| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 |
- <?php
- namespace App\Http\Middleware;
- use App\Models\SysModels\User;
- use App\Servers\Common\PermissionServer;
- use App\Servers\Common\RedisDataServer;
- use Closure;
- class AdminApiAuthMiddleware
- {
- private $noAuth = [
- 'adminApi.login',
- 'adminApi.logout',
- ];
- /**
- * Handle an incoming request.
- *
- * @param \Illuminate\Http\Request $request
- * @param \Closure $next
- * @return mixed
- */
- public function handle($request, Closure $next)
- {
- $clientRoute = request()->route()->getName();//获取当前路由
- if (in_array($clientRoute, $this->noAuth)) {//不需要验证的路由
- return $next($request);
- }
- //获取token
- $api_token = $request->input('api_token');
- if(empty($api_token)) $api_token = $request->header('ApiToken');
- if(empty($api_token)){
- return response()->json([
- 'msg' => '缺少认证信息',
- 'code' => 401,
- 'data' => []
- ]);
- }
- //获取当前用户
- $user = RedisDataServer::creatServer()->getData( 'gw_adminLogin_' . $api_token, 'json');
- if(!$user){
- //数据库查找当前用户
- $user = User::where('api_token', $api_token)->where('is_del', 0)->first();
- if($user){
- //用户信息缓存
- RedisDataServer::creatServer()->setData('gw_adminLogin_' . $api_token, $user, 'json', 300);
- }else{
- return response()->json([
- 'msg' => '身份验证失败',
- 'code' => 401,
- 'data' => []
- ]);
- }
- }
- //状态验证
- if($user['status'] == 2){
- return response()->json([
- 'msg' => '账号已关闭',
- 'code' => 402,
- 'data' => []
- ]);
- }
- //进行路由验证
- $ret = PermissionServer::verifyAuth($user['role_id'], $clientRoute);
- if (empty($ret) && $user['id'] != 1) {
- return response()->json([
- 'msg' => '暂无权限',
- 'code' => 402,
- 'data' => []
- ]);
- }
- return $next($request);
- }
- }
|
