first commit
This commit is contained in:
wushumin
35
app/admin/middleware/AuthMiddleware.php
Normal file
35
app/admin/middleware/AuthMiddleware.php
Normal file
@@ -0,0 +1,35 @@
|
||||
<?php
|
||||
namespace app\admin\middleware;
|
||||
|
||||
use Webman\MiddlewareInterface;
|
||||
use Webman\Http\Request;
|
||||
use Webman\Http\Response;
|
||||
use app\common\service\AuthService;
|
||||
|
||||
class AuthMiddleware implements MiddlewareInterface
|
||||
{
|
||||
public function process(Request $request, callable $handler): Response
|
||||
{
|
||||
$token = $this->getBearerToken($request);
|
||||
$admin = AuthService::getAdminByToken($token);
|
||||
if (!$admin) {
|
||||
return jsonResponse(null, '未登录', 401);
|
||||
}
|
||||
$request->admin = $admin;
|
||||
$request->token = $token;
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
protected function getBearerToken(Request $request): ?string
|
||||
{
|
||||
$authorization = $request->header('authorization');
|
||||
if (!$authorization) {
|
||||
return null;
|
||||
}
|
||||
if (stripos($authorization, 'Bearer ') === 0) {
|
||||
return trim(substr($authorization, 7));
|
||||
}
|
||||
return trim($authorization);
|
||||
}
|
||||
}
|
||||
|
||||
39
app/admin/middleware/PermissionMiddleware.php
Normal file
39
app/admin/middleware/PermissionMiddleware.php
Normal file
@@ -0,0 +1,39 @@
|
||||
<?php
|
||||
namespace app\admin\middleware;
|
||||
|
||||
use Webman\MiddlewareInterface;
|
||||
use Webman\Http\Request;
|
||||
use Webman\Http\Response;
|
||||
|
||||
class PermissionMiddleware implements MiddlewareInterface
|
||||
{
|
||||
public function process(Request $request, callable $handler): Response
|
||||
{
|
||||
$admin = $request->admin ?? null;
|
||||
if (!$admin) {
|
||||
return jsonResponse(null, '未登录', 401);
|
||||
}
|
||||
if (intval($admin->is_super) === 1) {
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
$route = $request->route;
|
||||
$permissionCode = $route ? $route->getName() : null;
|
||||
if (!$permissionCode) {
|
||||
return $handler($request);
|
||||
}
|
||||
|
||||
$admin->loadMissing(['roles.permissions']);
|
||||
$codes = [];
|
||||
foreach ($admin->roles as $role) {
|
||||
foreach ($role->permissions as $permission) {
|
||||
$codes[$permission->code] = true;
|
||||
}
|
||||
}
|
||||
if (!isset($codes[$permissionCode])) {
|
||||
return jsonResponse(null, '无权限', 403);
|
||||
}
|
||||
return $handler($request);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user