Api.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399
  1. <?php
  2. namespace app\common\controller;
  3. use app\common\library\Auth;
  4. use think\Config;
  5. use think\exception\HttpResponseException;
  6. use think\exception\ValidateException;
  7. use think\Hook;
  8. use think\Lang;
  9. use think\Loader;
  10. use think\Request;
  11. use think\Response;
  12. use think\Route;
  13. use think\Validate;
  14. /**
  15. * API控制器基类
  16. */
  17. class Api
  18. {
  19. /**
  20. * @var Request Request 实例
  21. */
  22. protected $request;
  23. /**
  24. * @var bool 验证失败是否抛出异常
  25. */
  26. protected $failException = false;
  27. /**
  28. * @var bool 是否批量验证
  29. */
  30. protected $batchValidate = false;
  31. /**
  32. * @var array 前置操作方法列表
  33. */
  34. protected $beforeActionList = [];
  35. /**
  36. * 无需登录的方法,同时也就不需要鉴权了
  37. * @var array
  38. */
  39. protected $noNeedLogin = [];
  40. /**
  41. * 无需鉴权的方法,但需要登录
  42. * @var array
  43. */
  44. protected $noNeedRight = [];
  45. /**
  46. * 权限Auth
  47. * @var Auth
  48. */
  49. protected $auth = null;
  50. /**
  51. * 默认响应输出类型,支持json/xml
  52. * @var string
  53. */
  54. protected $responseType = 'json';
  55. public $page = 1;
  56. public $listrow = 10;
  57. /**
  58. * 构造方法
  59. * @access public
  60. * @param Request $request Request 对象
  61. */
  62. public function __construct(Request $request = null)
  63. {
  64. $this->request = is_null($request) ? Request::instance() : $request;
  65. $this->page = input('page',1);
  66. $this->listrow= input('listrow',10);
  67. // 控制器初始化
  68. $this->_initialize();
  69. //日志
  70. $this->request_log();
  71. // 前置操作方法
  72. if ($this->beforeActionList) {
  73. foreach ($this->beforeActionList as $method => $options) {
  74. is_numeric($method) ?
  75. $this->beforeAction($options) :
  76. $this->beforeAction($method, $options);
  77. }
  78. }
  79. }
  80. /**
  81. * 初始化操作
  82. * @access protected
  83. */
  84. protected function _initialize()
  85. {
  86. //跨域请求检测
  87. check_cors_request();
  88. // 检测IP是否允许
  89. check_ip_allowed();
  90. //移除HTML标签
  91. $this->request->filter('trim,strip_tags,htmlspecialchars');
  92. $this->auth = Auth::instance();
  93. $modulename = $this->request->module();
  94. $controllername = Loader::parseName($this->request->controller());
  95. $actionname = strtolower($this->request->action());
  96. // token
  97. $token = $this->request->server('HTTP_TOKEN', $this->request->request('token', \think\Cookie::get('token')));
  98. $path = str_replace('.', '/', $controllername) . '/' . $actionname;
  99. // 设置当前请求的URI
  100. $this->auth->setRequestUri($path);
  101. // 检测是否需要验证登录
  102. if (!$this->auth->match($this->noNeedLogin)) {
  103. //初始化
  104. $this->auth->init($token);
  105. //检测是否登录
  106. if (!$this->auth->isLogin()) {
  107. $this->error(__('Please login first'), null, 401);
  108. }
  109. // 判断是否需要验证权限
  110. if (!$this->auth->match($this->noNeedRight)) {
  111. // 判断控制器和方法判断是否有对应权限
  112. if (!$this->auth->check($path)) {
  113. $this->error(__('You have no permission'), null, 403);
  114. }
  115. }
  116. } else {
  117. // 如果有传递token才验证是否登录状态
  118. if ($token) {
  119. $this->auth->init($token);
  120. }
  121. }
  122. $upload = \app\common\model\Config::upload();
  123. // 上传信息配置后
  124. Hook::listen("upload_config_init", $upload);
  125. Config::set('upload', array_merge(Config::get('upload'), $upload));
  126. // 加载当前控制器语言包
  127. $this->loadlang($controllername);
  128. }
  129. /**
  130. * 加载语言文件
  131. * @param string $name
  132. */
  133. protected function loadlang($name)
  134. {
  135. $name = Loader::parseName($name);
  136. $name = preg_match("/^([a-zA-Z0-9_\.\/]+)\$/i", $name) ? $name : 'index';
  137. $lang = $this->request->langset();
  138. $lang = preg_match("/^([a-zA-Z\-_]{2,10})\$/i", $lang) ? $lang : 'zh-cn';
  139. Lang::load(APP_PATH . $this->request->module() . '/lang/' . $lang . '/' . str_replace('.', '/', $name) . '.php');
  140. }
  141. /**
  142. * 操作成功返回的数据
  143. * @param string $msg 提示信息
  144. * @param mixed $data 要返回的数据
  145. * @param int $code 错误码,默认为1
  146. * @param string $type 输出类型
  147. * @param array $header 发送的 Header 信息
  148. */
  149. protected function success($msg = '', $data = null, $code = 1, $type = null, array $header = [])
  150. {
  151. if($msg == 1){
  152. $msg = 'success';
  153. }
  154. if(empty($msg)){
  155. $msg = '操作成功';
  156. }
  157. $this->result($msg, $data, $code, $type, $header);
  158. }
  159. //find查询出来的结果如果为空数组,强制转换object
  160. protected function success_find($msg = '', $data = null, $code = 1, $type = null, array $header = [])
  161. {
  162. if(empty($msg)){
  163. $msg = '操作成功';
  164. }
  165. if(is_null($data) || $data === []){
  166. $data = (object)[];
  167. }
  168. $this->result($msg, $data, $code, $type, $header);
  169. }
  170. /**
  171. * 操作失败返回的数据
  172. * @param string $msg 提示信息
  173. * @param mixed $data 要返回的数据
  174. * @param int $code 错误码,默认为0
  175. * @param string $type 输出类型
  176. * @param array $header 发送的 Header 信息
  177. */
  178. protected function error($msg = '', $data = null, $code = 0, $type = null, array $header = [])
  179. {
  180. if(empty($msg)){
  181. $msg = __('Invalid parameters');
  182. }
  183. $this->result($msg, $data, $code, $type, $header);
  184. }
  185. /**
  186. * 返回封装后的 API 数据到客户端
  187. * @access protected
  188. * @param mixed $msg 提示信息
  189. * @param mixed $data 要返回的数据
  190. * @param int $code 错误码,默认为0
  191. * @param string $type 输出类型,支持json/xml/jsonp
  192. * @param array $header 发送的 Header 信息
  193. * @return void
  194. * @throws HttpResponseException
  195. */
  196. protected function result($msg, $data = null, $code = 0, $type = null, array $header = [])
  197. {
  198. $result = [
  199. 'code' => $code,
  200. 'msg' => $msg,
  201. 'time' => Request::instance()->server('REQUEST_TIME'),
  202. 'data' => $data,
  203. ];
  204. //日志
  205. $this->request_log_update($result);
  206. // 如果未设置类型则自动判断
  207. $type = $type ? $type : ($this->request->param(config('var_jsonp_handler')) ? 'jsonp' : $this->responseType);
  208. if (isset($header['statuscode'])) {
  209. $code = $header['statuscode'];
  210. unset($header['statuscode']);
  211. } else {
  212. //未设置状态码,根据code值判断
  213. $code = $code >= 1000 || $code < 200 ? 200 : $code;
  214. }
  215. $response = Response::create($result, $type, $code)->header($header);
  216. throw new HttpResponseException($response);
  217. }
  218. /**
  219. * 前置操作
  220. * @access protected
  221. * @param string $method 前置操作方法名
  222. * @param array $options 调用参数 ['only'=>[...]] 或者 ['except'=>[...]]
  223. * @return void
  224. */
  225. protected function beforeAction($method, $options = [])
  226. {
  227. if (isset($options['only'])) {
  228. if (is_string($options['only'])) {
  229. $options['only'] = explode(',', $options['only']);
  230. }
  231. if (!in_array($this->request->action(), $options['only'])) {
  232. return;
  233. }
  234. } elseif (isset($options['except'])) {
  235. if (is_string($options['except'])) {
  236. $options['except'] = explode(',', $options['except']);
  237. }
  238. if (in_array($this->request->action(), $options['except'])) {
  239. return;
  240. }
  241. }
  242. call_user_func([$this, $method]);
  243. }
  244. /**
  245. * 设置验证失败后是否抛出异常
  246. * @access protected
  247. * @param bool $fail 是否抛出异常
  248. * @return $this
  249. */
  250. protected function validateFailException($fail = true)
  251. {
  252. $this->failException = $fail;
  253. return $this;
  254. }
  255. /**
  256. * 验证数据
  257. * @access protected
  258. * @param array $data 数据
  259. * @param string|array $validate 验证器名或者验证规则数组
  260. * @param array $message 提示信息
  261. * @param bool $batch 是否批量验证
  262. * @param mixed $callback 回调方法(闭包)
  263. * @return array|string|true
  264. * @throws ValidateException
  265. */
  266. protected function validate($data, $validate, $message = [], $batch = false, $callback = null)
  267. {
  268. if (is_array($validate)) {
  269. $v = Loader::validate();
  270. $v->rule($validate);
  271. } else {
  272. // 支持场景
  273. if (strpos($validate, '.')) {
  274. list($validate, $scene) = explode('.', $validate);
  275. }
  276. $v = Loader::validate($validate);
  277. !empty($scene) && $v->scene($scene);
  278. }
  279. // 批量验证
  280. if ($batch || $this->batchValidate) {
  281. $v->batch(true);
  282. }
  283. // 设置错误信息
  284. if (is_array($message)) {
  285. $v->message($message);
  286. }
  287. // 使用回调验证
  288. if ($callback && is_callable($callback)) {
  289. call_user_func_array($callback, [$v, &$data]);
  290. }
  291. if (!$v->check($data)) {
  292. if ($this->failException) {
  293. throw new ValidateException($v->getError());
  294. }
  295. return $v->getError();
  296. }
  297. return true;
  298. }
  299. /**
  300. * 刷新Token
  301. */
  302. protected function token()
  303. {
  304. $token = $this->request->param('__token__');
  305. //验证Token
  306. if (!Validate::make()->check(['__token__' => $token], ['__token__' => 'require|token'])) {
  307. $this->error(__('Token verification error'), ['__token__' => $this->request->token()]);
  308. }
  309. //刷新Token
  310. $this->request->token();
  311. }
  312. /*
  313. * api 请求日志
  314. * */
  315. protected function request_log(){
  316. //api_request_log
  317. $modulename = $this->request->module();
  318. $controllername = $this->request->controller();
  319. $actionname = $this->request->action();
  320. if($controllername == 'Notify'){
  321. return true;
  322. }
  323. $data = [
  324. 'uid' => $this->auth->id,
  325. 'api' => $modulename.'/'.$controllername.'/'.$actionname,
  326. 'params_get' => json_encode($this->request->input()),
  327. 'params_post' => json_encode($this->request->post()),
  328. 'params_request' => json_encode($this->request->request()),
  329. // 'addtime' => time(),
  330. 'adddatetime' => date('Y-m-d H:i:s'),
  331. 'ip' => request()->ip(),
  332. ];
  333. $request_id = db('api_request_log')->insertGetId($data);
  334. defined('API_REQUEST_ID') or define('API_REQUEST_ID', $request_id);
  335. }
  336. protected function request_log_update($log_result){
  337. if(defined('API_REQUEST_ID')) { //记录app正常返回结果
  338. if(strlen(json_encode($log_result['data'])) > 10000) {
  339. // $log_result['data'] = '数据太多,不记录';
  340. }
  341. db('api_request_log')->where('id',API_REQUEST_ID)->update(['result'=>json_encode($log_result)]);
  342. }
  343. }
  344. }