Auth.php 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644
  1. <?php
  2. namespace app\admin\library;
  3. use app\admin\model\Admin;
  4. use fast\Random;
  5. use fast\Tree;
  6. use think\Config;
  7. use think\Cookie;
  8. use think\Hook;
  9. use think\Request;
  10. use think\Session;
  11. class Auth extends \fast\Auth
  12. {
  13. protected $_error = '';
  14. protected $requestUri = '';
  15. protected $breadcrumb = [];
  16. protected $logined = false; //登录状态
  17. public function __construct()
  18. {
  19. parent::__construct();
  20. }
  21. public function __get($name)
  22. {
  23. return Session::get('admin.' . $name);
  24. }
  25. /**
  26. * 管理员登录
  27. *
  28. * @param string $username 用户名
  29. * @param string $password 密码
  30. * @param int $keeptime 有效时长
  31. * @return boolean
  32. */
  33. public function login($username, $password, $keeptime = 0)
  34. {
  35. $admin = Admin::get(['username' => $username]);
  36. if (!$admin) {
  37. $this->setError('Username is incorrect');
  38. return false;
  39. }
  40. if ($admin['status'] == 'hidden') {
  41. $this->setError('Admin is forbidden');
  42. return false;
  43. }
  44. if (Config::get('fastadmin.login_failure_retry') && $admin->loginfailure >= 10 && time() - $admin->updatetime < 86400) {
  45. $this->setError('Please try again after 1 day');
  46. return false;
  47. }
  48. if ($admin->password != $this->getEncryptPassword($password, $admin->salt)) {
  49. $admin->loginfailure++;
  50. $admin->save();
  51. $this->setError('Password is incorrect');
  52. return false;
  53. }
  54. $admin->loginfailure = 0;
  55. $admin->logintime = time();
  56. $admin->loginip = request()->ip();
  57. $admin->token = Random::uuid();
  58. $admin->save();
  59. Session::set("admin", $admin->toArray());
  60. Session::set("admin.safecode", $this->getEncryptSafecode($admin));
  61. if ($keeptime <= 0) {
  62. $keeptime = $this->getKeeploginSeconds();
  63. }
  64. $this->keeplogin($admin, $keeptime);
  65. return true;
  66. }
  67. /**
  68. * 后台保持登录有效秒数(默认 72 小时,见 config fastadmin.keeplogin_hours)
  69. */
  70. public function getKeeploginSeconds(): int
  71. {
  72. $hours = (int)Config::get('fastadmin.keeplogin_hours');
  73. return ($hours > 0 ? $hours : 72) * 3600;
  74. }
  75. /**
  76. * 退出登录
  77. */
  78. public function logout()
  79. {
  80. $admin = Admin::get(intval($this->id));
  81. if ($admin) {
  82. $admin->token = '';
  83. $admin->save();
  84. }
  85. $this->logined = false; //重置登录状态
  86. Session::delete("admin");
  87. Cookie::delete("keeplogin");
  88. setcookie('fastadmin_userinfo', '', $_SERVER['REQUEST_TIME'] - 3600, rtrim(url("/" . request()->module(), '', false), '/'));
  89. return true;
  90. }
  91. /**
  92. * 自动登录
  93. * @return boolean
  94. */
  95. public function autologin()
  96. {
  97. $keeplogin = Cookie::get('keeplogin');
  98. if (!$keeplogin) {
  99. return false;
  100. }
  101. list($id, $keeptime, $expiretime, $key) = explode('|', $keeplogin);
  102. if ($id && $keeptime && $expiretime && $key && $expiretime > time()) {
  103. $admin = Admin::get($id);
  104. if (!$admin || !$admin->token) {
  105. return false;
  106. }
  107. //token有变更
  108. if ($key != $this->getKeeploginKey($admin, $keeptime, $expiretime)) {
  109. return false;
  110. }
  111. $ip = request()->ip();
  112. // IP 变动检测(与 isLogin 一致,受 fastadmin.loginip_check 控制)
  113. if (Config::get('fastadmin.loginip_check')) {
  114. if ($admin->loginip != $ip) {
  115. return false;
  116. }
  117. }
  118. Session::set("admin", $admin->toArray());
  119. Session::set("admin.safecode", $this->getEncryptSafecode($admin));
  120. //刷新自动登录的时效
  121. $this->keeplogin($admin, $keeptime);
  122. return true;
  123. } else {
  124. return false;
  125. }
  126. }
  127. /**
  128. * 刷新保持登录的Cookie
  129. *
  130. * @param int $keeptime
  131. * @return boolean
  132. */
  133. protected function keeplogin($admin, $keeptime = 0)
  134. {
  135. if ($keeptime) {
  136. $expiretime = time() + $keeptime;
  137. $key = $this->getKeeploginKey($admin, $keeptime, $expiretime);
  138. Cookie::set('keeplogin', implode('|', [$admin['id'], $keeptime, $expiretime, $key]), $keeptime);
  139. return true;
  140. }
  141. return false;
  142. }
  143. /**
  144. * 获取密码加密后的字符串
  145. * @param string $password 密码
  146. * @param string $salt 密码盐
  147. * @return string
  148. */
  149. public function getEncryptPassword($password, $salt = '')
  150. {
  151. return md5(md5($password) . $salt);
  152. }
  153. /**
  154. * 获取密码加密后的自动登录码
  155. * @param string $password 密码
  156. * @param string $salt 密码盐
  157. * @return string
  158. */
  159. public function getEncryptKeeplogin($params, $keeptime)
  160. {
  161. $expiretime = time() + $keeptime;
  162. $key = md5(md5($params['id']) . md5($keeptime) . md5($expiretime) . $params['token'] . config('token.key'));
  163. return implode('|', [$this->id, $keeptime, $expiretime, $key]);
  164. }
  165. /**
  166. * 获取自动登录Key
  167. * @param $params
  168. * @param $keeptime
  169. * @param $expiretime
  170. * @return string
  171. */
  172. public function getKeeploginKey($params, $keeptime, $expiretime)
  173. {
  174. $key = md5(md5($params['id']) . md5($keeptime) . md5($expiretime) . $params['token'] . config('token.key'));
  175. return $key;
  176. }
  177. /**
  178. * 获取加密后的安全码
  179. * @param $params
  180. * @return string
  181. */
  182. public function getEncryptSafecode($params)
  183. {
  184. return md5(md5($params['username']) . md5(substr($params['password'], 0, 6)) . config('token.key'));
  185. }
  186. public function check($name, $uid = '', $relation = 'or', $mode = 'url')
  187. {
  188. $uid = $uid ? $uid : $this->id;
  189. return parent::check($name, $uid, $relation, $mode);
  190. }
  191. /**
  192. * 检测当前控制器和方法是否匹配传递的数组
  193. *
  194. * @param array $arr 需要验证权限的数组
  195. * @return bool
  196. */
  197. public function match($arr = [])
  198. {
  199. $request = Request::instance();
  200. $arr = is_array($arr) ? $arr : explode(',', $arr);
  201. if (!$arr) {
  202. return false;
  203. }
  204. $arr = array_map('strtolower', $arr);
  205. // 是否存在
  206. if (in_array(strtolower($request->action()), $arr) || in_array('*', $arr)) {
  207. return true;
  208. }
  209. // 没找到匹配
  210. return false;
  211. }
  212. /**
  213. * 检测是否登录
  214. *
  215. * @return boolean
  216. */
  217. public function isLogin()
  218. {
  219. if ($this->logined) {
  220. return true;
  221. }
  222. $admin = Session::get('admin');
  223. if (!$admin) {
  224. // Session 过期时尝试用 keeplogin Cookie 静默恢复(避免操作中途频繁跳登录页)
  225. if ($this->autologin()) {
  226. $this->logined = true;
  227. return true;
  228. }
  229. return false;
  230. }
  231. $my = Admin::get($admin['id']);
  232. if (!$my) {
  233. return false;
  234. }
  235. //校验安全码,可用于判断关键信息发生了变更需要重新登录
  236. if (!isset($admin['safecode']) || $this->getEncryptSafecode($my) !== $admin['safecode']) {
  237. $this->logout();
  238. return false;
  239. }
  240. //判断是否同一时间同一账号只能在一个地方登录
  241. if (Config::get('fastadmin.login_unique')) {
  242. if ($my['token'] != $admin['token']) {
  243. $this->logout();
  244. return false;
  245. }
  246. }
  247. //判断管理员IP是否变动
  248. if (Config::get('fastadmin.loginip_check')) {
  249. if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip()) {
  250. $this->logout();
  251. return false;
  252. }
  253. }
  254. $this->refreshKeeploginCookie($my);
  255. $this->logined = true;
  256. return true;
  257. }
  258. /**
  259. * 操作过程中滑动续期 keeplogin(72 小时内免重复登录)
  260. *
  261. * @param array|\think\Model $admin
  262. */
  263. protected function refreshKeeploginCookie($admin): void
  264. {
  265. $keeplogin = Cookie::get('keeplogin');
  266. if (!$keeplogin) {
  267. return;
  268. }
  269. $parts = explode('|', (string)$keeplogin);
  270. if (count($parts) !== 4) {
  271. return;
  272. }
  273. $id = (int)$parts[0];
  274. $keeptime = (int)$parts[1];
  275. $expiretime = (int)$parts[2];
  276. if ($keeptime <= 0) {
  277. $keeptime = $this->getKeeploginSeconds();
  278. }
  279. if ($expiretime <= time()) {
  280. return;
  281. }
  282. $adminId = is_array($admin) ? (int)($admin['id'] ?? 0) : (int)($admin->id ?? 0);
  283. if ($id <= 0 || $adminId !== $id) {
  284. return;
  285. }
  286. $row = is_array($admin) ? $admin : $admin->toArray();
  287. $this->keeplogin($row, $keeptime);
  288. }
  289. /**
  290. * 获取当前请求的URI
  291. * @return string
  292. */
  293. public function getRequestUri()
  294. {
  295. return $this->requestUri;
  296. }
  297. /**
  298. * 设置当前请求的URI
  299. * @param string $uri
  300. */
  301. public function setRequestUri($uri)
  302. {
  303. $this->requestUri = $uri;
  304. }
  305. public function getGroups($uid = null)
  306. {
  307. $uid = is_null($uid) ? $this->id : $uid;
  308. return parent::getGroups($uid);
  309. }
  310. public function getRuleList($uid = null)
  311. {
  312. $uid = is_null($uid) ? $this->id : $uid;
  313. return parent::getRuleList($uid);
  314. }
  315. public function getUserInfo($uid = null)
  316. {
  317. $uid = is_null($uid) ? $this->id : $uid;
  318. return $uid != $this->id ? Admin::get(intval($uid)) : Session::get('admin');
  319. }
  320. public function getRuleIds($uid = null)
  321. {
  322. $uid = is_null($uid) ? $this->id : $uid;
  323. return parent::getRuleIds($uid);
  324. }
  325. public function isSuperAdmin()
  326. {
  327. return in_array('*', $this->getRuleIds()) ? true : false;
  328. }
  329. /**
  330. * 获取管理员所属于的分组ID
  331. * @param int $uid
  332. * @return array
  333. */
  334. public function getGroupIds($uid = null)
  335. {
  336. $groups = $this->getGroups($uid);
  337. $groupIds = [];
  338. foreach ($groups as $K => $v) {
  339. $groupIds[] = (int)$v['group_id'];
  340. }
  341. return $groupIds;
  342. }
  343. /**
  344. * 取出当前管理员所拥有权限的分组
  345. * @param boolean $withself 是否包含当前所在的分组
  346. * @return array
  347. */
  348. public function getChildrenGroupIds($withself = false)
  349. {
  350. //取出当前管理员所有的分组
  351. $groups = $this->getGroups();
  352. $groupIds = [];
  353. foreach ($groups as $k => $v) {
  354. $groupIds[] = $v['id'];
  355. }
  356. $originGroupIds = $groupIds;
  357. foreach ($groups as $k => $v) {
  358. if (in_array($v['pid'], $originGroupIds)) {
  359. $groupIds = array_diff($groupIds, [$v['id']]);
  360. unset($groups[$k]);
  361. }
  362. }
  363. // 取出所有分组
  364. $groupList = \app\admin\model\AuthGroup::where(['status' => 'normal'])->select();
  365. $objList = [];
  366. foreach ($groups as $k => $v) {
  367. if ($v['rules'] === '*') {
  368. $objList = $groupList;
  369. break;
  370. }
  371. // 取出包含自己的所有子节点
  372. $childrenList = Tree::instance()->init($groupList, 'pid')->getChildren($v['id'], true);
  373. $obj = Tree::instance()->init($childrenList, 'pid')->getTreeArray($v['pid']);
  374. $objList = array_merge($objList, Tree::instance()->getTreeList($obj));
  375. }
  376. $childrenGroupIds = [];
  377. foreach ($objList as $k => $v) {
  378. $childrenGroupIds[] = $v['id'];
  379. }
  380. if (!$withself) {
  381. $childrenGroupIds = array_diff($childrenGroupIds, $groupIds);
  382. }
  383. return $childrenGroupIds;
  384. }
  385. /**
  386. * 取出当前管理员所拥有权限的管理员
  387. * @param boolean $withself 是否包含自身
  388. * @return array
  389. */
  390. public function getChildrenAdminIds($withself = false)
  391. {
  392. $childrenAdminIds = [];
  393. if (!$this->isSuperAdmin()) {
  394. $groupIds = $this->getChildrenGroupIds(false);
  395. $authGroupList = \app\admin\model\AuthGroupAccess::
  396. field('uid,group_id')
  397. ->where('group_id', 'in', $groupIds)
  398. ->select();
  399. foreach ($authGroupList as $k => $v) {
  400. $childrenAdminIds[] = $v['uid'];
  401. }
  402. } else {
  403. //超级管理员拥有所有人的权限
  404. $childrenAdminIds = Admin::column('id');
  405. }
  406. if ($withself) {
  407. if (!in_array($this->id, $childrenAdminIds)) {
  408. $childrenAdminIds[] = $this->id;
  409. }
  410. } else {
  411. $childrenAdminIds = array_diff($childrenAdminIds, [$this->id]);
  412. }
  413. return $childrenAdminIds;
  414. }
  415. /**
  416. * 获得面包屑导航
  417. * @param string $path
  418. * @return array
  419. */
  420. public function getBreadCrumb($path = '')
  421. {
  422. if ($this->breadcrumb || !$path) {
  423. return $this->breadcrumb;
  424. }
  425. $titleArr = [];
  426. $menuArr = [];
  427. $urlArr = explode('/', $path);
  428. foreach ($urlArr as $index => $item) {
  429. $pathArr[implode('/', array_slice($urlArr, 0, $index + 1))] = $index;
  430. }
  431. if (!$this->rules && $this->id) {
  432. $this->getRuleList();
  433. }
  434. foreach ($this->rules as $rule) {
  435. if (isset($pathArr[$rule['name']])) {
  436. $rule['title'] = __($rule['title']);
  437. $rule['url'] = url($rule['name']);
  438. $titleArr[$pathArr[$rule['name']]] = $rule['title'];
  439. $menuArr[$pathArr[$rule['name']]] = $rule;
  440. }
  441. }
  442. ksort($menuArr);
  443. $this->breadcrumb = $menuArr;
  444. return $this->breadcrumb;
  445. }
  446. /**
  447. * 获取左侧和顶部菜单栏
  448. *
  449. * @param array $params URL对应的badge数据
  450. * @param string $fixedPage 默认页
  451. * @return array
  452. */
  453. public function getSidebar($params = [], $fixedPage = 'dashboard')
  454. {
  455. // 边栏开始
  456. Hook::listen("admin_sidebar_begin", $params);
  457. $colorArr = ['red', 'green', 'yellow', 'blue', 'teal', 'orange', 'purple'];
  458. $colorNums = count($colorArr);
  459. $badgeList = [];
  460. $module = request()->module();
  461. // 生成菜单的badge
  462. foreach ($params as $k => $v) {
  463. $url = $k;
  464. if (is_array($v)) {
  465. $nums = isset($v[0]) ? $v[0] : 0;
  466. $color = isset($v[1]) ? $v[1] : $colorArr[(is_numeric($nums) ? $nums : strlen($nums)) % $colorNums];
  467. $class = isset($v[2]) ? $v[2] : 'label';
  468. } else {
  469. $nums = $v;
  470. $color = $colorArr[(is_numeric($nums) ? $nums : strlen($nums)) % $colorNums];
  471. $class = 'label';
  472. }
  473. //必须nums大于0才显示
  474. if ($nums) {
  475. $badgeList[$url] = '<small class="' . $class . ' pull-right bg-' . $color . '">' . $nums . '</small>';
  476. }
  477. }
  478. // 读取管理员当前拥有的权限节点
  479. $userRule = $this->getRuleList();
  480. $selected = $referer = [];
  481. $refererUrl = Session::get('referer');
  482. // 必须将结果集转换为数组
  483. $ruleList = collection(\app\admin\model\AuthRule::where('status', 'normal')
  484. ->where('ismenu', 1)
  485. ->order('weigh', 'desc')
  486. ->cache("__menu__")
  487. ->select())->toArray();
  488. $indexRuleList = \app\admin\model\AuthRule::where('status', 'normal')
  489. ->where('ismenu', 0)
  490. ->where('name', 'like', '%/index')
  491. ->column('name,pid');
  492. $pidArr = array_unique(array_filter(array_column($ruleList, 'pid')));
  493. foreach ($ruleList as $k => &$v) {
  494. if (!in_array($v['name'], $userRule)) {
  495. unset($ruleList[$k]);
  496. continue;
  497. }
  498. $indexRuleName = $v['name'] . '/index';
  499. if (isset($indexRuleList[$indexRuleName]) && !in_array($indexRuleName, $userRule)) {
  500. unset($ruleList[$k]);
  501. continue;
  502. }
  503. $v['icon'] = $v['icon'] . ' fa-fw';
  504. $v['url'] = isset($v['url']) && $v['url'] ? $v['url'] : '/' . $module . '/' . $v['name'];
  505. $v['badge'] = isset($badgeList[$v['name']]) ? $badgeList[$v['name']] : '';
  506. $v['title'] = __($v['title']);
  507. $v['url'] = preg_match("/^((?:[a-z]+:)?\/\/|data:image\/)(.*)/i", $v['url']) ? $v['url'] : url($v['url']);
  508. $v['menuclass'] = in_array($v['menutype'], ['dialog', 'ajax']) ? 'btn-' . $v['menutype'] : '';
  509. $v['menutabs'] = !$v['menutype'] || in_array($v['menutype'], ['default', 'addtabs']) ? 'addtabs="' . $v['id'] . '"' : '';
  510. $selected = $v['name'] == $fixedPage ? $v : $selected;
  511. $referer = $v['url'] == $refererUrl ? $v : $referer;
  512. }
  513. $lastArr = array_unique(array_filter(array_column($ruleList, 'pid')));
  514. $pidDiffArr = array_diff($pidArr, $lastArr);
  515. foreach ($ruleList as $index => $item) {
  516. if (in_array($item['id'], $pidDiffArr)) {
  517. unset($ruleList[$index]);
  518. }
  519. }
  520. if ($selected == $referer) {
  521. $referer = [];
  522. }
  523. $select_id = $referer ? $referer['id'] : ($selected ? $selected['id'] : 0);
  524. $menu = $nav = '';
  525. $showSubmenu = config('fastadmin.show_submenu');
  526. if (Config::get('fastadmin.multiplenav')) {
  527. $topList = [];
  528. foreach ($ruleList as $index => $item) {
  529. if (!$item['pid']) {
  530. $topList[] = $item;
  531. }
  532. }
  533. $selectParentIds = [];
  534. $tree = Tree::instance();
  535. $tree->init($ruleList);
  536. if ($select_id) {
  537. $selectParentIds = $tree->getParentsIds($select_id, true);
  538. }
  539. foreach ($topList as $index => $item) {
  540. $childList = Tree::instance()->getTreeMenu(
  541. $item['id'],
  542. '<li class="@class" pid="@pid"><a @extend href="@url@addtabs" addtabs="@id" class="@menuclass" url="@url" py="@py" pinyin="@pinyin"><i class="@icon"></i> <span>@title</span> <span class="pull-right-container">@caret @badge</span></a> @childlist</li>',
  543. $select_id,
  544. '',
  545. 'ul',
  546. 'class="treeview-menu' . ($showSubmenu ? ' menu-open' : '') . '"'
  547. );
  548. $current = in_array($item['id'], $selectParentIds);
  549. $url = $childList ? 'javascript:;' : $item['url'];
  550. $addtabs = $childList || !$url ? "" : (stripos($url, "?") !== false ? "&" : "?") . "ref=" . ($item['menutype'] ? $item['menutype'] : 'addtabs');
  551. $childList = str_replace(
  552. '" pid="' . $item['id'] . '"',
  553. ' ' . ($current ? '' : 'hidden') . '" pid="' . $item['id'] . '"',
  554. $childList
  555. );
  556. $nav .= '<li class="' . ($current ? 'active' : '') . '"><a ' . $item['extend'] . ' href="' . $url . $addtabs . '" ' . $item['menutabs'] . ' class="' . $item['menuclass'] . '" url="' . $url . '" title="' . $item['title'] . '"><i class="' . $item['icon'] . '"></i> <span>' . $item['title'] . '</span> <span class="pull-right-container"> </span></a> </li>';
  557. $menu .= $childList;
  558. }
  559. } else {
  560. // 构造菜单数据
  561. Tree::instance()->init($ruleList);
  562. $menu = Tree::instance()->getTreeMenu(
  563. 0,
  564. '<li class="@class"><a @extend href="@url@addtabs" @menutabs class="@menuclass" url="@url" py="@py" pinyin="@pinyin"><i class="@icon"></i> <span>@title</span> <span class="pull-right-container">@caret @badge</span></a> @childlist</li>',
  565. $select_id,
  566. '',
  567. 'ul',
  568. 'class="treeview-menu' . ($showSubmenu ? ' menu-open' : '') . '"'
  569. );
  570. if ($selected) {
  571. $nav .= '<li role="presentation" id="tab_' . $selected['id'] . '" class="' . ($referer ? '' : 'active') . '"><a href="#con_' . $selected['id'] . '" node-id="' . $selected['id'] . '" aria-controls="' . $selected['id'] . '" role="tab" data-toggle="tab"><i class="' . $selected['icon'] . ' fa-fw"></i> <span>' . $selected['title'] . '</span> </a></li>';
  572. }
  573. if ($referer) {
  574. $nav .= '<li role="presentation" id="tab_' . $referer['id'] . '" class="active"><a href="#con_' . $referer['id'] . '" node-id="' . $referer['id'] . '" aria-controls="' . $referer['id'] . '" role="tab" data-toggle="tab"><i class="' . $referer['icon'] . ' fa-fw"></i> <span>' . $referer['title'] . '</span> </a> <i class="close-tab fa fa-remove"></i></li>';
  575. }
  576. }
  577. return [$menu, $nav, $selected, $referer];
  578. }
  579. /**
  580. * 设置错误信息
  581. *
  582. * @param string $error 错误信息
  583. * @return Auth
  584. */
  585. public function setError($error)
  586. {
  587. $this->_error = $error;
  588. return $this;
  589. }
  590. /**
  591. * 获取错误信息
  592. * @return string
  593. */
  594. public function getError()
  595. {
  596. return $this->_error ? __($this->_error) : '';
  597. }
  598. }