Api.php 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535
  1. <?php
  2. namespace app\common\controller;
  3. use app\common\library\Auth;
  4. use think\Config;
  5. use think\exception\HttpResponseException;
  6. use think\exception\ValidateException;
  7. use think\Hook;
  8. use think\Lang;
  9. use think\Loader;
  10. use think\Request;
  11. use think\Response;
  12. use think\Route;
  13. use think\Validate;
  14. use Redis;
  15. /**
  16. * API控制器基类
  17. */
  18. class Api
  19. {
  20. /**
  21. * @var Request Request 实例
  22. */
  23. protected $request;
  24. /**
  25. * @var bool 验证失败是否抛出异常
  26. */
  27. protected $failException = false;
  28. /**
  29. * @var bool 是否批量验证
  30. */
  31. protected $batchValidate = false;
  32. /**
  33. * @var array 前置操作方法列表
  34. */
  35. protected $beforeActionList = [];
  36. /**
  37. * 无需登录的方法,同时也就不需要鉴权了
  38. * @var array
  39. */
  40. protected $noNeedLogin = [];
  41. /**
  42. * 无需鉴权的方法,但需要登录
  43. * @var array
  44. */
  45. protected $noNeedRight = [];
  46. /**
  47. * 权限Auth
  48. * @var Auth
  49. */
  50. protected $auth = null;
  51. /**
  52. * 默认响应输出类型,支持json/xml
  53. * @var string
  54. */
  55. protected $responseType = 'json';
  56. public $page = 1;
  57. public $listrow = 10;
  58. /**
  59. * 构造方法
  60. * @access public
  61. * @param Request $request Request 对象
  62. */
  63. public function __construct(Request $request = null)
  64. {
  65. $this->request = is_null($request) ? Request::instance() : $request;
  66. $this->page = input('page',1);
  67. $this->listrow= input('listrow',10);
  68. // 控制器初始化
  69. $this->_initialize();
  70. //日志
  71. $this->request_log();
  72. //用户活跃
  73. $this->user_active();
  74. // 前置操作方法
  75. if ($this->beforeActionList) {
  76. foreach ($this->beforeActionList as $method => $options) {
  77. is_numeric($method) ?
  78. $this->beforeAction($options) :
  79. $this->beforeAction($method, $options);
  80. }
  81. }
  82. }
  83. /**
  84. * 初始化操作
  85. * @access protected
  86. */
  87. protected function _initialize()
  88. {
  89. //跨域请求检测
  90. check_cors_request();
  91. // 检测IP是否允许
  92. check_ip_allowed();
  93. //移除HTML标签
  94. $this->request->filter('trim,strip_tags,htmlspecialchars');
  95. $this->auth = Auth::instance();
  96. $modulename = $this->request->module();
  97. $controllername = Loader::parseName($this->request->controller());
  98. $actionname = strtolower($this->request->action());
  99. // token
  100. $token = $this->request->server('HTTP_TOKEN', $this->request->request('token', \think\Cookie::get('token')));
  101. $path = str_replace('.', '/', $controllername) . '/' . $actionname;
  102. // 设置当前请求的URI
  103. $this->auth->setRequestUri($path);
  104. // 检测是否需要验证登录
  105. if (!$this->auth->match($this->noNeedLogin)) {
  106. //初始化
  107. $this->auth->init($token);
  108. //检测是否登录
  109. if (!$this->auth->isLogin()) {
  110. $this->error(__('Please login first'), null, 401);
  111. }
  112. // 判断是否需要验证权限
  113. /*if (!$this->auth->match($this->noNeedRight)) {
  114. // 判断控制器和方法判断是否有对应权限
  115. if (!$this->auth->check($path)) {
  116. $this->error(__('You have no permission'), null, 403);
  117. }
  118. }*/
  119. } else {
  120. // 如果有传递token才验证是否登录状态
  121. if ($token) {
  122. $this->auth->init($token);
  123. //传就必须传对
  124. if (!$this->auth->isLogin()) {
  125. $this->error(__('Please login first'), null, 401);
  126. }
  127. }
  128. }
  129. $upload = \app\common\model\Config::upload();
  130. // 上传信息配置后
  131. Hook::listen("upload_config_init", $upload);
  132. Config::set('upload', array_merge(Config::get('upload'), $upload));
  133. // 加载当前控制器语言包
  134. $this->loadlang($controllername);
  135. }
  136. /**
  137. * 加载语言文件
  138. * @param string $name
  139. */
  140. protected function loadlang($name)
  141. {
  142. $name = Loader::parseName($name);
  143. Lang::load(APP_PATH . $this->request->module() . '/lang/' . $this->request->langset() . '/' . str_replace('.', '/', $name) . '.php');
  144. }
  145. /**
  146. * 操作成功返回的数据
  147. * @param string $msg 提示信息
  148. * @param mixed $data 要返回的数据
  149. * @param int $code 错误码,默认为1
  150. * @param string $type 输出类型
  151. * @param array $header 发送的 Header 信息
  152. */
  153. protected function success($msg = '', $data = null, $code = 1, $type = null, array $header = [])
  154. {
  155. if($msg == 1){
  156. $msg = 'success';
  157. }
  158. if(empty($msg)){
  159. $msg = '操作成功';
  160. }
  161. $this->result($msg, $data, $code, $type, $header);
  162. }
  163. //find查询出来的结果如果为空数组,强制转换object
  164. protected function success_find($msg = '', $data = null, $code = 1, $type = null, array $header = [])
  165. {
  166. if(empty($msg)){
  167. $msg = '操作成功';
  168. }
  169. if(is_null($data) || $data === []){
  170. $data = (object)[];
  171. }
  172. $this->result($msg, $data, $code, $type, $header);
  173. }
  174. /**
  175. * 操作失败返回的数据
  176. * @param string $msg 提示信息
  177. * @param mixed $data 要返回的数据
  178. * @param int $code 错误码,默认为0
  179. * @param string $type 输出类型
  180. * @param array $header 发送的 Header 信息
  181. */
  182. protected function error($msg = '', $data = null, $code = 0, $type = null, array $header = [])
  183. {
  184. if(empty($msg)){
  185. $msg = __('Invalid parameters');
  186. }
  187. $this->result($msg, $data, $code, $type, $header);
  188. }
  189. /**
  190. * 返回封装后的 API 数据到客户端
  191. * @access protected
  192. * @param mixed $msg 提示信息
  193. * @param mixed $data 要返回的数据
  194. * @param int $code 错误码,默认为0
  195. * @param string $type 输出类型,支持json/xml/jsonp
  196. * @param array $header 发送的 Header 信息
  197. * @return void
  198. * @throws HttpResponseException
  199. */
  200. protected function result($msg, $data = null, $code = 0, $type = null, array $header = [])
  201. {
  202. $result = [
  203. 'code' => $code,
  204. 'msg' => $msg,
  205. 'time' => Request::instance()->server('REQUEST_TIME'),
  206. 'data' => $data,
  207. ];
  208. //日志
  209. $this->request_log_update($result);
  210. // 如果未设置类型则自动判断
  211. $type = $type ? $type : ($this->request->param(config('var_jsonp_handler')) ? 'jsonp' : $this->responseType);
  212. if (isset($header['statuscode'])) {
  213. $code = $header['statuscode'];
  214. unset($header['statuscode']);
  215. } else {
  216. //未设置状态码,根据code值判断
  217. $code = $code >= 1000 || $code < 200 ? 200 : $code;
  218. }
  219. $response = Response::create($result, $type, $code)->header($header);
  220. throw new HttpResponseException($response);
  221. }
  222. /**
  223. * 前置操作
  224. * @access protected
  225. * @param string $method 前置操作方法名
  226. * @param array $options 调用参数 ['only'=>[...]] 或者 ['except'=>[...]]
  227. * @return void
  228. */
  229. protected function beforeAction($method, $options = [])
  230. {
  231. if (isset($options['only'])) {
  232. if (is_string($options['only'])) {
  233. $options['only'] = explode(',', $options['only']);
  234. }
  235. if (!in_array($this->request->action(), $options['only'])) {
  236. return;
  237. }
  238. } elseif (isset($options['except'])) {
  239. if (is_string($options['except'])) {
  240. $options['except'] = explode(',', $options['except']);
  241. }
  242. if (in_array($this->request->action(), $options['except'])) {
  243. return;
  244. }
  245. }
  246. call_user_func([$this, $method]);
  247. }
  248. /**
  249. * 设置验证失败后是否抛出异常
  250. * @access protected
  251. * @param bool $fail 是否抛出异常
  252. * @return $this
  253. */
  254. protected function validateFailException($fail = true)
  255. {
  256. $this->failException = $fail;
  257. return $this;
  258. }
  259. /**
  260. * 验证数据
  261. * @access protected
  262. * @param array $data 数据
  263. * @param string|array $validate 验证器名或者验证规则数组
  264. * @param array $message 提示信息
  265. * @param bool $batch 是否批量验证
  266. * @param mixed $callback 回调方法(闭包)
  267. * @return array|string|true
  268. * @throws ValidateException
  269. */
  270. protected function validate($data, $validate, $message = [], $batch = false, $callback = null)
  271. {
  272. if (is_array($validate)) {
  273. $v = Loader::validate();
  274. $v->rule($validate);
  275. } else {
  276. // 支持场景
  277. if (strpos($validate, '.')) {
  278. list($validate, $scene) = explode('.', $validate);
  279. }
  280. $v = Loader::validate($validate);
  281. !empty($scene) && $v->scene($scene);
  282. }
  283. // 批量验证
  284. if ($batch || $this->batchValidate) {
  285. $v->batch(true);
  286. }
  287. // 设置错误信息
  288. if (is_array($message)) {
  289. $v->message($message);
  290. }
  291. // 使用回调验证
  292. if ($callback && is_callable($callback)) {
  293. call_user_func_array($callback, [$v, &$data]);
  294. }
  295. if (!$v->check($data)) {
  296. if ($this->failException) {
  297. throw new ValidateException($v->getError());
  298. }
  299. return $v->getError();
  300. }
  301. return true;
  302. }
  303. /**
  304. * 刷新Token
  305. */
  306. protected function token()
  307. {
  308. $token = $this->request->param('__token__');
  309. //验证Token
  310. if (!Validate::make()->check(['__token__' => $token], ['__token__' => 'require|token'])) {
  311. $this->error(__('Token verification error'), ['__token__' => $this->request->token()]);
  312. }
  313. //刷新Token
  314. $this->request->token();
  315. }
  316. /*
  317. * api 请求日志
  318. * */
  319. protected function request_log(){
  320. //api_request_log
  321. $modulename = $this->request->module();
  322. $controllername = $this->request->controller();
  323. $actionname = $this->request->action();
  324. $data = [
  325. 'uid' => $this->auth->id,
  326. 'api' => $modulename.'/'.$controllername.'/'.$actionname,
  327. 'params' => json_encode($this->request->param()),
  328. 'addtime' => time(),
  329. 'adddatetime' => date('Y-m-d H:i:s'),
  330. 'ip' => request()->ip(),
  331. ];
  332. $request_id = db('api_request_log')->insertGetId($data);
  333. defined('API_REQUEST_ID') or define('API_REQUEST_ID', $request_id);
  334. }
  335. //更新用户活跃
  336. protected function user_active(){
  337. if($this->auth->isLogin()){
  338. db('user_active')->where('user_id',$this->auth->id)->update(['requesttime'=>time()]);
  339. if($this->auth->is_active == 0){
  340. db('user')->where('id',$this->auth->id)->update(['is_active'=>1]);
  341. }
  342. }
  343. }
  344. protected function request_log_update($log_result){
  345. if(defined('API_REQUEST_ID')) { //记录app正常返回结果
  346. if(strlen(json_encode($log_result['data'])) > 10000) {
  347. $log_result['data'] = '数据太多,不记录';
  348. }
  349. db('api_request_log')->where('id',API_REQUEST_ID)->update(['result'=>json_encode($log_result)]);
  350. }
  351. }
  352. /**
  353. * 接口请求限制
  354. * @param int $apiLimit
  355. * @param int $apiLimitTime
  356. * @param string $key
  357. * @return bool | true:通过 false:拒绝
  358. */
  359. public function apiLimit($apiLimit = 1, $apiLimitTime = 1000, $key = '')
  360. {
  361. $userId = $this->auth->id;
  362. $controller = request()->controller();
  363. $action = request()->action();
  364. if (!$key) {
  365. $key = strtolower($controller) . '_' . strtolower($action) . '_' . $userId;
  366. }
  367. $redis = new Redis();
  368. $redisconfig = config("redis");
  369. $redis->connect($redisconfig["host"], $redisconfig["port"]);
  370. if ($redisconfig['redis_pwd']) {
  371. $redis->auth($redisconfig['redis_pwd']);
  372. }
  373. if($redisconfig['redis_selectdb'] > 0){
  374. $redis->select($redisconfig['redis_selectdb']);
  375. }
  376. //
  377. //指定键值新增+1 并获取
  378. $count = $redis->incr($key);
  379. if ($count > $apiLimit) {
  380. return false;
  381. }
  382. //设置过期时间
  383. if ($count == 1) {
  384. $redis->pExpire($key, $apiLimitTime);
  385. }
  386. return true;
  387. }
  388. //获取用户是否活跃,172800秒,48小时
  389. //1活跃,0不活跃
  390. protected function user_activeinfo($user_id,$requesttime = 0){
  391. if(empty($requesttime)){
  392. $requesttime = db('user_active')->where('user_id',$user_id)->value('requesttime');
  393. }
  394. $result = [
  395. 'is_active' => 1,
  396. 'active_text' => get_last_time($requesttime).'在线',
  397. ];
  398. if(time() - $requesttime > 172800){
  399. $result = [
  400. 'is_active' => 0,
  401. 'active_text' => '离线',
  402. ];
  403. }
  404. return $result;
  405. }
  406. //获取用户是否vip,1是,0否
  407. protected function is_vip($user_id){
  408. $result = 0;
  409. $vip_endtime = db('user_wallet')->where('user_id',$user_id)->value('vip_endtime');
  410. $result = $vip_endtime > time() ? 1 : 0;
  411. return $result;
  412. }
  413. //用户是否有某项权限
  414. //1有,0没有
  415. protected function user_power($user_id,$power = ''){
  416. /*$is_vip = $this->is_vip($user_id);
  417. if($is_vip != 1){
  418. return 0;
  419. }*/
  420. $power = db('user_power')->where('user_id',$user_id)->value($power);
  421. return $power;
  422. }
  423. //是否关注
  424. protected function is_follow($uid,$follow_uid){
  425. $where = [
  426. 'uid' => $uid,
  427. 'follow_uid' => $follow_uid,
  428. ];
  429. $check = db('user_follow')->where($where)->find();
  430. if($check){
  431. return 1;
  432. }else{
  433. return 0;
  434. }
  435. }
  436. //是否好友
  437. protected function is_friend($uid,$follow_uid){
  438. $is_follow = $this->is_follow($uid,$follow_uid);
  439. $be_follow = $this->is_follow($follow_uid,$uid);
  440. if($is_follow && $be_follow){
  441. return 1;
  442. }
  443. return 0;
  444. }
  445. //实名认证限制功能
  446. //true 不需要实名认证,不受限
  447. //false 需要实名认证,受限
  448. protected function user_auth_limit(){
  449. $user_auth_switch = config('site.user_auth_switch');
  450. if($user_auth_switch != 1){
  451. return true; //没开,不受限
  452. }else{
  453. if($this->auth->idcard_status == 1){
  454. return true; //已实名,不受限
  455. }else{
  456. return false;
  457. }
  458. }
  459. return false;
  460. }
  461. }