Auth.php 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587
  1. <?php
  2. namespace app\admin\library;
  3. use app\admin\model\Admin;
  4. use fast\Random;
  5. use fast\Tree;
  6. use think\Config;
  7. use think\Cookie;
  8. use think\Hook;
  9. use think\Request;
  10. use think\Session;
  11. class Auth extends \fast\Auth
  12. {
  13. protected $_error = '';
  14. protected $requestUri = '';
  15. protected $breadcrumb = [];
  16. protected $logined = false; //登录状态
  17. public function __construct()
  18. {
  19. parent::__construct();
  20. }
  21. public function __get($name)
  22. {
  23. return Session::get('admin.' . $name);
  24. }
  25. /**
  26. * 管理员登录
  27. *
  28. * @param string $username 用户名
  29. * @param string $password 密码
  30. * @param int $keeptime 有效时长
  31. * @return boolean
  32. */
  33. public function login($username, $password, $keeptime = 0)
  34. {
  35. $admin = Admin::get(['username' => $username]);
  36. if (!$admin) {
  37. $this->setError('Username is incorrect');
  38. return false;
  39. }
  40. if ($admin['status'] == 'hidden') {
  41. $this->setError('Admin is forbidden');
  42. return false;
  43. }
  44. if (Config::get('fastadmin.login_failure_retry') && $admin->loginfailure >= 10 && time() - $admin->updatetime < 86400) {
  45. $this->setError('Please try again after 1 day');
  46. return false;
  47. }
  48. if ($admin->password != $this->getEncryptPassword($password, $admin->salt)) {
  49. $admin->loginfailure++;
  50. $admin->save();
  51. $this->setError('Password is incorrect');
  52. return false;
  53. }
  54. $admin->loginfailure = 0;
  55. $admin->logintime = time();
  56. $admin->loginip = request()->ip();
  57. $admin->token = Random::uuid();
  58. $admin->save();
  59. Session::set("admin", $admin->toArray());
  60. Session::set("admin.safecode", $this->getEncryptSafecode($admin));
  61. $this->keeplogin($admin, $keeptime);
  62. return true;
  63. }
  64. /**
  65. * 退出登录
  66. */
  67. public function logout()
  68. {
  69. $admin = Admin::get(intval($this->id));
  70. if ($admin) {
  71. $admin->token = '';
  72. $admin->save();
  73. }
  74. $this->logined = false; //重置登录状态
  75. Session::delete("admin");
  76. Cookie::delete("keeplogin");
  77. setcookie('fastadmin_userinfo', '', $_SERVER['REQUEST_TIME'] - 3600, rtrim(url("/" . request()->module(), '', false), '/'));
  78. return true;
  79. }
  80. /**
  81. * 自动登录
  82. * @return boolean
  83. */
  84. public function autologin()
  85. {
  86. $keeplogin = Cookie::get('keeplogin');
  87. if (!$keeplogin) {
  88. return false;
  89. }
  90. list($id, $keeptime, $expiretime, $key) = explode('|', $keeplogin);
  91. if ($id && $keeptime && $expiretime && $key && $expiretime > time()) {
  92. $admin = Admin::get($id);
  93. if (!$admin || !$admin->token) {
  94. return false;
  95. }
  96. //token有变更
  97. if ($key != $this->getKeeploginKey($admin, $keeptime, $expiretime)) {
  98. return false;
  99. }
  100. $ip = request()->ip();
  101. // IP 变动检测(与 isLogin 一致,受 fastadmin.loginip_check 控制)
  102. if (Config::get('fastadmin.loginip_check')) {
  103. if ($admin->loginip != $ip) {
  104. return false;
  105. }
  106. }
  107. Session::set("admin", $admin->toArray());
  108. Session::set("admin.safecode", $this->getEncryptSafecode($admin));
  109. //刷新自动登录的时效
  110. $this->keeplogin($admin, $keeptime);
  111. return true;
  112. } else {
  113. return false;
  114. }
  115. }
  116. /**
  117. * 刷新保持登录的Cookie
  118. *
  119. * @param int $keeptime
  120. * @return boolean
  121. */
  122. protected function keeplogin($admin, $keeptime = 0)
  123. {
  124. if ($keeptime) {
  125. $expiretime = time() + $keeptime;
  126. $key = $this->getKeeploginKey($admin, $keeptime, $expiretime);
  127. Cookie::set('keeplogin', implode('|', [$admin['id'], $keeptime, $expiretime, $key]), $keeptime);
  128. return true;
  129. }
  130. return false;
  131. }
  132. /**
  133. * 获取密码加密后的字符串
  134. * @param string $password 密码
  135. * @param string $salt 密码盐
  136. * @return string
  137. */
  138. public function getEncryptPassword($password, $salt = '')
  139. {
  140. return md5(md5($password) . $salt);
  141. }
  142. /**
  143. * 获取密码加密后的自动登录码
  144. * @param string $password 密码
  145. * @param string $salt 密码盐
  146. * @return string
  147. */
  148. public function getEncryptKeeplogin($params, $keeptime)
  149. {
  150. $expiretime = time() + $keeptime;
  151. $key = md5(md5($params['id']) . md5($keeptime) . md5($expiretime) . $params['token'] . config('token.key'));
  152. return implode('|', [$this->id, $keeptime, $expiretime, $key]);
  153. }
  154. /**
  155. * 获取自动登录Key
  156. * @param $params
  157. * @param $keeptime
  158. * @param $expiretime
  159. * @return string
  160. */
  161. public function getKeeploginKey($params, $keeptime, $expiretime)
  162. {
  163. $key = md5(md5($params['id']) . md5($keeptime) . md5($expiretime) . $params['token'] . config('token.key'));
  164. return $key;
  165. }
  166. /**
  167. * 获取加密后的安全码
  168. * @param $params
  169. * @return string
  170. */
  171. public function getEncryptSafecode($params)
  172. {
  173. return md5(md5($params['username']) . md5(substr($params['password'], 0, 6)) . config('token.key'));
  174. }
  175. public function check($name, $uid = '', $relation = 'or', $mode = 'url')
  176. {
  177. $uid = $uid ? $uid : $this->id;
  178. return parent::check($name, $uid, $relation, $mode);
  179. }
  180. /**
  181. * 检测当前控制器和方法是否匹配传递的数组
  182. *
  183. * @param array $arr 需要验证权限的数组
  184. * @return bool
  185. */
  186. public function match($arr = [])
  187. {
  188. $request = Request::instance();
  189. $arr = is_array($arr) ? $arr : explode(',', $arr);
  190. if (!$arr) {
  191. return false;
  192. }
  193. $arr = array_map('strtolower', $arr);
  194. // 是否存在
  195. if (in_array(strtolower($request->action()), $arr) || in_array('*', $arr)) {
  196. return true;
  197. }
  198. // 没找到匹配
  199. return false;
  200. }
  201. /**
  202. * 检测是否登录
  203. *
  204. * @return boolean
  205. */
  206. public function isLogin()
  207. {
  208. if ($this->logined) {
  209. return true;
  210. }
  211. $admin = Session::get('admin');
  212. if (!$admin) {
  213. return false;
  214. }
  215. $my = Admin::get($admin['id']);
  216. if (!$my) {
  217. return false;
  218. }
  219. //校验安全码,可用于判断关键信息发生了变更需要重新登录
  220. if (!isset($admin['safecode']) || $this->getEncryptSafecode($my) !== $admin['safecode']) {
  221. $this->logout();
  222. return false;
  223. }
  224. //判断是否同一时间同一账号只能在一个地方登录
  225. if (Config::get('fastadmin.login_unique')) {
  226. if ($my['token'] != $admin['token']) {
  227. $this->logout();
  228. return false;
  229. }
  230. }
  231. //判断管理员IP是否变动
  232. if (Config::get('fastadmin.loginip_check')) {
  233. if (!isset($admin['loginip']) || $admin['loginip'] != request()->ip()) {
  234. $this->logout();
  235. return false;
  236. }
  237. }
  238. $this->logined = true;
  239. return true;
  240. }
  241. /**
  242. * 获取当前请求的URI
  243. * @return string
  244. */
  245. public function getRequestUri()
  246. {
  247. return $this->requestUri;
  248. }
  249. /**
  250. * 设置当前请求的URI
  251. * @param string $uri
  252. */
  253. public function setRequestUri($uri)
  254. {
  255. $this->requestUri = $uri;
  256. }
  257. public function getGroups($uid = null)
  258. {
  259. $uid = is_null($uid) ? $this->id : $uid;
  260. return parent::getGroups($uid);
  261. }
  262. public function getRuleList($uid = null)
  263. {
  264. $uid = is_null($uid) ? $this->id : $uid;
  265. return parent::getRuleList($uid);
  266. }
  267. public function getUserInfo($uid = null)
  268. {
  269. $uid = is_null($uid) ? $this->id : $uid;
  270. return $uid != $this->id ? Admin::get(intval($uid)) : Session::get('admin');
  271. }
  272. public function getRuleIds($uid = null)
  273. {
  274. $uid = is_null($uid) ? $this->id : $uid;
  275. return parent::getRuleIds($uid);
  276. }
  277. public function isSuperAdmin()
  278. {
  279. return in_array('*', $this->getRuleIds()) ? true : false;
  280. }
  281. /**
  282. * 获取管理员所属于的分组ID
  283. * @param int $uid
  284. * @return array
  285. */
  286. public function getGroupIds($uid = null)
  287. {
  288. $groups = $this->getGroups($uid);
  289. $groupIds = [];
  290. foreach ($groups as $K => $v) {
  291. $groupIds[] = (int)$v['group_id'];
  292. }
  293. return $groupIds;
  294. }
  295. /**
  296. * 取出当前管理员所拥有权限的分组
  297. * @param boolean $withself 是否包含当前所在的分组
  298. * @return array
  299. */
  300. public function getChildrenGroupIds($withself = false)
  301. {
  302. //取出当前管理员所有的分组
  303. $groups = $this->getGroups();
  304. $groupIds = [];
  305. foreach ($groups as $k => $v) {
  306. $groupIds[] = $v['id'];
  307. }
  308. $originGroupIds = $groupIds;
  309. foreach ($groups as $k => $v) {
  310. if (in_array($v['pid'], $originGroupIds)) {
  311. $groupIds = array_diff($groupIds, [$v['id']]);
  312. unset($groups[$k]);
  313. }
  314. }
  315. // 取出所有分组
  316. $groupList = \app\admin\model\AuthGroup::where(['status' => 'normal'])->select();
  317. $objList = [];
  318. foreach ($groups as $k => $v) {
  319. if ($v['rules'] === '*') {
  320. $objList = $groupList;
  321. break;
  322. }
  323. // 取出包含自己的所有子节点
  324. $childrenList = Tree::instance()->init($groupList, 'pid')->getChildren($v['id'], true);
  325. $obj = Tree::instance()->init($childrenList, 'pid')->getTreeArray($v['pid']);
  326. $objList = array_merge($objList, Tree::instance()->getTreeList($obj));
  327. }
  328. $childrenGroupIds = [];
  329. foreach ($objList as $k => $v) {
  330. $childrenGroupIds[] = $v['id'];
  331. }
  332. if (!$withself) {
  333. $childrenGroupIds = array_diff($childrenGroupIds, $groupIds);
  334. }
  335. return $childrenGroupIds;
  336. }
  337. /**
  338. * 取出当前管理员所拥有权限的管理员
  339. * @param boolean $withself 是否包含自身
  340. * @return array
  341. */
  342. public function getChildrenAdminIds($withself = false)
  343. {
  344. $childrenAdminIds = [];
  345. if (!$this->isSuperAdmin()) {
  346. $groupIds = $this->getChildrenGroupIds(false);
  347. $authGroupList = \app\admin\model\AuthGroupAccess::
  348. field('uid,group_id')
  349. ->where('group_id', 'in', $groupIds)
  350. ->select();
  351. foreach ($authGroupList as $k => $v) {
  352. $childrenAdminIds[] = $v['uid'];
  353. }
  354. } else {
  355. //超级管理员拥有所有人的权限
  356. $childrenAdminIds = Admin::column('id');
  357. }
  358. if ($withself) {
  359. if (!in_array($this->id, $childrenAdminIds)) {
  360. $childrenAdminIds[] = $this->id;
  361. }
  362. } else {
  363. $childrenAdminIds = array_diff($childrenAdminIds, [$this->id]);
  364. }
  365. return $childrenAdminIds;
  366. }
  367. /**
  368. * 获得面包屑导航
  369. * @param string $path
  370. * @return array
  371. */
  372. public function getBreadCrumb($path = '')
  373. {
  374. if ($this->breadcrumb || !$path) {
  375. return $this->breadcrumb;
  376. }
  377. $titleArr = [];
  378. $menuArr = [];
  379. $urlArr = explode('/', $path);
  380. foreach ($urlArr as $index => $item) {
  381. $pathArr[implode('/', array_slice($urlArr, 0, $index + 1))] = $index;
  382. }
  383. if (!$this->rules && $this->id) {
  384. $this->getRuleList();
  385. }
  386. foreach ($this->rules as $rule) {
  387. if (isset($pathArr[$rule['name']])) {
  388. $rule['title'] = __($rule['title']);
  389. $rule['url'] = url($rule['name']);
  390. $titleArr[$pathArr[$rule['name']]] = $rule['title'];
  391. $menuArr[$pathArr[$rule['name']]] = $rule;
  392. }
  393. }
  394. ksort($menuArr);
  395. $this->breadcrumb = $menuArr;
  396. return $this->breadcrumb;
  397. }
  398. /**
  399. * 获取左侧和顶部菜单栏
  400. *
  401. * @param array $params URL对应的badge数据
  402. * @param string $fixedPage 默认页
  403. * @return array
  404. */
  405. public function getSidebar($params = [], $fixedPage = 'dashboard')
  406. {
  407. // 边栏开始
  408. Hook::listen("admin_sidebar_begin", $params);
  409. $colorArr = ['red', 'green', 'yellow', 'blue', 'teal', 'orange', 'purple'];
  410. $colorNums = count($colorArr);
  411. $badgeList = [];
  412. $module = request()->module();
  413. // 生成菜单的badge
  414. foreach ($params as $k => $v) {
  415. $url = $k;
  416. if (is_array($v)) {
  417. $nums = isset($v[0]) ? $v[0] : 0;
  418. $color = isset($v[1]) ? $v[1] : $colorArr[(is_numeric($nums) ? $nums : strlen($nums)) % $colorNums];
  419. $class = isset($v[2]) ? $v[2] : 'label';
  420. } else {
  421. $nums = $v;
  422. $color = $colorArr[(is_numeric($nums) ? $nums : strlen($nums)) % $colorNums];
  423. $class = 'label';
  424. }
  425. //必须nums大于0才显示
  426. if ($nums) {
  427. $badgeList[$url] = '<small class="' . $class . ' pull-right bg-' . $color . '">' . $nums . '</small>';
  428. }
  429. }
  430. // 读取管理员当前拥有的权限节点
  431. $userRule = $this->getRuleList();
  432. $selected = $referer = [];
  433. $refererUrl = Session::get('referer');
  434. // 必须将结果集转换为数组
  435. $ruleList = collection(\app\admin\model\AuthRule::where('status', 'normal')
  436. ->where('ismenu', 1)
  437. ->order('weigh', 'desc')
  438. ->cache("__menu__")
  439. ->select())->toArray();
  440. $indexRuleList = \app\admin\model\AuthRule::where('status', 'normal')
  441. ->where('ismenu', 0)
  442. ->where('name', 'like', '%/index')
  443. ->column('name,pid');
  444. $pidArr = array_unique(array_filter(array_column($ruleList, 'pid')));
  445. foreach ($ruleList as $k => &$v) {
  446. if (!in_array($v['name'], $userRule)) {
  447. unset($ruleList[$k]);
  448. continue;
  449. }
  450. $indexRuleName = $v['name'] . '/index';
  451. if (isset($indexRuleList[$indexRuleName]) && !in_array($indexRuleName, $userRule)) {
  452. unset($ruleList[$k]);
  453. continue;
  454. }
  455. $v['icon'] = $v['icon'] . ' fa-fw';
  456. $v['url'] = isset($v['url']) && $v['url'] ? $v['url'] : '/' . $module . '/' . $v['name'];
  457. $v['badge'] = isset($badgeList[$v['name']]) ? $badgeList[$v['name']] : '';
  458. $v['title'] = __($v['title']);
  459. $v['url'] = preg_match("/^((?:[a-z]+:)?\/\/|data:image\/)(.*)/i", $v['url']) ? $v['url'] : url($v['url']);
  460. $v['menuclass'] = in_array($v['menutype'], ['dialog', 'ajax']) ? 'btn-' . $v['menutype'] : '';
  461. $v['menutabs'] = !$v['menutype'] || in_array($v['menutype'], ['default', 'addtabs']) ? 'addtabs="' . $v['id'] . '"' : '';
  462. $selected = $v['name'] == $fixedPage ? $v : $selected;
  463. $referer = $v['url'] == $refererUrl ? $v : $referer;
  464. }
  465. $lastArr = array_unique(array_filter(array_column($ruleList, 'pid')));
  466. $pidDiffArr = array_diff($pidArr, $lastArr);
  467. foreach ($ruleList as $index => $item) {
  468. if (in_array($item['id'], $pidDiffArr)) {
  469. unset($ruleList[$index]);
  470. }
  471. }
  472. if ($selected == $referer) {
  473. $referer = [];
  474. }
  475. $select_id = $referer ? $referer['id'] : ($selected ? $selected['id'] : 0);
  476. $menu = $nav = '';
  477. $showSubmenu = config('fastadmin.show_submenu');
  478. if (Config::get('fastadmin.multiplenav')) {
  479. $topList = [];
  480. foreach ($ruleList as $index => $item) {
  481. if (!$item['pid']) {
  482. $topList[] = $item;
  483. }
  484. }
  485. $selectParentIds = [];
  486. $tree = Tree::instance();
  487. $tree->init($ruleList);
  488. if ($select_id) {
  489. $selectParentIds = $tree->getParentsIds($select_id, true);
  490. }
  491. foreach ($topList as $index => $item) {
  492. $childList = Tree::instance()->getTreeMenu(
  493. $item['id'],
  494. '<li class="@class" pid="@pid"><a @extend href="@url@addtabs" addtabs="@id" class="@menuclass" url="@url" py="@py" pinyin="@pinyin"><i class="@icon"></i> <span>@title</span> <span class="pull-right-container">@caret @badge</span></a> @childlist</li>',
  495. $select_id,
  496. '',
  497. 'ul',
  498. 'class="treeview-menu' . ($showSubmenu ? ' menu-open' : '') . '"'
  499. );
  500. $current = in_array($item['id'], $selectParentIds);
  501. $url = $childList ? 'javascript:;' : $item['url'];
  502. $addtabs = $childList || !$url ? "" : (stripos($url, "?") !== false ? "&" : "?") . "ref=" . ($item['menutype'] ? $item['menutype'] : 'addtabs');
  503. $childList = str_replace(
  504. '" pid="' . $item['id'] . '"',
  505. ' ' . ($current ? '' : 'hidden') . '" pid="' . $item['id'] . '"',
  506. $childList
  507. );
  508. $nav .= '<li class="' . ($current ? 'active' : '') . '"><a ' . $item['extend'] . ' href="' . $url . $addtabs . '" ' . $item['menutabs'] . ' class="' . $item['menuclass'] . '" url="' . $url . '" title="' . $item['title'] . '"><i class="' . $item['icon'] . '"></i> <span>' . $item['title'] . '</span> <span class="pull-right-container"> </span></a> </li>';
  509. $menu .= $childList;
  510. }
  511. } else {
  512. // 构造菜单数据
  513. Tree::instance()->init($ruleList);
  514. $menu = Tree::instance()->getTreeMenu(
  515. 0,
  516. '<li class="@class"><a @extend href="@url@addtabs" @menutabs class="@menuclass" url="@url" py="@py" pinyin="@pinyin"><i class="@icon"></i> <span>@title</span> <span class="pull-right-container">@caret @badge</span></a> @childlist</li>',
  517. $select_id,
  518. '',
  519. 'ul',
  520. 'class="treeview-menu' . ($showSubmenu ? ' menu-open' : '') . '"'
  521. );
  522. if ($selected) {
  523. $nav .= '<li role="presentation" id="tab_' . $selected['id'] . '" class="' . ($referer ? '' : 'active') . '"><a href="#con_' . $selected['id'] . '" node-id="' . $selected['id'] . '" aria-controls="' . $selected['id'] . '" role="tab" data-toggle="tab"><i class="' . $selected['icon'] . ' fa-fw"></i> <span>' . $selected['title'] . '</span> </a></li>';
  524. }
  525. if ($referer) {
  526. $nav .= '<li role="presentation" id="tab_' . $referer['id'] . '" class="active"><a href="#con_' . $referer['id'] . '" node-id="' . $referer['id'] . '" aria-controls="' . $referer['id'] . '" role="tab" data-toggle="tab"><i class="' . $referer['icon'] . ' fa-fw"></i> <span>' . $referer['title'] . '</span> </a> <i class="close-tab fa fa-remove"></i></li>';
  527. }
  528. }
  529. return [$menu, $nav, $selected, $referer];
  530. }
  531. /**
  532. * 设置错误信息
  533. *
  534. * @param string $error 错误信息
  535. * @return Auth
  536. */
  537. public function setError($error)
  538. {
  539. $this->_error = $error;
  540. return $this;
  541. }
  542. /**
  543. * 获取错误信息
  544. * @return string
  545. */
  546. public function getError()
  547. {
  548. return $this->_error ? __($this->_error) : '';
  549. }
  550. }