48 lines
1.5 KiB
PHP
48 lines
1.5 KiB
PHP
<?php
|
|
|
|
declare (strict_types=1);
|
|
|
|
namespace app\middleware;
|
|
|
|
use think\facade\Db;
|
|
|
|
class AuthApi
|
|
{
|
|
public function handle($request, \Closure $next)
|
|
{
|
|
$uid = input('post.uid/d');
|
|
$timestamp = input('post.timestamp');
|
|
$sign = input('post.sign');
|
|
if (!$uid || empty($timestamp) || empty($sign)) {
|
|
return json(['code' => -1, 'msg' => '认证参数不能为空'])->code(403);
|
|
}
|
|
if ($timestamp < time() - 300 || $timestamp > time() + 300) {
|
|
return json(['code' => -1, 'msg' => '时间戳不合法'])->code(403);
|
|
}
|
|
$user = Db::name('user')->where('id', $uid)->find();
|
|
if (!$user) {
|
|
return json(['code' => -1, 'msg' => '用户不存在'])->code(403);
|
|
}
|
|
if ($user['status'] == 0) {
|
|
return json(['code' => -1, 'msg' => '该用户已被封禁'])->code(403);
|
|
}
|
|
if ($user['is_api'] == 0) {
|
|
return json(['code' => -1, 'msg' => '该用户未开启API权限'])->code(403);
|
|
}
|
|
if (md5($uid.$timestamp.$user['apikey']) !== $sign) {
|
|
return json(['code' => -1, 'msg' => '签名错误'])->code(403);
|
|
}
|
|
|
|
$user['type'] = 'user';
|
|
$user['permission'] = [];
|
|
if ($user['level'] == 1) {
|
|
$user['permission'] = Db::name('permission')->where('uid', $uid)->column('domain');
|
|
}
|
|
|
|
$request->islogin = true;
|
|
$request->isApi = true;
|
|
$request->user = $user;
|
|
return $next($request);
|
|
}
|
|
}
|