Apic.php 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460
  1. <?php
  2. namespace app\common\controller;
  3. use app\common\library\Authcoach as Auth;
  4. use think\Config;
  5. use think\exception\HttpResponseException;
  6. use think\exception\ValidateException;
  7. use think\Hook;
  8. use think\Lang;
  9. use think\Loader;
  10. use think\Request;
  11. use think\Response;
  12. use think\Route;
  13. use think\Validate;
  14. use Redis;
  15. /**
  16. * API控制器基类
  17. */
  18. class Apic
  19. {
  20. /**
  21. * @var Request Request 实例
  22. */
  23. protected $request;
  24. /**
  25. * @var bool 验证失败是否抛出异常
  26. */
  27. protected $failException = false;
  28. /**
  29. * @var bool 是否批量验证
  30. */
  31. protected $batchValidate = false;
  32. /**
  33. * @var array 前置操作方法列表
  34. */
  35. protected $beforeActionList = [];
  36. /**
  37. * 无需登录的方法,同时也就不需要鉴权了
  38. * @var array
  39. */
  40. protected $noNeedLogin = [];
  41. /**
  42. * 无需鉴权的方法,但需要登录
  43. * @var array
  44. */
  45. protected $noNeedRight = [];
  46. /**
  47. * 权限Auth
  48. * @var Auth
  49. */
  50. protected $auth = null;
  51. /**
  52. * 默认响应输出类型,支持json/xml
  53. * @var string
  54. */
  55. protected $responseType = 'json';
  56. /**
  57. * 构造方法
  58. * @access public
  59. * @param Request $request Request 对象
  60. */
  61. public function __construct(Request $request = null)
  62. {
  63. $this->request = is_null($request) ? Request::instance() : $request;
  64. // 控制器初始化
  65. $this->_initialize();
  66. //日志
  67. $this->request_log();
  68. // 前置操作方法
  69. if ($this->beforeActionList) {
  70. foreach ($this->beforeActionList as $method => $options) {
  71. is_numeric($method) ?
  72. $this->beforeAction($options) :
  73. $this->beforeAction($method, $options);
  74. }
  75. }
  76. }
  77. /**
  78. * 初始化操作
  79. * @access protected
  80. */
  81. protected function _initialize()
  82. {
  83. //跨域请求检测
  84. check_cors_request();
  85. // 检测IP是否允许
  86. check_ip_allowed();
  87. //移除HTML标签
  88. $this->request->filter('trim,strip_tags,htmlspecialchars');
  89. $this->auth = Auth::instance();
  90. $modulename = $this->request->module();
  91. $controllername = Loader::parseName($this->request->controller());
  92. $actionname = strtolower($this->request->action());
  93. // token
  94. $token = $this->request->server('HTTP_TOKEN', $this->request->request('token', \think\Cookie::get('token')));
  95. $path = str_replace('.', '/', $controllername) . '/' . $actionname;
  96. // 设置当前请求的URI
  97. $this->auth->setRequestUri($path);
  98. // 检测是否需要验证登录
  99. if (!$this->auth->match($this->noNeedLogin)) {
  100. //初始化
  101. $this->auth->init($token);
  102. //检测是否登录
  103. if (!$this->auth->isLogin()) {
  104. $this->error(__('Please login first'), null, 401);
  105. }
  106. // 判断是否需要验证权限
  107. /*if (!$this->auth->match($this->noNeedRight)) {
  108. // 判断控制器和方法判断是否有对应权限
  109. if (!$this->auth->check($path)) {
  110. $this->error(__('You have no permission'), null, 403);
  111. }
  112. }*/
  113. } else {
  114. // 如果有传递token才验证是否登录状态
  115. if ($token) {
  116. $this->auth->init($token);
  117. }
  118. }
  119. $upload = \app\common\model\Config::upload();
  120. // 上传信息配置后
  121. Hook::listen("upload_config_init", $upload);
  122. Config::set('upload', array_merge(Config::get('upload'), $upload));
  123. // 加载当前控制器语言包
  124. $this->loadlang($controllername);
  125. }
  126. /**
  127. * 加载语言文件
  128. * @param string $name
  129. */
  130. protected function loadlang($name)
  131. {
  132. $name = Loader::parseName($name);
  133. $name = preg_match("/^([a-zA-Z0-9_\.\/]+)\$/i", $name) ? $name : 'index';
  134. $lang = $this->request->langset();
  135. $lang = preg_match("/^([a-zA-Z\-_]{2,10})\$/i", $lang) ? $lang : 'zh-cn';
  136. Lang::load(APP_PATH . $this->request->module() . '/lang/' . $lang . '/' . str_replace('.', '/', $name) . '.php');
  137. }
  138. //结果集信息里,多个字段需要翻译
  139. protected function list_lang($list,$field){
  140. if(!$list || empty($list)){
  141. return $list;
  142. }
  143. foreach($list as $vo => $info){
  144. $list[$vo] = $this->info_lang($info,$field);
  145. }
  146. return $list;
  147. }
  148. //单条信息里,多个字段需要翻译
  149. protected function info_lang($data,$field){
  150. if(!$data || empty($data)){
  151. return $data;
  152. }
  153. foreach($data as $key => $val){
  154. if(in_array($key,$field)){
  155. if($this->lang == 'en'){
  156. $data[$key] = $data[$key.'_en'];
  157. unset($data[$key.'_en']);
  158. }else{
  159. unset($data[$key.'_en']);
  160. }
  161. }
  162. }
  163. return $data;
  164. }
  165. /**
  166. * 操作成功返回的数据
  167. * @param string $msg 提示信息
  168. * @param mixed $data 要返回的数据
  169. * @param int $code 错误码,默认为1
  170. * @param string $type 输出类型
  171. * @param array $header 发送的 Header 信息
  172. */
  173. protected function success($msg = '', $data = null, $code = 1, $type = null, array $header = [])
  174. {
  175. if($msg == 1){
  176. $msg = 'success';
  177. }
  178. if(empty($msg)){
  179. $msg = '操作成功';
  180. }
  181. $this->result($msg, $data, $code, $type, $header);
  182. }
  183. //find查询出来的结果如果为空数组,强制转换object
  184. protected function success_find($msg = '', $data = null, $code = 1, $type = null, array $header = [])
  185. {
  186. if(empty($msg)){
  187. $msg = '操作成功';
  188. }
  189. if(is_null($data) || $data === []){
  190. $data = (object)[];
  191. }
  192. $this->result($msg, $data, $code, $type, $header);
  193. }
  194. /**
  195. * 操作失败返回的数据
  196. * @param string $msg 提示信息
  197. * @param mixed $data 要返回的数据
  198. * @param int $code 错误码,默认为0
  199. * @param string $type 输出类型
  200. * @param array $header 发送的 Header 信息
  201. */
  202. protected function error($msg = '', $data = null, $code = 0, $type = null, array $header = [])
  203. {
  204. if(empty($msg)){
  205. $msg = __('Invalid parameters');
  206. }
  207. $this->result($msg, $data, $code, $type, $header);
  208. }
  209. /**
  210. * 返回封装后的 API 数据到客户端
  211. * @access protected
  212. * @param mixed $msg 提示信息
  213. * @param mixed $data 要返回的数据
  214. * @param int $code 错误码,默认为0
  215. * @param string $type 输出类型,支持json/xml/jsonp
  216. * @param array $header 发送的 Header 信息
  217. * @return void
  218. * @throws HttpResponseException
  219. */
  220. protected function result($msg, $data = null, $code = 0, $type = null, array $header = [])
  221. {
  222. $result = [
  223. 'code' => $code,
  224. 'msg' => __($msg),
  225. 'time' => Request::instance()->server('REQUEST_TIME'),
  226. 'data' => $data,
  227. ];
  228. //日志
  229. $this->request_log_update($result);
  230. // 如果未设置类型则自动判断
  231. $type = $type ? $type : ($this->request->param(config('var_jsonp_handler')) ? 'jsonp' : $this->responseType);
  232. if (isset($header['statuscode'])) {
  233. $code = $header['statuscode'];
  234. unset($header['statuscode']);
  235. } else {
  236. //未设置状态码,根据code值判断
  237. $code = $code >= 1000 || $code < 200 ? 200 : $code;
  238. }
  239. $response = Response::create($result, $type, $code)->header($header);
  240. throw new HttpResponseException($response);
  241. }
  242. /**
  243. * 前置操作
  244. * @access protected
  245. * @param string $method 前置操作方法名
  246. * @param array $options 调用参数 ['only'=>[...]] 或者 ['except'=>[...]]
  247. * @return void
  248. */
  249. protected function beforeAction($method, $options = [])
  250. {
  251. if (isset($options['only'])) {
  252. if (is_string($options['only'])) {
  253. $options['only'] = explode(',', $options['only']);
  254. }
  255. if (!in_array($this->request->action(), $options['only'])) {
  256. return;
  257. }
  258. } elseif (isset($options['except'])) {
  259. if (is_string($options['except'])) {
  260. $options['except'] = explode(',', $options['except']);
  261. }
  262. if (in_array($this->request->action(), $options['except'])) {
  263. return;
  264. }
  265. }
  266. call_user_func([$this, $method]);
  267. }
  268. /**
  269. * 设置验证失败后是否抛出异常
  270. * @access protected
  271. * @param bool $fail 是否抛出异常
  272. * @return $this
  273. */
  274. protected function validateFailException($fail = true)
  275. {
  276. $this->failException = $fail;
  277. return $this;
  278. }
  279. /**
  280. * 验证数据
  281. * @access protected
  282. * @param array $data 数据
  283. * @param string|array $validate 验证器名或者验证规则数组
  284. * @param array $message 提示信息
  285. * @param bool $batch 是否批量验证
  286. * @param mixed $callback 回调方法(闭包)
  287. * @return array|string|true
  288. * @throws ValidateException
  289. */
  290. protected function validate($data, $validate, $message = [], $batch = false, $callback = null)
  291. {
  292. if (is_array($validate)) {
  293. $v = Loader::validate();
  294. $v->rule($validate);
  295. } else {
  296. // 支持场景
  297. if (strpos($validate, '.')) {
  298. list($validate, $scene) = explode('.', $validate);
  299. }
  300. $v = Loader::validate($validate);
  301. !empty($scene) && $v->scene($scene);
  302. }
  303. // 批量验证
  304. if ($batch || $this->batchValidate) {
  305. $v->batch(true);
  306. }
  307. // 设置错误信息
  308. if (is_array($message)) {
  309. $v->message($message);
  310. }
  311. // 使用回调验证
  312. if ($callback && is_callable($callback)) {
  313. call_user_func_array($callback, [$v, &$data]);
  314. }
  315. if (!$v->check($data)) {
  316. if ($this->failException) {
  317. throw new ValidateException($v->getError());
  318. }
  319. return $v->getError();
  320. }
  321. return true;
  322. }
  323. /**
  324. * 刷新Token
  325. */
  326. protected function token()
  327. {
  328. $token = $this->request->param('__token__');
  329. //验证Token
  330. if (!Validate::make()->check(['__token__' => $token], ['__token__' => 'require|token'])) {
  331. $this->error(__('Token verification error'), ['__token__' => $this->request->token()]);
  332. }
  333. //刷新Token
  334. $this->request->token();
  335. }
  336. /*
  337. * api 请求日志
  338. * */
  339. protected function request_log(){
  340. //api_request_log
  341. $modulename = $this->request->module();
  342. $controllername = $this->request->controller();
  343. $actionname = $this->request->action();
  344. $data = [
  345. 'uid' => $this->auth->id,
  346. 'api' => $modulename.'/'.$controllername.'/'.$actionname,
  347. 'params' => json_encode($this->request->request()),
  348. 'addtime' => time(),
  349. 'adddatetime' => date('Y-m-d H:i:s'),
  350. 'ip' => request()->ip(),
  351. ];
  352. $request_id = db('api_request_log')->insertGetId($data);
  353. defined('API_REQUEST_ID') or define('API_REQUEST_ID', $request_id);
  354. }
  355. protected function request_log_update($log_result){
  356. if(defined('API_REQUEST_ID')) { //记录app正常返回结果
  357. if(strlen(json_encode($log_result['data'])) > 10000) {
  358. $log_result['data'] = '数据太多,不记录';
  359. }
  360. db('api_request_log')->where('id',API_REQUEST_ID)->update(['result'=>json_encode($log_result)]);
  361. }
  362. }
  363. /**
  364. * 接口请求限制
  365. * @param int $apiLimit
  366. * @param int $apiLimitTime
  367. * @param string $key
  368. * @return bool | true:通过 false:拒绝
  369. */
  370. public function apiLimit($apiLimit = 1, $apiLimitTime = 1000, $key = '')
  371. {
  372. $userId = $this->auth->id;
  373. $controller = request()->controller();
  374. $action = request()->action();
  375. if (!$key) {
  376. $key = strtolower($controller) . '_' . strtolower($action) . '_' . $userId;
  377. }
  378. $redis = new Redis();
  379. $redisconfig = config("redis");
  380. $redis->connect($redisconfig["host"], $redisconfig["port"]);
  381. if ($redisconfig['redis_pwd']) {
  382. $redis->auth($redisconfig['redis_pwd']);
  383. }
  384. if($redisconfig['redis_selectdb'] > 0){
  385. $redis->select($redisconfig['redis_selectdb']);
  386. }
  387. //
  388. //指定键值新增+1 并获取
  389. $count = $redis->incr($key);
  390. if ($count > $apiLimit) {
  391. return false;
  392. }
  393. //设置过期时间
  394. if ($count == 1) {
  395. $redis->pExpire($key, $apiLimitTime);
  396. }
  397. return true;
  398. }
  399. }