123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583 |
- <?php
- namespace app\admin\library;
- use app\admin\model\Admin;
- use fast\Random;
- use fast\Tree;
- use think\Config;
- use think\Cookie;
- use think\Hook;
- use think\Request;
- use think\Session;
- class Auth extends \fast\Auth
- {
- protected $_error = '';
- protected $requestUri = '';
- protected $breadcrumb = [];
- protected $logined = false; //登录状态
- public function __construct()
- {
- parent::__construct();
- }
- public function __get($name)
- {
- return Session::get('admin.' . $name);
- }
- /**
- * 管理员登录
- *
- * @param string $username 用户名
- * @param string $password 密码
- * @param int $keeptime 有效时长
- * @return boolean
- */
- public function login($username, $password, $keeptime = 0)
- {
- $admin = Admin::get(['username' => $username]);
- if (!$admin) {
- $this->setError('Username is incorrect');
- return false;
- }
- if ($admin['status'] == 'hidden') {
- $this->setError('Admin is forbidden');
- return false;
- }
- if (Config::get('fastadmin.login_failure_retry') && $admin->loginfailure >= 10 && time() - $admin->updatetime < 86400) {
- $this->setError('Please try again after 1 day');
- return false;
- }
- if ($admin->password != $this->getEncryptPassword($password, $admin->salt)) {
- $admin->loginfailure++;
- $admin->save();
- $this->setError('Password is incorrect');
- return false;
- }
- $admin->loginfailure = 0;
- $admin->logintime = time();
- $admin->loginip = request()->ip();
- $admin->token = Random::uuid();
- $admin->save();
- Session::set("admin", $admin->toArray());
- Session::set("admin.safecode", $this->getEncryptSafecode($admin));
- $this->keeplogin($admin, $keeptime);
- return true;
- }
- /**
- * 退出登录
- */
- public function logout()
- {
- $admin = Admin::get(intval($this->id));
- if ($admin) {
- $admin->token = '';
- $admin->save();
- }
- $this->logined = false; //重置登录状态
- Session::delete("admin");
- Cookie::delete("keeplogin");
- setcookie('fastadmin_userinfo', '', $_SERVER['REQUEST_TIME'] - 3600, rtrim(url("/" . request()->module(), '', false), '/'));
- return true;
- }
- /**
- * 自动登录
- * @return boolean
- */
- public function autologin()
- {
- $keeplogin = Cookie::get('keeplogin');
- if (!$keeplogin) {
- return false;
- }
- list($id, $keeptime, $expiretime, $key) = explode('|', $keeplogin);
- if ($id && $keeptime && $expiretime && $key && $expiretime > time()) {
- $admin = Admin::get($id);
- if (!$admin || !$admin->token) {
- return false;
- }
- //token有变更
- if ($key != $this->getKeeploginKey($admin, $keeptime, $expiretime)) {
- return false;
- }
- $ip = request()->ip();
- //IP有变动
- if ($admin->loginip != $ip) {
- return false;
- }
- Session::set("admin", $admin->toArray());
- Session::set("admin.safecode", $this->getEncryptSafecode($admin));
- //刷新自动登录的时效
- $this->keeplogin($admin, $keeptime);
- return true;
- } else {
- return false;
- }
- }
- /**
- * 刷新保持登录的Cookie
- *
- * @param int $keeptime
- * @return boolean
- */
- protected function keeplogin($admin, $keeptime = 0)
- {
- if ($keeptime) {
- $expiretime = time() + $keeptime;
- $key = $this->getKeeploginKey($admin, $keeptime, $expiretime);
- Cookie::set('keeplogin', implode('|', [$admin['id'], $keeptime, $expiretime, $key]), $keeptime);
- return true;
- }
- return false;
- }
- /**
- * 获取密码加密后的字符串
- * @param string $password 密码
- * @param string $salt 密码盐
- * @return string
- */
- public function getEncryptPassword($password, $salt = '')
- {
- return md5(md5($password) . $salt);
- }
- /**
- * 获取密码加密后的自动登录码
- * @param string $password 密码
- * @param string $salt 密码盐
- * @return string
- */
- public function getEncryptKeeplogin($params, $keeptime)
- {
- $expiretime = time() + $keeptime;
- $key = md5(md5($params['id']) . md5($keeptime) . md5($expiretime) . $params['token'] . config('token.key'));
- return implode('|', [$this->id, $keeptime, $expiretime, $key]);
- }
- /**
- * 获取自动登录Key
- * @param $params
- * @param $keeptime
- * @param $expiretime
- * @return string
- */
- public function getKeeploginKey($params, $keeptime, $expiretime)
- {
- $key = md5(md5($params['id']) . md5($keeptime) . md5($expiretime) . $params['token'] . config('token.key'));
- return $key;
- }
- /**
- * 获取加密后的安全码
- * @param $params
- * @return string
- */
- public function getEncryptSafecode($params)
- {
- return md5(md5($params['username']) . md5(substr($params['password'], 0, 6)) . config('token.key'));
- }
- public function check($name, $uid = '', $relation = 'or', $mode = 'url')
- {
- $uid = $uid ? $uid : $this->id;
- return parent::check($name, $uid, $relation, $mode);
- }
- /**
- * 检测当前控制器和方法是否匹配传递的数组
- *
- * @param array $arr 需要验证权限的数组
- * @return bool
- */
- public function match($arr = [])
- {
- $request = Request::instance();
- $arr = is_array($arr) ? $arr : explode(',', $arr);
- if (!$arr) {
- return false;
- }
- $arr = array_map('strtolower', $arr);
- // 是否存在
- if (in_array(strtolower($request->action()), $arr) || in_array('*', $arr)) {
- return true;
- }
- // 没找到匹配
- return false;
- }
- /**
- * 检测是否登录
- *
- * @return boolean
- */
- public function isLogin()
- {
- if ($this->logined) {
- return true;
- }
- $admin = Session::get('admin');
- if (!$admin) {
- return false;
- }
- $my = Admin::get($admin['id']);
- if (!$my) {
- return false;
- }
- //校验安全码,可用于判断关键信息发生了变更需要重新登录
- if (!isset($admin['safecode']) || $this->getEncryptSafecode($my) !== $admin['safecode']) {
- $this->logout();
- return false;
- }
- //判断是否同一时间同一账号只能在一个地方登录
- if (Config::get('fastadmin.login_unique')) {
- if ($my['token'] != $admin['token']) {
- $this->logout();
- return false;
- }
- }
- //判断管理员IP是否变动
- if (Config::get('fastadmin.loginip_check')) {
- if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip()) {
- $this->logout();
- return false;
- }
- }
- $this->logined = true;
- return true;
- }
- /**
- * 获取当前请求的URI
- * @return string
- */
- public function getRequestUri()
- {
- return $this->requestUri;
- }
- /**
- * 设置当前请求的URI
- * @param string $uri
- */
- public function setRequestUri($uri)
- {
- $this->requestUri = $uri;
- }
- public function getGroups($uid = null)
- {
- $uid = is_null($uid) ? $this->id : $uid;
- return parent::getGroups($uid);
- }
- public function getRuleList($uid = null)
- {
- $uid = is_null($uid) ? $this->id : $uid;
- return parent::getRuleList($uid);
- }
- public function getUserInfo($uid = null)
- {
- $uid = is_null($uid) ? $this->id : $uid;
- return $uid != $this->id ? Admin::get(intval($uid)) : Session::get('admin');
- }
- public function getRuleIds($uid = null)
- {
- $uid = is_null($uid) ? $this->id : $uid;
- return parent::getRuleIds($uid);
- }
- public function isSuperAdmin()
- {
- return in_array('*', $this->getRuleIds()) ? true : false;
- }
- /**
- * 获取管理员所属于的分组ID
- * @param int $uid
- * @return array
- */
- public function getGroupIds($uid = null)
- {
- $groups = $this->getGroups($uid);
- $groupIds = [];
- foreach ($groups as $K => $v) {
- $groupIds[] = (int)$v['group_id'];
- }
- return $groupIds;
- }
- /**
- * 取出当前管理员所拥有权限的分组
- * @param boolean $withself 是否包含当前所在的分组
- * @return array
- */
- public function getChildrenGroupIds($withself = false)
- {
- //取出当前管理员所有的分组
- $groups = $this->getGroups();
- $groupIds = [];
- foreach ($groups as $k => $v) {
- $groupIds[] = $v['id'];
- }
- $originGroupIds = $groupIds;
- foreach ($groups as $k => $v) {
- if (in_array($v['pid'], $originGroupIds)) {
- $groupIds = array_diff($groupIds, [$v['id']]);
- unset($groups[$k]);
- }
- }
- // 取出所有分组
- $groupList = \app\admin\model\AuthGroup::where($this->isSuperAdmin() ? '1=1' : ['status' => 'normal'])->select();
- $objList = [];
- foreach ($groups as $k => $v) {
- if ($v['rules'] === '*') {
- $objList = $groupList;
- break;
- }
- // 取出包含自己的所有子节点
- $childrenList = Tree::instance()->init($groupList, 'pid')->getChildren($v['id'], true);
- $obj = Tree::instance()->init($childrenList, 'pid')->getTreeArray($v['pid']);
- $objList = array_merge($objList, Tree::instance()->getTreeList($obj));
- }
- $childrenGroupIds = [];
- foreach ($objList as $k => $v) {
- $childrenGroupIds[] = $v['id'];
- }
- if (!$withself) {
- $childrenGroupIds = array_diff($childrenGroupIds, $groupIds);
- }
- return $childrenGroupIds;
- }
- /**
- * 取出当前管理员所拥有权限的管理员
- * @param boolean $withself 是否包含自身
- * @return array
- */
- public function getChildrenAdminIds($withself = false)
- {
- $childrenAdminIds = [];
- if (!$this->isSuperAdmin()) {
- $groupIds = $this->getChildrenGroupIds(false);
- $authGroupList = \app\admin\model\AuthGroupAccess::field('uid,group_id')
- ->where('group_id', 'in', $groupIds)
- ->select();
- foreach ($authGroupList as $k => $v) {
- $childrenAdminIds[] = $v['uid'];
- }
- } else {
- //超级管理员拥有所有人的权限
- $childrenAdminIds = Admin::column('id');
- }
- if ($withself) {
- if (!in_array($this->id, $childrenAdminIds)) {
- $childrenAdminIds[] = $this->id;
- }
- } else {
- $childrenAdminIds = array_diff($childrenAdminIds, [$this->id]);
- }
- return $childrenAdminIds;
- }
- /**
- * 获得面包屑导航
- * @param string $path
- * @return array
- */
- public function getBreadCrumb($path = '')
- {
- if ($this->breadcrumb || !$path) {
- return $this->breadcrumb;
- }
- $titleArr = [];
- $menuArr = [];
- $urlArr = explode('/', $path);
- foreach ($urlArr as $index => $item) {
- $pathArr[implode('/', array_slice($urlArr, 0, $index + 1))] = $index;
- }
- if (!$this->rules && $this->id) {
- $this->getRuleList();
- }
- foreach ($this->rules as $rule) {
- if (isset($pathArr[$rule['name']])) {
- $rule['title'] = __($rule['title']);
- $rule['url'] = url($rule['name']);
- $titleArr[$pathArr[$rule['name']]] = $rule['title'];
- $menuArr[$pathArr[$rule['name']]] = $rule;
- }
- }
- ksort($menuArr);
- $this->breadcrumb = $menuArr;
- return $this->breadcrumb;
- }
- /**
- * 获取左侧和顶部菜单栏
- *
- * @param array $params URL对应的badge数据
- * @param string $fixedPage 默认页
- * @return array
- */
- public function getSidebar($params = [], $fixedPage = 'dashboard')
- {
- // 边栏开始
- Hook::listen("admin_sidebar_begin", $params);
- $colorArr = ['red', 'green', 'yellow', 'blue', 'teal', 'orange', 'purple'];
- $colorNums = count($colorArr);
- $badgeList = [];
- $module = request()->module();
- // 生成菜单的badge
- foreach ($params as $k => $v) {
- $url = $k;
- if (is_array($v)) {
- $nums = $v[0] ?? 0;
- $color = $v[1] ?? $colorArr[(is_numeric($nums) ? $nums : strlen($nums)) % $colorNums];
- $class = $v[2] ?? 'label';
- } else {
- $nums = $v;
- $color = $colorArr[(is_numeric($nums) ? $nums : strlen($nums)) % $colorNums];
- $class = 'label';
- }
- //必须nums大于0才显示
- if ($nums) {
- $badgeList[$url] = '<small class="' . $class . ' pull-right bg-' . $color . '">' . $nums . '</small>';
- }
- }
- // 读取管理员当前拥有的权限节点
- $userRule = $this->getRuleList();
- $selected = $referer = [];
- $refererUrl = Session::get('referer');
- // 必须将结果集转换为数组
- $ruleList = collection(\app\admin\model\AuthRule::where('status', 'normal')
- ->where('ismenu', 1)
- ->order('weigh', 'desc')
- ->cache("__menu__")
- ->select())->toArray();
- $indexRuleList = \app\admin\model\AuthRule::where('status', 'normal')
- ->where('ismenu', 0)
- ->where('name', 'like', '%/index')
- ->column('name,pid');
- $pidArr = array_unique(array_filter(array_column($ruleList, 'pid')));
- foreach ($ruleList as $k => &$v) {
- if (!in_array($v['name'], $userRule)) {
- unset($ruleList[$k]);
- continue;
- }
- $indexRuleName = $v['name'] . '/index'; // user/user 找到他的下级查看 user/user/index 如果有这个查看菜单,但是又没权限,那代表只是勾了一个空壳,所以unset
- if (isset($indexRuleList[$indexRuleName]) && !in_array($indexRuleName, $userRule)) {
- unset($ruleList[$k]);
- continue;
- }
- $v['icon'] = $v['icon'] . ' fa-fw';
- $v['url'] = isset($v['url']) && $v['url'] ? $v['url'] : '/' . $module . '/' . $v['name'];
- $v['badge'] = $badgeList[$v['name']] ?? '';
- $v['title'] = __($v['title']);
- $v['url'] = preg_match("/^((?:[a-z]+:)?\/\/|data:image\/)(.*)/i", $v['url']) ? $v['url'] : url($v['url']);
- $v['menuclass'] = in_array($v['menutype'], ['dialog', 'ajax']) ? 'btn-' . $v['menutype'] : '';
- $v['menutabs'] = !$v['menutype'] || in_array($v['menutype'], ['default', 'addtabs']) ? 'addtabs="' . $v['id'] . '"' : '';
- $selected = $v['name'] == $fixedPage ? $v : $selected;
- $referer = $v['url'] == $refererUrl ? $v : $referer;
- }
- $lastArr = array_unique(array_filter(array_column($ruleList, 'pid')));
- $pidDiffArr = array_diff($pidArr, $lastArr);
- foreach ($ruleList as $index => $item) {
- if (in_array($item['id'], $pidDiffArr)) {
- unset($ruleList[$index]);
- }
- }
- if ($selected == $referer) {
- $referer = [];
- }
- $select_id = $referer ? $referer['id'] : ($selected ? $selected['id'] : 0);
- $menu = $nav = '';
- $showSubmenu = config('fastadmin.show_submenu');
- if (Config::get('fastadmin.multiplenav')) {
- $topList = [];
- foreach ($ruleList as $index => $item) {
- if (!$item['pid']) {
- $topList[] = $item;
- }
- }
- $selectParentIds = [];
- $tree = Tree::instance();
- $tree->init($ruleList);
- if ($select_id) {
- $selectParentIds = $tree->getParentsIds($select_id, true);
- }
- foreach ($topList as $index => $item) {
- $childList = Tree::instance()->getTreeMenu(
- $item['id'],
- '<li class="@class" pid="@pid"><a @extend href="@url@addtabs" addtabs="@id" class="@menuclass" url="@url" py="@py" pinyin="@pinyin"><i class="@icon"></i> <span>@title</span> <span class="pull-right-container">@caret @badge</span></a> @childlist</li>',
- $select_id,
- '',
- 'ul',
- 'class="treeview-menu' . ($showSubmenu ? ' menu-open' : '') . '"'
- );
- $current = in_array($item['id'], $selectParentIds);
- $url = $childList ? 'javascript:;' : $item['url'];
- $addtabs = $childList || !$url ? "" : (stripos($url, "?") !== false ? "&" : "?") . "ref=" . ($item['menutype'] ? $item['menutype'] : 'addtabs');
- $childList = str_replace(
- '" pid="' . $item['id'] . '"',
- ' ' . ($current ? '' : 'hidden') . '" pid="' . $item['id'] . '"',
- $childList
- );
- $nav .= '<li class="' . ($current ? 'active' : '') . '"><a ' . $item['extend'] . ' href="' . $url . $addtabs . '" ' . $item['menutabs'] . ' class="' . $item['menuclass'] . '" url="' . $url . '" title="' . $item['title'] . '"><i class="' . $item['icon'] . '"></i> <span>' . $item['title'] . '</span> <span class="pull-right-container"> </span></a> </li>';
- $menu .= $childList;
- }
- } else {
- // 构造菜单数据
- Tree::instance()->init($ruleList);
- $menu = Tree::instance()->getTreeMenu(
- 0,
- '<li class="@class"><a @extend href="@url@addtabs" @menutabs class="@menuclass" url="@url" py="@py" pinyin="@pinyin"><i class="@icon"></i> <span>@title</span> <span class="pull-right-container">@caret @badge</span></a> @childlist</li>',
- $select_id,
- '',
- 'ul',
- 'class="treeview-menu' . ($showSubmenu ? ' menu-open' : '') . '"'
- );
- if ($selected) {
- $nav .= '<li role="presentation" id="tab_' . $selected['id'] . '" class="' . ($referer ? '' : 'active') . '"><a href="#con_' . $selected['id'] . '" node-id="' . $selected['id'] . '" aria-controls="' . $selected['id'] . '" role="tab" data-toggle="tab"><i class="' . $selected['icon'] . ' fa-fw"></i> <span>' . $selected['title'] . '</span> </a></li>';
- }
- if ($referer) {
- $nav .= '<li role="presentation" id="tab_' . $referer['id'] . '" class="active"><a href="#con_' . $referer['id'] . '" node-id="' . $referer['id'] . '" aria-controls="' . $referer['id'] . '" role="tab" data-toggle="tab"><i class="' . $referer['icon'] . ' fa-fw"></i> <span>' . $referer['title'] . '</span> </a> <i class="close-tab fa fa-remove"></i></li>';
- }
- }
- return [$menu, $nav, $selected, $referer];
- }
- /**
- * 设置错误信息
- *
- * @param string $error 错误信息
- * @return Auth
- */
- public function setError($error)
- {
- $this->_error = $error;
- return $this;
- }
- /**
- * 获取错误信息
- * @return string
- */
- public function getError()
- {
- return $this->_error ? __($this->_error) : '';
- }
- }
|