<?php
namespace app\common\controller;
use app\common\library\Auth;
use think\Config;
use think\exception\HttpResponseException;
use think\exception\ValidateException;
use think\Hook;
use think\Lang;
use think\Loader;
use think\Request;
use think\Response;
use think\Route;
use think\Validate;
use Redis;
use app\utils\LogUtil;
/**
* API控制器基类
*/
class Api
{
/**
* @var Request Request 实例
*/
protected $request;
/**
* @var bool 验证失败是否抛出异常
*/
protected $failException = false;
/**
* @var bool 是否批量验证
*/
protected $batchValidate = false;
/**
* @var array 前置操作方法列表
*/
protected $beforeActionList = [];
/**
* 无需登录的方法,同时也就不需要鉴权了
* @var array
*/
protected $noNeedLogin = [];
/**
* 无需鉴权的方法,但需要登录
* @var array
*/
protected $noNeedRight = [];
/**
* 权限Auth
* @var Auth
*/
protected $auth = null;
/**
* 默认响应输出类型,支持json/xml
* @var string
*/
protected $responseType = 'json';
/**
* @var int 日志类型 1 文件;2sql
*/
public $logType = 2;
/**
* 构造方法
* @access public
* @param Request $request Request 对象
*/
public function __construct(Request $request = null)
{
$this->request = is_null($request) ? Request::instance() : $request;
if(config('site.apisite_switch') == 0){
$controllername = $this->request->controller();
$controllername = strtolower($controllername);
if(!in_array($controllername,['notify','easemob','payios'])){
$notice = config('site.apisite_notice') ?: '全站维护中';
$this->error($notice);
}
}
// 控制器初始化
$this->_initialize();
//日志
$this->request_log();
//用户活跃
$this->user_active();
// 前置操作方法
if ($this->beforeActionList) {
foreach ($this->beforeActionList as $method => $options) {
is_numeric($method) ?
$this->beforeAction($options) :
$this->beforeAction($method, $options);
}
}
}
/**
* 初始化操作
* @access protected
*/
protected function _initialize()
{
//跨域请求检测
check_cors_request();
// 检测IP是否允许
check_ip_allowed();
//移除HTML标签
$this->request->filter('trim,strip_tags,htmlspecialchars');
$this->auth = Auth::instance();
$modulename = $this->request->module();
$controllername = Loader::parseName($this->request->controller());
$actionname = strtolower($this->request->action());
// token
$token = $this->request->server('HTTP_TOKEN', $this->request->request('token', \think\Cookie::get('token')));
$path = str_replace('.', '/', $controllername) . '/' . $actionname;
// 设置当前请求的URI
$this->auth->setRequestUri($path);
// 检测是否需要验证登录
if (!$this->auth->match($this->noNeedLogin)) {
//初始化
$this->auth->init($token);
//检测是否登录
if (!$this->auth->isLogin()) {
$this->error(__('Please login first'), null, 401);
}
// 判断是否需要验证权限
/*if (!$this->auth->match($this->noNeedRight)) {
// 判断控制器和方法判断是否有对应权限
if (!$this->auth->check($path)) {
$this->error(__('You have no permission'), null, 403);
}
}*/
} else {
// 如果有传递token才验证是否登录状态
if ($token) {
$this->auth->init($token);
//传就必须传对
if (!$this->auth->isLogin()) {
$this->error(__('Please login first'), null, 401);
}
}
}
$upload = \app\common\model\Config::upload();
// 上传信息配置后
Hook::listen("upload_config_init", $upload);
Config::set('upload', array_merge(Config::get('upload'), $upload));
// 加载当前控制器语言包
$this->loadlang($controllername);
}
/**
* 加载语言文件
* @param string $name
*/
protected function loadlang($name)
{
$name = Loader::parseName($name);
$name = preg_match("/^([a-zA-Z0-9_\.\/]+)\$/i", $name) ? $name : 'index';
$lang = $this->request->langset();
$lang = preg_match("/^([a-zA-Z\-_]{2,10})\$/i", $lang) ? $lang : 'zh-cn';
Lang::load(APP_PATH . $this->request->module() . '/lang/' . $lang . '/' . str_replace('.', '/', $name) . '.php');
}
/**
* 操作成功返回的数据
* @param string $msg 提示信息
* @param mixed $data 要返回的数据
* @param int $code 错误码,默认为1
* @param string $type 输出类型
* @param array $header 发送的 Header 信息
*/
protected function success($msg = '', $data = null, $code = 1, $type = null, array $header = [])
{
if($msg == 1){
$msg = 'success';
}
if(empty($msg)){
$msg = '操作成功';
}
$this->result($msg, $data, $code, $type, $header);
}
/**
* 操作失败返回的数据
* @param string $msg 提示信息
* @param mixed $data 要返回的数据
* @param int $code 错误码,默认为0
* @param string $type 输出类型
* @param array $header 发送的 Header 信息
*/
protected function error($msg = '', $data = null, $code = 0, $type = null, array $header = [])
{
if(empty($msg)){
$msg = __('Invalid parameters');
}
$this->result($msg, $data, $code, $type, $header);
}
/**
* 返回封装后的 API 数据到客户端
* @access protected
* @param mixed $msg 提示信息
* @param mixed $data 要返回的数据
* @param int $code 错误码,默认为0
* @param string $type 输出类型,支持json/xml/jsonp
* @param array $header 发送的 Header 信息
* @return void
* @throws HttpResponseException
*/
protected function result($msg, $data = null, $code = 0, $type = null, array $header = [])
{
$result = [
'code' => $code,
'msg' => $msg,
'time' => Request::instance()->server('REQUEST_TIME'),
'data' => $data,
];
//日志
$this->request_log_update($result);
// 如果未设置类型则使用默认类型判断
$type = $type ? : $this->responseType;
if (isset($header['statuscode'])) {
$code = $header['statuscode'];
unset($header['statuscode']);
} else {
//未设置状态码,根据code值判断
$code = $code >= 1000 || $code < 200 ? 200 : $code;
}
$response = Response::create($result, $type, $code)->header($header);
throw new HttpResponseException($response);
}
/**
* 前置操作
* @access protected
* @param string $method 前置操作方法名
* @param array $options 调用参数 ['only'=>[...]] 或者 ['except'=>[...]]
* @return void
*/
protected function beforeAction($method, $options = [])
{
if (isset($options['only'])) {
if (is_string($options['only'])) {
$options['only'] = explode(',', $options['only']);
}
if (!in_array($this->request->action(), $options['only'])) {
return;
}
} elseif (isset($options['except'])) {
if (is_string($options['except'])) {
$options['except'] = explode(',', $options['except']);
}
if (in_array($this->request->action(), $options['except'])) {
return;
}
}
call_user_func([$this, $method]);
}
/**
* 设置验证失败后是否抛出异常
* @access protected
* @param bool $fail 是否抛出异常
* @return $this
*/
protected function validateFailException($fail = true)
{
$this->failException = $fail;
return $this;
}
/**
* 验证数据
* @access protected
* @param array $data 数据
* @param string|array $validate 验证器名或者验证规则数组
* @param array $message 提示信息
* @param bool $batch 是否批量验证
* @param mixed $callback 回调方法(闭包)
* @return array|string|true
* @throws ValidateException
*/
protected function validate($data, $validate, $message = [], $batch = false, $callback = null)
{
if (is_array($validate)) {
$v = Loader::validate();
$v->rule($validate);
} else {
// 支持场景
if (strpos($validate, '.')) {
list($validate, $scene) = explode('.', $validate);
}
$v = Loader::validate($validate);
!empty($scene) && $v->scene($scene);
}
// 批量验证
if ($batch || $this->batchValidate) {
$v->batch(true);
}
// 设置错误信息
if (is_array($message)) {
$v->message($message);
}
// 使用回调验证
if ($callback && is_callable($callback)) {
call_user_func_array($callback, [$v, &$data]);
}
if (!$v->check($data)) {
if ($this->failException) {
throw new ValidateException($v->getError());
}
return $v->getError();
}
return true;
}
/**
* 刷新Token
*/
protected function token()
{
$token = $this->request->param('__token__');
//验证Token
if (!Validate::make()->check(['__token__' => $token], ['__token__' => 'require|token'])) {
$this->error(__('Token verification error'), ['__token__' => $this->request->token()]);
}
//刷新Token
$this->request->token();
}
/**
* 接口请求限制
* @param int $apiLimit
* @param int $apiLimitTime
* @param string $key
* @return bool | true:通过 false:拒绝
*/
public function apiLimit($apiLimit = 1, $apiLimitTime = 1000, $key = '')
{
$userId = $this->auth->id;
$controller = request()->controller();
$action = request()->action();
if (!$key) {
$key = strtolower($controller) . '_' . strtolower($action) . '_' . $userId;
}
$redis = new Redis();
$redisconfig = config("redis");
$redis->connect($redisconfig["host"], $redisconfig["port"]);
if ($redisconfig['redis_pwd']) {
$redis->auth($redisconfig['redis_pwd']);
}
if($redisconfig['redis_selectdb'] > 0){
$redis->select($redisconfig['redis_selectdb']);
}
//
//指定键值新增+1 并获取
$count = $redis->incr($key);
if ($count > $apiLimit) {
return false;
}
//设置过期时间
if ($count == 1) {
$redis->pExpire($key, $apiLimitTime);
}
return true;
}
/*
* api 请求日志
* */
protected function request_log(){
//api_request_log
$modulename = $this->request->module();
$controllername = $this->request->controller();
$actionname = $this->request->action();
if(strtolower($actionname) == 'callback'){
return true;
}
defined('API_REQUEST_LOG_TYPE') or define('API_REQUEST_LOG_TYPE', $this->logType);
$params = $this->request->request();
if ($this->logType === 1){
//日志统一写入
register_shutdown_function([new LogUtil, 'close']);
LogUtil::getInstance('Api/'); //设置日志存入通道
LogUtil::info('uid', 'Api-Middleware-Log', 'request_log', $this->auth->id);
LogUtil::info('url', 'Api-Middleware-Log', 'request_log', $modulename . '/' . $controllername . '/' . $actionname);
LogUtil::info('params', 'Api-Middleware-Log', 'request_log', $params);
LogUtil::info('ip', 'Api-Middleware-Log', 'request_log', request()->ip());
}else{
$data = [
'uid' => $this->auth->id,
'api' => $modulename.'/'.$controllername.'/'.$actionname,
'params' => json_encode($params),
'addtime' => time(),
'adddatetime' => date('Y-m-d H:i:s'),
'ip' => request()->ip(),
];
$request_id = db('api_request_log')->insertGetId($data);
defined('API_REQUEST_ID') or define('API_REQUEST_ID', $request_id);
}
}
protected function request_log_update($log_result){
if ($this->logType === 1){
if (strlen(json_encode($log_result['data'])) > 1000) {
$log_result['data'] = '数据太多,不记录';
}
LogUtil::info('result', 'Api-Middleware-Log', 'request_log', $log_result);
}else{
if(defined('API_REQUEST_ID')) { //记录app正常返回结果
if(strlen(json_encode($log_result['data'])) > 1000) {
$log_result['data'] = '数据太多,不记录';
}
db('api_request_log')->where('id',API_REQUEST_ID)->update(['result'=>json_encode($log_result)]);
}
}
}
//更新用户活跃
protected function user_active(){
if($this->auth->isLogin()){
db('user_active')->where('user_id',$this->auth->id)->update(['requesttime'=>time()]);
}
}
//获取用户是否活跃,7200秒,2小时
//1活跃,0不活跃
protected function user_activeinfo($user_id,$requesttime = 0){
if(empty($requesttime)){
$requesttime = db('user_active')->where('user_id',$user_id)->value('requesttime');
}
$result = [
'is_active' => 1,
'active_text' => get_last_time($requesttime).'在线',
];
if(time() - $requesttime > 7200){
$result = [
'is_active' => 0,
'active_text' => '离线',
];
}
return $result;
}
//获取用户是否vip,1是,0否
protected function is_vip($user_id){
$result = 0;
$vip_endtime = db('user_wallet')->where('user_id',$user_id)->value('vip_endtime');
$result = $vip_endtime > time() ? 1 : 0;
return $result;
}
//用户是否有某项权限
//1有,0没有
protected function user_power($user_id,$power = ''){
$is_vip = $this->is_vip($user_id);
if($is_vip != 1){
return 0;
}
$power = db('user_power')->where('user_id',$user_id)->value($power);
return $power;
}
//是否关注
protected function is_follow($uid,$follow_uid){
$where = [
'uid' => $uid,
'follow_uid' => $follow_uid,
];
$check = db('user_follow')->where($where)->find();
if($check){
return 1;
}else{
return 0;
}
}
//是否拉黑
protected function is_black($uid,$black_user_id){
$where = [
'user_id' => $uid,
'black_user_id' => $black_user_id,
];
$check = db('user_blacklist')->where($where)->find();
if($check){
return 1;
}else{
return 0;
}
}
//是否好友
protected function is_friend($uid,$follow_uid){
$is_follow = $this->is_follow($uid,$follow_uid);
$be_follow = $this->is_follow($follow_uid,$uid);
if($is_follow && $be_follow){
return 1;
}
return 0;
}
}