医生端基础，用户完全分离

application/api/controller/doctor/User.php

@@ -0,0 +1,179 @@
+<?php
+
+namespace app\api\controller\coach;
+
+use app\common\controller\Apic;
+use app\common\library\Sms;
+use think\Exception;
+use think\Validate;
+
+use think\Db;
+
+/**
+ * 会员接口
+ */
+class User extends Apic
+{
+    protected $noNeedLogin = ['login','resetpwd'];
+    protected $noNeedRight = '*';
+
+
+    //员工手机+密码登录
+    public function login()
+    {
+        $mobile = input('mobile');
+        $password = input('password');
+        if (!$mobile || !$password) {
+            $this->error(__('Invalid parameters'));
+        }
+        $ret = $this->auth->login($mobile, $password);
+        if ($ret) {
+            $data = $this->auth->getUserinfo();
+            $this->success(__('Logged in successful'), $data);
+        } else {
+            $this->error($this->auth->getError());
+        }
+    }
+
+    /**
+     * 修改密码
+     *
+     * @ApiMethod (POST)
+     * @param string $newpassword 新密码
+     * @param string $oldpassword 旧密码
+     */
+    public function changepwd(){
+        $newpassword = input('newpassword');
+        $oldpassword = input('oldpassword','');
+
+        if (!$newpassword) {
+            $this->error('请输入新密码');
+        }
+        if($this->auth->password && empty($oldpassword)){
+            $this->error('旧密码必填');
+        }
+
+        if(empty($this->auth->password)){
+            $ret = $this->auth->changepwd($newpassword, '', true);
+        }else{
+            $ret = $this->auth->changepwd($newpassword,$oldpassword,false);
+        }
+
+        if ($ret) {
+            $this->success(__('Reset password successful'));
+        } else {
+            $this->error($this->auth->getError());
+        }
+    }
+
+
+    /**
+     * 退出登录
+     * @ApiMethod (POST)
+     */
+    public function logout()
+    {
+        if (!$this->request->isPost()) {
+            $this->error(__('Invalid parameters'));
+        }
+        $this->auth->logout();
+        $this->success(__('Logout successful'));
+    }
+
+
+    //用户详细资料
+    public function getUserinfo($type = 1){
+        $info = $this->auth->getUserinfo();
+        if($type == 'return'){
+            return $info;
+        }
+        $this->success(__('success'),$info);
+    }
+
+    /**
+     * 重置密码
+     *
+     * @ApiMethod (POST)
+     * @param string $mobile      手机号
+     * @param string $captcha     验证码
+     * @param string $newpassword 新密码
+     */
+    /*public function resetpwd()
+    {
+        $mobile      = $this->request->post('mobile');
+        $captcha     = $this->request->post('captcha');
+        $newpassword = $this->request->post("newpassword");
+        if (!$mobile || !$captcha || !$newpassword) {
+            $this->error(__('Invalid parameters'));
+        }
+        //验证Token
+        if (!Validate::make()->check(['newpassword' => $newpassword], ['newpassword' => 'require|regex:\S{6,30}'])) {
+            $this->error(__('Password must be 6 to 30 characters'));
+        }
+        if (!Validate::regex($mobile, "^1\d{10}$")) {
+            $this->error(__('Mobile is incorrect'));
+        }
+        $user = \app\common\model\CompanyStaff::getByMobile($mobile);
+        if (!$user) {
+            $this->error(__('User not found'));
+        }
+        $ret = Sms::check($mobile, $captcha, 'resetpwd');
+        if (!$ret) {
+            $this->error(__('Captcha is incorrect'));
+        }
+        Sms::flush($mobile, 'resetpwd');
+
+        //模拟一次登录
+        $this->auth->direct($user->id);
+        $ret = $this->auth->resetpwd($newpassword, '', true);
+        if ($ret) {
+            $this->success(__('Reset password successful'));
+        } else {
+            $this->error($this->auth->getError());
+        }
+    }*/
+
+
+    /**
+     * 修改会员个人信息
+     *
+     * @ApiMethod (POST)
+     * @param string $avatar   头像地址
+     * @param string $username 用户名
+     * @param string $nickname 昵称
+     * @param string $bio      个人简介
+     */
+    public function profile()
+    {
+        $field = [
+            'mobile',
+            //'email',
+            'avatar',
+            'firstname',
+            'lastname',
+            'lang',
+        ];
+
+        $data = request_post_hub($field);
+
+        /*if(isset($data['email'])){
+            $check_email = Db::name('coach')->where('email',$data['email'])->where('id','neq',$this->auth->id)->find();
+            if($check_email){
+                $this->error('邮箱已被其他人使用');
+            }
+        }*/
+
+        if(isset($data['mobile'])){
+            $check_mobile = Db::name('coach')->where('mobile',$data['mobile'])->where('id','neq',$this->auth->id)->find();
+            if($check_mobile){
+                $this->error('手机号已被其他人使用');
+            }
+        }
+
+        $update_rs = Db::name('coach')->where('id',$this->auth->id)->update($data);
+
+        $this->success('资料更新完成');
+    }
+
+
+}

application/api/lang/zh-cn/doctor/common.php

@@ -0,0 +1,3 @@
+<?php
+
+return [];

application/api/lang/zh-cn/doctor/user.php

@@ -0,0 +1,39 @@
+<?php
+
+return [
+    'User center'                           => '会员中心',
+    'Register'                              => '注册',
+    'Login'                                 => '登录',
+    'Sign up successful'                    => '注册成功',
+    'Username can not be empty'             => '用户名不能为空',
+    'Username must be 3 to 30 characters'   => '用户名必须3-30个字符',
+    'Username must be 6 to 30 characters'   => '用户名必须6-30个字符',
+    'Password can not be empty'             => '密码不能为空',
+    'Password must be 6 to 30 characters'   => '密码必须6-30个字符',
+    'Mobile is incorrect'                   => '手机格式不正确',
+    'Username already exist'                => '用户名已经存在',
+    'Nickname already exist'                => '昵称已经存在',
+    'Email already exist'                   => '邮箱已经存在',
+    'Mobile already exist'                  => '手机号已经存在',
+    'Username is incorrect'                 => '用户名不正确',
+    'Email is incorrect'                    => '邮箱不正确',
+    'Account is locked'                     => '账户已经被锁定',
+    'Password is incorrect'                 => '密码不正确',
+    'Account is incorrect'                  => '账户不正确',
+    'Account not exist'                     => '账户不存在',
+    'Account can not be empty'              => '账户不能为空',
+    'Username or password is incorrect'     => '用户名或密码不正确',
+    'You are not logged in'                 => '你当前还未登录',
+    'You\'ve logged in, do not login again' => '你已经存在，请不要重复登录',
+    'Profile'                               => '个人资料',
+    'Verify email'                          => '邮箱验证',
+    'Change password'                       => '修改密码',
+    'Captcha is incorrect'                  => '验证码不正确',
+    'Logged in successful'                  => '登录成功',
+    'Logout successful'                     => '退出成功',
+    'Operation failed'                      => '操作失败',
+    'Invalid parameters'                    => '参数不正确',
+    'Change password failure'               => '修改密码失败',
+    'Change password successful'            => '修改密码成功',
+    'Reset password successful'             => '重置密码成功',
+];

application/common/controller/Apic.php

@@ -0,0 +1,460 @@
+<?php
+
+namespace app\common\controller;
+
+use app\common\library\Authcoach as Auth;
+use think\Config;
+use think\exception\HttpResponseException;
+use think\exception\ValidateException;
+use think\Hook;
+use think\Lang;
+use think\Loader;
+use think\Request;
+use think\Response;
+use think\Route;
+use think\Validate;
+use Redis;
+
+/**
+ * API控制器基类
+ */
+class Apic
+{
+
+    /**
+     * @var Request Request 实例
+     */
+    protected $request;
+
+    /**
+     * @var bool 验证失败是否抛出异常
+     */
+    protected $failException = false;
+
+    /**
+     * @var bool 是否批量验证
+     */
+    protected $batchValidate = false;
+
+    /**
+     * @var array 前置操作方法列表
+     */
+    protected $beforeActionList = [];
+
+    /**
+     * 无需登录的方法,同时也就不需要鉴权了
+     * @var array
+     */
+    protected $noNeedLogin = [];
+
+    /**
+     * 无需鉴权的方法,但需要登录
+     * @var array
+     */
+    protected $noNeedRight = [];
+
+    /**
+     * 权限Auth
+     * @var Auth
+     */
+    protected $auth = null;
+
+    /**
+     * 默认响应输出类型,支持json/xml
+     * @var string
+     */
+    protected $responseType = 'json';
+
+    /**
+     * 构造方法
+     * @access public
+     * @param Request $request Request 对象
+     */
+    public function __construct(Request $request = null)
+    {
+        $this->request = is_null($request) ? Request::instance() : $request;
+
+
+        // 控制器初始化
+        $this->_initialize();
+        //日志
+        $this->request_log();
+
+        // 前置操作方法
+        if ($this->beforeActionList) {
+            foreach ($this->beforeActionList as $method => $options) {
+                is_numeric($method) ?
+                    $this->beforeAction($options) :
+                    $this->beforeAction($method, $options);
+            }
+        }
+    }
+
+    /**
+     * 初始化操作
+     * @access protected
+     */
+    protected function _initialize()
+    {
+        //跨域请求检测
+        check_cors_request();
+
+        // 检测IP是否允许
+        check_ip_allowed();
+
+        //移除HTML标签
+        $this->request->filter('trim,strip_tags,htmlspecialchars');
+
+        $this->auth = Auth::instance();
+
+        $modulename = $this->request->module();
+        $controllername = Loader::parseName($this->request->controller());
+        $actionname = strtolower($this->request->action());
+
+        // token
+        $token = $this->request->server('HTTP_TOKEN', $this->request->request('token', \think\Cookie::get('token')));
+
+        $path = str_replace('.', '/', $controllername) . '/' . $actionname;
+        // 设置当前请求的URI
+        $this->auth->setRequestUri($path);
+        // 检测是否需要验证登录
+        if (!$this->auth->match($this->noNeedLogin)) {
+            //初始化
+            $this->auth->init($token);
+            //检测是否登录
+            if (!$this->auth->isLogin()) {
+                $this->error(__('Please login first'), null, 401);
+            }
+            // 判断是否需要验证权限
+            /*if (!$this->auth->match($this->noNeedRight)) {
+                // 判断控制器和方法判断是否有对应权限
+                if (!$this->auth->check($path)) {
+                    $this->error(__('You have no permission'), null, 403);
+                }
+            }*/
+        } else {
+            // 如果有传递token才验证是否登录状态
+            if ($token) {
+                $this->auth->init($token);
+            }
+        }
+
+        $upload = \app\common\model\Config::upload();
+
+        // 上传信息配置后
+        Hook::listen("upload_config_init", $upload);
+
+        Config::set('upload', array_merge(Config::get('upload'), $upload));
+
+        // 加载当前控制器语言包
+        $this->loadlang($controllername);
+    }
+
+    /**
+     * 加载语言文件
+     * @param string $name
+     */
+    protected function loadlang($name)
+    {
+        $name = Loader::parseName($name);
+        $name = preg_match("/^([a-zA-Z0-9_\.\/]+)\$/i", $name) ? $name : 'index';
+        $lang = $this->request->langset();
+        $lang = preg_match("/^([a-zA-Z\-_]{2,10})\$/i", $lang) ? $lang : 'zh-cn';
+        Lang::load(APP_PATH . $this->request->module() . '/lang/' . $lang . '/' . str_replace('.', '/', $name) . '.php');
+    }
+
+    //结果集信息里，多个字段需要翻译
+    protected function list_lang($list,$field){
+        if(!$list || empty($list)){
+            return $list;
+        }
+        foreach($list as $vo => $info){
+            $list[$vo] = $this->info_lang($info,$field);
+        }
+        return $list;
+    }
+    //单条信息里,多个字段需要翻译
+    protected function info_lang($data,$field){
+        if(!$data || empty($data)){
+            return $data;
+        }
+        foreach($data as $key => $val){
+            if(in_array($key,$field)){
+                if($this->lang == 'en'){
+                    $data[$key] = $data[$key.'_en'];
+                    unset($data[$key.'_en']);
+                }else{
+                    unset($data[$key.'_en']);
+                }
+            }
+        }
+        return $data;
+    }
+
+    /**
+     * 操作成功返回的数据
+     * @param string $msg    提示信息
+     * @param mixed  $data   要返回的数据
+     * @param int    $code   错误码，默认为1
+     * @param string $type   输出类型
+     * @param array  $header 发送的 Header 信息
+     */
+    protected function success($msg = '', $data = null, $code = 1, $type = null, array $header = [])
+    {
+        if($msg == 1){
+            $msg = 'success';
+        }
+        if(empty($msg)){
+            $msg = '操作成功';
+        }
+        $this->result($msg, $data, $code, $type, $header);
+    }
+    //find查询出来的结果如果为空数组，强制转换object
+    protected function success_find($msg = '', $data = null, $code = 1, $type = null, array $header = [])
+    {
+        if(empty($msg)){
+            $msg = '操作成功';
+        }
+        if(is_null($data) || $data === []){
+            $data = (object)[];
+        }
+        $this->result($msg, $data, $code, $type, $header);
+    }
+
+    /**
+     * 操作失败返回的数据
+     * @param string $msg    提示信息
+     * @param mixed  $data   要返回的数据
+     * @param int    $code   错误码，默认为0
+     * @param string $type   输出类型
+     * @param array  $header 发送的 Header 信息
+     */
+    protected function error($msg = '', $data = null, $code = 0, $type = null, array $header = [])
+    {
+        if(empty($msg)){
+            $msg = __('Invalid parameters');
+        }
+        $this->result($msg, $data, $code, $type, $header);
+    }
+
+    /**
+     * 返回封装后的 API 数据到客户端
+     * @access protected
+     * @param mixed  $msg    提示信息
+     * @param mixed  $data   要返回的数据
+     * @param int    $code   错误码，默认为0
+     * @param string $type   输出类型，支持json/xml/jsonp
+     * @param array  $header 发送的 Header 信息
+     * @return void
+     * @throws HttpResponseException
+     */
+    protected function result($msg, $data = null, $code = 0, $type = null, array $header = [])
+    {
+        $result = [
+            'code' => $code,
+            'msg'  => __($msg),
+            'time' => Request::instance()->server('REQUEST_TIME'),
+            'data' => $data,
+        ];
+
+        //日志
+        $this->request_log_update($result);
+
+        // 如果未设置类型则自动判断
+        $type = $type ? $type : ($this->request->param(config('var_jsonp_handler')) ? 'jsonp' : $this->responseType);
+
+        if (isset($header['statuscode'])) {
+            $code = $header['statuscode'];
+            unset($header['statuscode']);
+        } else {
+            //未设置状态码,根据code值判断
+            $code = $code >= 1000 || $code < 200 ? 200 : $code;
+        }
+        $response = Response::create($result, $type, $code)->header($header);
+        throw new HttpResponseException($response);
+    }
+
+    /**
+     * 前置操作
+     * @access protected
+     * @param string $method  前置操作方法名
+     * @param array  $options 调用参数 ['only'=>[...]] 或者 ['except'=>[...]]
+     * @return void
+     */
+    protected function beforeAction($method, $options = [])
+    {
+        if (isset($options['only'])) {
+            if (is_string($options['only'])) {
+                $options['only'] = explode(',', $options['only']);
+            }
+
+            if (!in_array($this->request->action(), $options['only'])) {
+                return;
+            }
+        } elseif (isset($options['except'])) {
+            if (is_string($options['except'])) {
+                $options['except'] = explode(',', $options['except']);
+            }
+
+            if (in_array($this->request->action(), $options['except'])) {
+                return;
+            }
+        }
+
+        call_user_func([$this, $method]);
+    }
+
+    /**
+     * 设置验证失败后是否抛出异常
+     * @access protected
+     * @param bool $fail 是否抛出异常
+     * @return $this
+     */
+    protected function validateFailException($fail = true)
+    {
+        $this->failException = $fail;
+
+        return $this;
+    }
+
+    /**
+     * 验证数据
+     * @access protected
+     * @param array        $data     数据
+     * @param string|array $validate 验证器名或者验证规则数组
+     * @param array        $message  提示信息
+     * @param bool         $batch    是否批量验证
+     * @param mixed        $callback 回调方法（闭包）
+     * @return array|string|true
+     * @throws ValidateException
+     */
+    protected function validate($data, $validate, $message = [], $batch = false, $callback = null)
+    {
+        if (is_array($validate)) {
+            $v = Loader::validate();
+            $v->rule($validate);
+        } else {
+            // 支持场景
+            if (strpos($validate, '.')) {
+                list($validate, $scene) = explode('.', $validate);
+            }
+
+            $v = Loader::validate($validate);
+
+            !empty($scene) && $v->scene($scene);
+        }
+
+        // 批量验证
+        if ($batch || $this->batchValidate) {
+            $v->batch(true);
+        }
+        // 设置错误信息
+        if (is_array($message)) {
+            $v->message($message);
+        }
+        // 使用回调验证
+        if ($callback && is_callable($callback)) {
+            call_user_func_array($callback, [$v, &$data]);
+        }
+
+        if (!$v->check($data)) {
+            if ($this->failException) {
+                throw new ValidateException($v->getError());
+            }
+
+            return $v->getError();
+        }
+
+        return true;
+    }
+
+    /**
+     * 刷新Token
+     */
+    protected function token()
+    {
+        $token = $this->request->param('__token__');
+
+        //验证Token
+        if (!Validate::make()->check(['__token__' => $token], ['__token__' => 'require|token'])) {
+            $this->error(__('Token verification error'), ['__token__' => $this->request->token()]);
+        }
+
+        //刷新Token
+        $this->request->token();
+    }
+
+    /*
+     * api 请求日志
+     * */
+    protected function request_log(){
+        //api_request_log
+        $modulename     = $this->request->module();
+        $controllername = $this->request->controller();
+        $actionname     = $this->request->action();
+
+        $data = [
+            'uid'   => $this->auth->id,
+            'api'   => $modulename.'/'.$controllername.'/'.$actionname,
+            'params' => json_encode($this->request->request()),
+            'addtime'  => time(),
+            'adddatetime'  => date('Y-m-d H:i:s'),
+            'ip'   => request()->ip(),
+        ];
+        $request_id = db('api_request_log')->insertGetId($data);
+        defined('API_REQUEST_ID') or define('API_REQUEST_ID', $request_id);
+
+    }
+
+    protected function request_log_update($log_result){
+        if(defined('API_REQUEST_ID')) { //记录app正常返回结果
+            if(strlen(json_encode($log_result['data'])) > 10000) {
+                $log_result['data'] = '数据太多，不记录';
+            }
+            db('api_request_log')->where('id',API_REQUEST_ID)->update(['result'=>json_encode($log_result)]);
+        }
+    }
+
+    /**
+     * 接口请求限制
+     * @param int $apiLimit
+     * @param int $apiLimitTime
+     * @param string $key
+     * @return bool | true:通过 false:拒绝
+     */
+    public function apiLimit($apiLimit = 1, $apiLimitTime = 1000, $key = '')
+    {
+        $userId = $this->auth->id;
+        $controller = request()->controller();
+        $action = request()->action();
+
+        if (!$key) {
+            $key = strtolower($controller) . '_' . strtolower($action) . '_' . $userId;
+        }
+
+        $redis = new Redis();
+        $redisconfig = config("redis");
+        $redis->connect($redisconfig["host"], $redisconfig["port"]);
+        if ($redisconfig['redis_pwd']) {
+            $redis->auth($redisconfig['redis_pwd']);
+        }
+        if($redisconfig['redis_selectdb'] > 0){
+            $redis->select($redisconfig['redis_selectdb']);
+        }
+        //
+        //指定键值新增+1 并获取
+        $count = $redis->incr($key);
+        if ($count > $apiLimit) {
+            return false;
+        }
+
+        //设置过期时间
+        if ($count == 1) {
+            $redis->pExpire($key, $apiLimitTime);
+        }
+
+        return true;
+    }
+
+
+}

application/common/library/Authdoctor.php

@@ -0,0 +1,457 @@
+<?php
+
+namespace app\common\library;
+
+use app\common\model\Coach;
+use fast\Random;
+use think\Config;
+use think\Db;
+use think\Exception;
+use think\Hook;
+use think\Request;
+use think\Validate;
+
+class Authcoach
+{
+    protected static $instance = null;
+    protected $_error = '';
+    protected $_logined = false;
+    protected $_user = null;
+    protected $_token = '';
+    //Token默认有效时长
+    protected $keeptime = 2592000;
+    protected $requestUri = '';
+    protected $rules = [];
+    //默认配置
+    protected $config = [];
+    protected $options = [];
+    protected $allowFields = ['id', 'username','nickname', 'mobile', 'avatar'];
+
+
+    public function __construct($options = [])
+    {
+        if ($config = Config::get('coach')) {
+            $this->config = array_merge($this->config, $config);
+        }
+        $this->options = array_merge($this->config, $options);
+    }
+
+    /**
+     *
+     * @param array $options 参数
+     * @return Auth
+     */
+    public static function instance($options = [])
+    {
+        if (is_null(self::$instance)) {
+            self::$instance = new static($options);
+        }
+
+        return self::$instance;
+    }
+
+    /**
+     * 生成不重复的随机数字字母组合
+     */
+    function getUinqueNo($length = 8, $nos = [])
+    {
+        $newid = Random::build("alnum", $length);
+        if (in_array($newid, $nos)) {
+            $newid = $this->getUinqueNo($length, $nos);
+        }
+        return $newid;
+    }
+
+    /**
+     * 获取User模型
+     * @return User
+     */
+    public function getUser()
+    {
+        return $this->_user;
+    }
+
+    /**
+     * 兼容调用user模型的属性
+     *
+     * @param string $name
+     * @return mixed
+     */
+    public function __get($name)
+    {
+        return $this->_user ? $this->_user->$name : null;
+    }
+
+    /**
+     * 兼容调用user模型的属性
+     */
+    public function __isset($name)
+    {
+        return isset($this->_user) ? isset($this->_user->$name) : false;
+    }
+
+    /**
+     * 根据Token初始化
+     *
+     * @param string $token Token
+     * @return boolean
+     */
+    public function init($token)
+    {
+        if ($this->_logined) {
+            return true;
+        }
+        if ($this->_error) {
+            return false;
+        }
+        $data = Tokencoach::get($token);
+        if (!$data) {
+            return false;
+        }
+        $user_id = intval($data['user_id']);
+        if ($user_id > 0) {
+            $user = Coach::get($user_id);
+            if (!$user) {
+                $this->setError('Account not exist');
+                return false;
+            }
+            if ($user->status != 1) {
+                $this->setError('Account is locked');
+                return false;
+            }
+
+
+
+            $this->_user = $user;
+            $this->_logined = true;
+            $this->_token = $token;
+
+            //初始化成功的事件
+//            Hook::listen("company_init_successed", $this->_user);
+
+            return true;
+        } else {
+            $this->setError('You are not logged in');
+            return false;
+        }
+    }
+
+
+    /**
+     * 用户登录
+     *
+     * @param string $account  账号,用户名、邮箱、手机号
+     * @param string $password 密码
+     * @return boolean
+     */
+    public function login($account, $password)
+    {
+        $field = 'mobile';
+        $user = Coach::get([$field => $account]);
+        if (!$user) {
+            $this->setError('Account is incorrect');
+            return false;
+        }
+
+        if ($user->status != 1) {
+            $this->setError('Account is locked');
+            return false;
+        }
+        if ($user->password != $this->getEncryptPassword($password, $user->salt)) {
+            $this->setError('Password is incorrect');
+            return false;
+        }
+
+        //直接登录员工
+        return $this->direct($user->id);
+    }
+
+    /**
+     * 退出
+     *
+     * @return boolean
+     */
+    public function logout()
+    {
+        if (!$this->_logined) {
+            $this->setError('You are not logged in');
+            return false;
+        }
+        //设置登录标识
+        $this->_logined = false;
+        //删除Token
+        Tokencoach::delete($this->_token);
+        //退出成功的事件
+        Hook::listen("user_logout_successed", $this->_user);
+        return true;
+    }
+
+    /**
+     * 修改密码
+     * @param string $newpassword       新密码
+     * @param string $oldpassword       旧密码
+     * @param bool   $ignoreoldpassword 忽略旧密码
+     * @return boolean
+     */
+    public function changepwd($newpassword, $oldpassword = '', $ignoreoldpassword = false)
+    {
+        if (!$this->_logined) {
+            $this->setError('You are not logged in');
+            return false;
+        }
+        //判断旧密码是否正确
+        if ($this->_user->password == $this->getEncryptPassword($oldpassword, $this->_user->salt) || $ignoreoldpassword) {
+            Db::startTrans();
+            try {
+                $salt = Random::alnum();
+                $newpassword = $this->getEncryptPassword($newpassword, $salt);
+                $this->_user->save(['loginfailure' => 0, 'password' => $newpassword, 'salt' => $salt]);
+
+                Token::delete($this->_token);
+                //修改密码成功的事件
+                Hook::listen("user_changepwd_successed", $this->_user);
+                Db::commit();
+            } catch (Exception $e) {
+                Db::rollback();
+                $this->setError($e->getMessage());
+                return false;
+            }
+            return true;
+        } else {
+            $this->setError('Password is incorrect');
+            return false;
+        }
+    }
+
+
+    /**
+     * 直接登录账号
+     * @param int $user_id
+     * @return boolean
+     */
+    public function direct($user_id)
+    {
+        $user = Coach::get($user_id);
+        if ($user) {
+            Db::startTrans();
+            try {
+                $ip = request()->ip();
+                $time = time();
+
+                //判断连续登录和最大连续登录
+                if ($user->logintime < \fast\Date::unixtime('day')) {
+                    $user->successions = $user->logintime < \fast\Date::unixtime('day', -1) ? 1 : $user->successions + 1;
+                    $user->maxsuccessions = max($user->successions, $user->maxsuccessions);
+                }
+
+                $user->prevtime = $user->logintime;
+                //记录本次登录的IP和时间
+                $user->loginip = $ip;
+                $user->logintime = $time;
+                //重置登录失败次数
+                $user->loginfailure = 0;
+
+                $user->save();
+
+                $this->_user = $user;
+
+                $this->_token = Random::uuid();
+                Tokencoach::set($this->_token, $user->id, $this->keeptime);
+
+                $this->_logined = true;
+
+                //登录成功的事件
+                Hook::listen("user_login_successed", $this->_user);
+                Db::commit();
+            } catch (Exception $e) {
+                Db::rollback();
+                $this->setError($e->getMessage());
+                return false;
+            }
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+
+
+    /**
+     * 判断是否登录
+     * @return boolean
+     */
+    public function isLogin()
+    {
+        if ($this->_logined) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * 获取当前Token
+     * @return string
+     */
+    public function getToken()
+    {
+        return $this->_token;
+    }
+
+    /**
+     * 获取会员基本信息
+     */
+    public function getUserinfo()
+    {
+        $data = $this->_user->toArray();
+        $allowFields = $this->getAllowFields();
+        $userinfo = array_intersect_key($data, array_flip($allowFields));
+        $userinfo = array_merge($userinfo, Tokencoach::get($this->_token));
+
+        //追加
+        $userinfo['avatar'] = one_domain_image($userinfo['avatar']);
+
+        return $userinfo;
+    }
+
+
+
+    /**
+     * 获取当前请求的URI
+     * @return string
+     */
+    public function getRequestUri()
+    {
+        return $this->requestUri;
+    }
+
+    /**
+     * 设置当前请求的URI
+     * @param string $uri
+     */
+    public function setRequestUri($uri)
+    {
+        $this->requestUri = $uri;
+    }
+
+    /**
+     * 获取允许输出的字段
+     * @return array
+     */
+    public function getAllowFields()
+    {
+        return $this->allowFields;
+    }
+
+    /**
+     * 设置允许输出的字段
+     * @param array $fields
+     */
+    public function setAllowFields($fields)
+    {
+        $this->allowFields = $fields;
+    }
+
+
+
+    /**
+     * 获取密码加密后的字符串
+     * @param string $password 密码
+     * @param string $salt     密码盐
+     * @return string
+     */
+    public function getEncryptPassword($password, $salt = '')
+    {
+        return md5(md5($password) . $salt);
+    }
+
+    /**
+     * 检测当前控制器和方法是否匹配传递的数组
+     *
+     * @param array $arr 需要验证权限的数组
+     * @return boolean
+     */
+    public function match($arr = [])
+    {
+        $request = Request::instance();
+        $arr = is_array($arr) ? $arr : explode(',', $arr);
+        if (!$arr) {
+            return false;
+        }
+        $arr = array_map('strtolower', $arr);
+        // 是否存在
+        if (in_array(strtolower($request->action()), $arr) || in_array('*', $arr)) {
+            return true;
+        }
+
+        // 没找到匹配
+        return false;
+    }
+
+    /**
+     * 设置会话有效时间
+     * @param int $keeptime 默认为永久
+     */
+    public function keeptime($keeptime = 0)
+    {
+        $this->keeptime = $keeptime;
+    }
+
+    /**
+     * 渲染用户数据
+     * @param array  $datalist  二维数组
+     * @param mixed  $fields    加载的字段列表
+     * @param string $fieldkey  渲染的字段
+     * @param string $renderkey 结果字段
+     * @return array
+     */
+    /*public function render(&$datalist, $fields = [], $fieldkey = 'user_id', $renderkey = 'userinfo')
+    {
+        $fields = !$fields ? ['id', 'nickname', 'level', 'avatar'] : (is_array($fields) ? $fields : explode(',', $fields));
+        $ids = [];
+        foreach ($datalist as $k => $v) {
+            if (!isset($v[$fieldkey])) {
+                continue;
+            }
+            $ids[] = $v[$fieldkey];
+        }
+        $list = [];
+        if ($ids) {
+            if (!in_array('id', $fields)) {
+                $fields[] = 'id';
+            }
+            $ids = array_unique($ids);
+            $selectlist = User::where('id', 'in', $ids)->column($fields);
+            foreach ($selectlist as $k => $v) {
+                $list[$v['id']] = $v;
+            }
+        }
+        foreach ($datalist as $k => &$v) {
+            $v[$renderkey] = isset($list[$v[$fieldkey]]) ? $list[$v[$fieldkey]] : null;
+        }
+        unset($v);
+        return $datalist;
+    }*/
+
+    /**
+     * 设置错误信息
+     *
+     * @param string $error 错误信息
+     * @return Auth
+     */
+    public function setError($error)
+    {
+        $this->_error = $error;
+        return $this;
+    }
+
+    /**
+     * 获取错误信息
+     * @return string
+     */
+    public function getError()
+    {
+        return $this->_error ? __($this->_error) : '';
+    }
+
+  
+}

application/common/library/Tokendoctor.php

@@ -0,0 +1,161 @@
+<?php
+
+namespace app\common\library;
+
+use app\common\library\tokencoach\Driver;
+use think\App;
+use think\Config;
+use think\Log;
+
+/**
+ * Token操作类
+ */
+class Tokencoach
+{
+    /**
+     * @var array Token的实例
+     */
+    public static $instance = [];
+
+    /**
+     * @var object 操作句柄
+     */
+    public static $handler;
+
+    /**
+     * 连接Token驱动
+     * @access public
+     * @param array       $options 配置数组
+     * @param bool|string $name    Token连接标识 true 强制重新连接
+     * @return Driver
+     */
+    public static function connect(array $options = [], $name = false)
+    {
+        $type = !empty($options['type']) ? $options['type'] : 'File';
+
+        if (false === $name) {
+            $name = md5(serialize($options));
+        }
+
+        if (true === $name || !isset(self::$instance[$name])) {
+            $class = false === strpos($type, '\\') ?
+                '\\app\\common\\library\\tokencoach\\driver\\' . ucwords($type) :
+                $type;
+
+            // 记录初始化信息
+            App::$debug && Log::record('[ TOKEN ] INIT ' . $type, 'info');
+
+            if (true === $name) {
+                return new $class($options);
+            }
+
+            self::$instance[$name] = new $class($options);
+        }
+
+        return self::$instance[$name];
+    }
+
+    /**
+     * 自动初始化Token
+     * @access public
+     * @param array $options 配置数组
+     * @return Driver
+     */
+    public static function init(array $options = [])
+    {
+        if (is_null(self::$handler)) {
+            if (empty($options) && 'complex' == Config::get('token.type')) {
+                $default = Config::get('token.default');
+                // 获取默认Token配置，并连接
+                $options = Config::get('token.' . $default['type']) ?: $default;
+            } elseif (empty($options)) {
+                $options = Config::get('token');
+            }
+
+            self::$handler = self::connect($options);
+        }
+
+        return self::$handler;
+    }
+
+    /**
+     * 判断Token是否可用(check别名)
+     * @access public
+     * @param string $token   Token标识
+     * @param int    $user_id 会员ID
+     * @return bool
+     */
+    public static function has($token, $user_id)
+    {
+        return self::check($token, $user_id);
+    }
+
+    /**
+     * 判断Token是否可用
+     * @param string $token   Token标识
+     * @param int    $user_id 会员ID
+     * @return bool
+     */
+    public static function check($token, $user_id)
+    {
+        return self::init()->check($token, $user_id);
+    }
+
+    /**
+     * 读取Token
+     * @access public
+     * @param string $token   Token标识
+     * @param mixed  $default 默认值
+     * @return mixed
+     */
+    public static function get($token, $default = false)
+    {
+        return self::init()->get($token) ?: $default;
+    }
+
+    /**
+     * 写入Token
+     * @access public
+     * @param string   $token   Token标识
+     * @param mixed    $user_id 会员ID
+     * @param int|null $expire  有效时间 0为永久
+     * @return boolean
+     */
+    public static function set($token, $user_id, $expire = null)
+    {
+        return self::init()->set($token, $user_id, $expire);
+    }
+
+    /**
+     * 删除Token(delete别名)
+     * @access public
+     * @param string $token Token标识
+     * @return boolean
+     */
+    public static function rm($token)
+    {
+        return self::delete($token);
+    }
+
+    /**
+     * 删除Token
+     * @param string $token 标签名
+     * @return bool
+     */
+    public static function delete($token)
+    {
+        return self::init()->delete($token);
+    }
+
+    /**
+     * 清除Token
+     * @access public
+     * @param int user_id 会员ID
+     * @return boolean
+     */
+    public static function clear($user_id = null)
+    {
+        return self::init()->clear($user_id);
+    }
+
+}

application/common/library/tokendoctor/Driver.php

@@ -0,0 +1,91 @@
+<?php
+// +----------------------------------------------------------------------
+// | ThinkPHP [ WE CAN DO IT JUST THINK ]
+// +----------------------------------------------------------------------
+// | Copyright (c) 2006~2018 http://thinkphp.cn All rights reserved.
+// +----------------------------------------------------------------------
+// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
+// +----------------------------------------------------------------------
+// | Author: liu21st <liu21st@gmail.com>
+// +----------------------------------------------------------------------
+
+namespace app\common\library\tokencoach;
+
+/**
+ * Token基础类
+ */
+abstract class Driver
+{
+    protected $handler = null;
+    protected $options = [];
+
+    /**
+     * 存储Token
+     * @param   string $token   Token
+     * @param   int    $user_id 会员ID
+     * @param   int    $expire  过期时长,0表示无限,单位秒
+     * @return bool
+     */
+    abstract function set($token, $user_id, $expire = 0);
+
+    /**
+     * 获取Token内的信息
+     * @param   string $token
+     * @return  array
+     */
+    abstract function get($token);
+
+    /**
+     * 判断Token是否可用
+     * @param   string $token   Token
+     * @param   int    $user_id 会员ID
+     * @return  boolean
+     */
+    abstract function check($token, $user_id);
+
+    /**
+     * 删除Token
+     * @param   string $token
+     * @return  boolean
+     */
+    abstract function delete($token);
+
+    /**
+     * 删除指定用户的所有Token
+     * @param   int $user_id
+     * @return  boolean
+     */
+    abstract function clear($user_id);
+
+    /**
+     * 返回句柄对象，可执行其它高级方法
+     *
+     * @access public
+     * @return object
+     */
+    public function handler()
+    {
+        return $this->handler;
+    }
+
+    /**
+     * 获取加密后的Token
+     * @param string $token Token标识
+     * @return string
+     */
+    protected function getEncryptedToken($token)
+    {
+        $config = \think\Config::get('token');
+        return hash_hmac($config['hashalgo'], $token, $config['key']);
+    }
+
+    /**
+     * 获取过期剩余时长
+     * @param $expiretime
+     * @return float|int|mixed
+     */
+    protected function getExpiredIn($expiretime)
+    {
+        return $expiretime ? max(0, $expiretime - time()) : 365 * 86400;
+    }
+}

application/common/library/tokendoctor/driver/Mysql.php

@@ -0,0 +1,126 @@
+<?php
+
+namespace app\common\library\tokencoach\driver;
+
+use app\common\library\tokencoach\Driver;
+
+/**
+ * Token操作类
+ */
+class Mysql extends Driver
+{
+
+    /**
+     * 默认配置
+     * @var array
+     */
+    protected $options = [
+        'table'      => 'coach_token',
+        'expire'     => 2592000,
+        'connection' => [],
+    ];
+
+
+    /**
+     * 构造函数
+     * @param array $options 参数
+     * @access public
+     */
+    public function __construct($options = [])
+    {
+        if (!empty($options)) {
+            $this->options = array_merge($this->options, $options);
+        }
+        if ($this->options['connection']) {
+            $this->handler = \think\Db::connect($this->options['connection'])->name($this->options['table']);
+        } else {
+            $this->handler = \think\Db::name($this->options['table']);
+        }
+        $time = time();
+        $tokentime = cache('tokentime');
+        if (!$tokentime || $tokentime < $time - 86400) {
+            cache('tokentime', $time);
+            $this->handler->where('expiretime', '<', $time)->where('expiretime', '>', 0)->delete();
+        }
+    }
+
+    /**
+     * 存储Token
+     * @param string $token   Token
+     * @param int    $user_id 会员ID
+     * @param int    $expire  过期时长,0表示无限,单位秒
+     * @return bool
+     */
+    public function set($token, $user_id, $expire = null)
+    {
+        $expiretime = !is_null($expire) && $expire !== 0 ? time() + $expire : 0;
+        $token = $this->getEncryptedToken($token);
+        $this->handler->insert(['token' => $token, 'user_id' => $user_id, 'createtime' => time(), 'expiretime' => $expiretime]);
+        return true;
+    }
+
+    /**
+     * 获取Token内的信息
+     * @param string $token
+     * @return  array
+     */
+    public function get($token)
+    {
+        //方便测试
+        if(strpos($token,'testuid_') !== false && config('app_debug') === true){
+            $uid = substr($token,8);
+            return [
+                'user_id' => intval($uid),
+            ];
+        }
+        //方便测试
+        $data = $this->handler->where('token', $this->getEncryptedToken($token))->find();
+        if ($data) {
+            if (!$data['expiretime'] || $data['expiretime'] > time()) {
+                //返回未加密的token给客户端使用
+                $data['token'] = $token;
+                //返回剩余有效时间
+                $data['expires_in'] = $this->getExpiredIn($data['expiretime']);
+                return $data;
+            } else {
+                self::delete($token);
+            }
+        }
+        return [];
+    }
+
+    /**
+     * 判断Token是否可用
+     * @param string $token   Token
+     * @param int    $user_id 会员ID
+     * @return  boolean
+     */
+    public function check($token, $user_id)
+    {
+        $data = $this->get($token);
+        return $data && $data['user_id'] == $user_id ? true : false;
+    }
+
+    /**
+     * 删除Token
+     * @param string $token
+     * @return  boolean
+     */
+    public function delete($token)
+    {
+        $this->handler->where('token', $this->getEncryptedToken($token))->delete();
+        return true;
+    }
+
+    /**
+     * 删除指定用户的所有Token
+     * @param int $user_id
+     * @return  boolean
+     */
+    public function clear($user_id)
+    {
+        $this->handler->where('user_id', $user_id)->delete();
+        return true;
+    }
+
+}

application/common/model/Doctor.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace app\common\model;
+
+use think\Db;
+use think\Model;
+
+/**
+ * 会员模型
+ */
+class Coach extends Model
+{
+
+    // 表名
+    protected $name = 'coach';
+    // 开启自动写入时间戳字段
+    protected $autoWriteTimestamp = 'int';
+    // 定义时间戳字段名
+    protected $createTime = 'createtime';
+    protected $updateTime = 'updatetime';
+    // 追加属性
+    protected $append = [];
+
+
+}