', 403);
|
||||
}
|
||||
return $handler($request);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user