<?php
declare (strict_types = 1);
namespace App\Controller;
use App\JsonRpc\UserServiceInterface;
use App\Tools\CommonService;
use App\Tools\PublicData;
use App\Tools\Result;
use Hyperf\Context\Context;
use PHPStan\Type\Accessory\OversizedArrayType;
use PHPUnit\Exception;
use function Hyperf\Support\env;
use Hyperf\Di\Annotation\Inject;
use Hyperf\HttpServer\Annotation\AutoController;
use Hyperf\Validation\Contract\ValidatorFactoryInterface;
use \Phper666\JWTAuth\JWT;
use App\Model\UserToken;
use Hyperf\HttpServer\Response;
use Hyperf\HttpMessage\Cookie\Cookie;
use App\Controller\UserController;
use App\JsonRpc\WebsiteServiceInterface;
/**
* @AutoController()
*/
class LoginController extends AbstractController
{
#[Inject]
protected ValidatorFactoryInterface $validationFactory;
// protected JWT $JWT;
/**
* @var UserServiceInterface
*/
#[Inject]
private $userServiceClient;
/**
* @var WebsiteServiceInterface
*/
#[Inject]
private $websiteServiceClient;
/**
* @var Response
*/
// private $response;
// public function __construct(Jwt $JWT)
// {
// $this->JWT = $JWT;
// }
public function login(Jwt $jwt)
{
$reqData = $this->request->all();
$validator = $this->validationFactory->make(
$reqData,
[
'username' => 'required',
'password' => 'required',
'type' => 'required',
// 'code' => 'required',
],
[
'username.required' => '用户名不能为空',
'password.required' => '密码不能为空',
'type.required' => '登录方式必填',
// 'code.required' => 'code方式必填',
]
);
if ($validator->fails()) {
$errorMessage = $validator->errors()->first();
return Result::error($errorMessage);
}
// $comm = new CommonService();
// $redis = $this->container->get(\Hyperf\Redis\Redis::class);
// $code = $redis->get($reqData['code']);
// if (empty($code)) {
// return Result::error("验证码已过期");
// }
// if (strtolower($code) != strtolower($reqData['captcha'])) {
// return Result::error("验证码错误");
// }
$where = [];
if ($reqData['type'] == 1) { //密码登录
$where = [
'user_name' => $reqData['username'],
];
}
$userInfos = $this->userServiceClient->verifyUserInfo($where);
if ($userInfos['code'] == 0) {
return Result::error("用户不存在");
}
if($userInfos['data']['status']==0){
return Result::error("用户已经冻结");
}
if (md5(md5($reqData['password']) . $userInfos['data']['salt']) != $userInfos['data']['password']) {
return Result::error("登陆密码错误");
}
if($userInfos['data']['type_id']!=10000){
$authData = [
'id'=>$userInfos['data']['sszq'],
'SiteId'=>Context::get("SiteId")
];
var_dump("参数:",$authData);
$resultAuth = $this->checkUserAuth($authData);
if(!$resultAuth){
return Result::error("您没有权限登陆此网站");
}
}
$userData = [
'uid' => $userInfos['data']['id'], // 如果使用单点登录,必须存在配置文件中的sso_key的值,一般设置为用户的id
'user_name' => $userInfos['data']['user_name'],
'mobile' => $userInfos['data']['mobile'],
'email' => $userInfos['data']['email'],
'level_id' => $userInfos['data']['level_id'],
'type_id' => $userInfos['data']['type_id'],
];
// 使用默认场景登录
$token = $jwt->getToken('default', $userData);
// 检查是否有旧的token
$old_token = UserToken::where('user_id', $userData['uid'])->first();
if (!empty($old_token)) {
$jwt->logout($old_token->token);
try {
$jwt->verifyToken($old_token->token);
}catch (\Exception $exception){
$code = $exception->getCode();
if ($code== 400) {
$new_token = UserToken::where('user_id', $userData['uid'])->update(['token' => $token->toString()]);
if (empty($new_token)) {
return Result::error("Token过期失败!");
}
} else{
return Result::error("Token过期失败!");
}
}
}else{
$usernew_token = $token->toString();
$user_token = UserToken::create([
'user_id' => $userData['uid'],
'token' => $usernew_token
]);
if (empty($user_token)) {
return Result::error("登录失败!");
}
}
$data = [
'token' => $token->toString(),
'exp' => $jwt->getTTL($token->toString()),
];
return Result::success($data);
}
/**
* @return void
*/
public function checkVerifyCode(Jwt $jwt)
{
//其它信息暂时不管 先以openid
$reqData = $this->request->all();
$validator = $this->validationFactory->make(
$reqData,
[
'token' => 'required',
],
[
'token.required' => 'token不能为空',
]
);
if ($validator->fails()) {
$errorMessage = $validator->errors()->first();
return Result::error($errorMessage);
}
$userInfo = $jwt->getClaimsByToken($reqData['token']);
if ($userInfo) {
return Result::success(['token' => $reqData['token']]);
} else {
return Result::error("token无效");
}
}
/**
* 注册或登陆
* @return void
*/
public function registerOrLogin(Jwt $jwt)
{
//获取access_token
$reqData = $this->request->all();
$validator = $this->validationFactory->make(
$reqData,
[
'code' => 'required',
],
[
'code.required' => 'code不能为空',
]
);
if ($validator->fails()) {
$errorMessage = $validator->errors()->first();
return Result::error($errorMessage);
}
$url = env("WECHAT") . "cgi-bin/token?appid=" . env("APPID") . "&secret=" . env("APP_SECRET") . "&grant_type=client_credential";
$result = PublicData::http_get($url);
$accessTokenData = json_decode($result, true);
//获取openid
$url = env("WECHAT") . "sns/jscode2session?appid=" . env("APPID") . "&secret=" . env("APP_SECRET") . "&js_code=" . $reqData['loginCode'] . "&grant_type=authorization_code";
$result = PublicData::http_get($url);
$openInfoData = json_decode($result, true);
if (isset($openInfoData['errcode']) && in_array($openInfoData['errcode'], [40163, 40029])) {
return Result::error($openInfoData['errmsg']);
}
$data = [
'code' => $reqData['code'],
'openid' => $openInfoData['openid'],
];
// 将数组转换为JSON字符串
$jsonData = json_encode($data);
// 初始化cURL会话
$ch = curl_init(env("WECHAT") . "wxa/business/getuserphonenumber?access_token=" . $accessTokenData['access_token']);
// 设置cURL选项 Todo 这里有一万个wc 封装成post方法就报错,后期再研究
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
'Content-Length: ' . strlen($jsonData),
]);
// 执行cURL会话
$response = curl_exec($ch);
// 检查是否有错误发生
if (curl_errno($ch)) {
return Result::error("获取手机号失败");
}
// 关闭cURL会话
curl_close($ch);
$response = json_decode($response, true);
if ($response['errcode'] == '40029') {
return Result::error($openInfoData['errmsg']);
}
// 打印响应内容
var_dump($openInfoData, $response);
//根据openid 获取token
$checkUserInfo = $this->userServiceClient->verifyUserInfo([
'user_name' => $response['phone_info']['purePhoneNumber'],
]);
if ($checkUserInfo['code'] == 0) {
$salt = rand(1, 999999);
$createUserData = [
'user_name' => $response['phone_info']['purePhoneNumber'],
'salt' => $salt,
'password' => $openInfoData['openid'],
'type_id' => 20000,
];
$checkUserInfo = $this->userServiceClient->createUser($createUserData);
}
//根据openid和手机号判断是否注册,未注册直接注册
$wechatReqData = [
'openid' => $openInfoData['openid'],
'purePhoneNumber' => $response['phone_info']['purePhoneNumber'],
];
$wechatInfo = $this->userServiceClient->getWechatInfo($wechatReqData);
if ($wechatInfo['code'] == 0) {
$wechatData = [
'openid' => $openInfoData['openid'],
'phoneNumber' => $response['phone_info']['phoneNumber'],
'purePhoneNumber' => $response['phone_info']['purePhoneNumber'],
'countryCode' => $response['phone_info']['countryCode'],
'watermark' => json_encode($response['phone_info']['watermark']),
'user_id' => $checkUserInfo['data']['id'],
];
$this->userServiceClient->addWechatInfo($wechatData);
}
var_dump($checkUserInfo);
$userData = [
'uid' => $checkUserInfo['data']['id'], // 如果使用单点登录,必须存在配置文件中的sso_key的值,一般设置为用户的id
'user_name' => $response['phone_info']['phoneNumber'],
'mobile' => $checkUserInfo['data']['mobile'] ?? '',
'email' => $checkUserInfo['data']['email'],
// 'rong_token' => $userInfos['data']['rong_token'],
'level_id' => $checkUserInfo['data']['level_id'],
'type_id' => $checkUserInfo['data']['type_id'],
];
// 使用默认场景登录
$token = $jwt->getToken('default', $userData);
$data = [
'token' => $token->toString(),
'exp' => $jwt->getTTL($token->toString()),
];
return Result::success($data);
}
public function getToken(JWT $jwt)
{
$reqData = $this->request->all();
$userInfos = $this->userServiceClient->getUserInfo((int) $reqData['id']);
$userData = [
'uid' => $userInfos['data']['id'], // 如果使用单点登录,必须存在配置文件中的sso_key的值,一般设置为用户的id
'user_name' => $userInfos['data']['user_name'],
'mobile' => $userInfos['data']['mobile'],
'email' => $userInfos['data']['email'],
'level_id' => $userInfos['data']['level_id'],
'type_id' => $userInfos['data']['type_id'],
];
var_dump($userInfos);
// 使用默认场景登录
$token = $jwt->getToken('default', $userData);
return Result::success($token->toString());
}
public function httpPost()
{
}
# http头部必须携带token才能访问的路由
public function getData(Jwt $jwt)
{
// var_dump($this->UserId);
$h = $this->request->getHeaders();
// var_dump($this->request->getHeaders());
// $a= 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJwaHBlcjY2Ni9qd3QiLCJ1aWQiOjMyLCJ1c2VyX25hbWUiOiIxIiwicm9sZV9pZCI6MSwibW9iaWxlIjoiMTU4MDEyNDU3NTUiLCJlbWFpbCI6IjVAcXEuY29tIiwicm9uZ190b2tlbiI6IiIsImxldmVsX2lkIjo4LCJqd3Rfc2NlbmUiOiJkZWZhdWx0IiwianRpIjoiZGVmYXVsdF82Njc1MjJkZDQ3YWYxMi41MTE5MjI5MiIsImlhdCI6MTcxODk1MjY2OSwibmJmIjoxNzE4OTUyNjY5LCJleHAiOjE3MjE1NDQ2Njl9.e0JW8fgNrwBdFgmQ8GNtES2ME1SbcbIih5MsQWzT6sk';
$arr = $jwt->getClaimsByToken($h['token'][0]);
var_dump($h['token'][0], "+++++++++++", $arr, "===####");
return $this->response->json(['code' => 0, 'msg' => 'success', 'data' => ['a' => 1]]);
}
/**
* 检测用户权限
* @return void
*/
public function checkUserAuth($data)
{
// var_dump("进没进来呢::",$data);
$websiteGroup = [
'id'=>$data['id']
];
$result = $this->userServiceClient->getWebsiteGroupInfo($websiteGroup);
// var_dump("checkUserAuth:",$result);
if($result['code']==200){
if($data['SiteId'] && $result['data']['web_ids']){
if(in_array($data['SiteId'],json_decode($result['data']['web_ids'],true))){
return true;
}else{
return false;
}
}else{
return false;
}
}
}
/**
* 查询登陆状态
* @return array
* @throws \Psr\Container\ContainerExceptionInterface
* @throws \Psr\Container\NotFoundExceptionInterface
* @throws \RedisException
*/
public function loginStatus(Jwt $jwt)
{
$header = $this->request->getHeader('userurl');
$origin = $header[0];
$logindevice = explode("//", $origin);
if(!isset($logindevice[1]) && !$logindevice[1]){
return Result::error('userurl不存在,请登录');
}
$reqData = $this->request->all();
$validator = $this->validationFactory->make(
$reqData,
[
'token' => 'required',
],
[
'token.required' => 'token不能为空',
]
);
if ($validator->fails()) {
$errorMessage = $validator->errors()->first();
return Result::error($errorMessage);
}
try {
$jwt->verifyToken($reqData['token']);
$results = $this->checkAuth([
'token'=>$reqData['token'],
'userurl'=>$logindevice[1]
]);
if($results['code']==200){
return Result::success(['isLogin' => true]);
}else{
return Result::error("没有权限登陆".$logindevice[1]."这个域名");
}
}catch(\Exception $e){
return Result::error('token已过期:'.$e->getMessage());
}
}
/**
*登陆
* @return void
*/
public function loginapi()
{
$reqData = $this->request->all();
$validator = $this->validationFactory->make(
$reqData,
[
'token' => 'required',
],
[
'token.required' => 'token不能为空',
]
);
if ($validator->fails()) {
$errorMessage = $validator->errors()->first();
return Result::error($errorMessage);
}
$redis = $this->container->get(\Hyperf\Redis\Redis::class);
$ticket = md5($reqData['token']);
$res = $redis->set('ticket:' . $ticket, $reqData['token'], 3600*24);
if ($res){
return Result::success(['ticket' => $ticket ,'isSave' => 1]);
} else {
return Result::error('存储失败');
}
}
public function logoutapi(Jwt $jwt)
{
$reqData = $this->request->all();
$validator = $this->validationFactory->make(
$reqData,
[
'token' => 'required',
],
[
'token.required' => 'token不能为空',
]
);
if ($validator->fails()) {
$errorMessage = $validator->errors()->first();
return Result::error($errorMessage);
}
$redis = $this->container->get(\Hyperf\Redis\Redis::class);
$ticket = md5($reqData['token']);
$isDel = 0;
if ($redis->exists('ticket:' . $ticket)) {
$res = $redis->del('ticket:' . $ticket);
if (!!$res && $res == 1) $isDel = 1;
}else{
$isDel = 1;
}
try {
$jwt->logout($reqData['token']);
}catch (\Exception $e){
return Result::success(['isDel' => $isDel]);
}
return Result::success(['isDel' => $isDel]);
}
public function goLogin()
{
// 获取请求数据并设置默认值
$reqData = $this->request->all();
// 安全过滤 Admin-Token 和 ticket
$cookieList = $this->request->getCookieParams();
// 安全过滤 Admin-Token 和 ticket
$adminToken = !empty($cookieList['Admin-Token']) ? $this->sanitizeInput($cookieList['Admin-Token']) : '';
$ticket = !empty($reqData['ticket']) ? $this->sanitizeInput($reqData['ticket']) : '';
$backurl = $this->sanitizeBackUrl($reqData['backurl'] ?? $_SERVER['HTTP_REFERER'] ?? '');
// 校验 THE_HOST 环境变量
$theHost = env("THE_HOST");
if (empty($theHost)) {
return Result::error('系统配置错误:THE_HOST 未定义');
}
var_dump("admintoken:",$adminToken);
// 如果存在 adminToken,则进行登录校验
if (!empty($adminToken)) {
// 处理登录
$redis = $this->container->get(\Hyperf\Redis\Redis::class);
var_dump("ticket1111:",$ticket);
if(!empty($ticket)){
if (!empty($ticket) && $redis->exists('ticket:' . $ticket)) {
if(isset($reqData['userurl']) && $reqData['userurl']){
$resultR = $this->checkAuth([
'token'=>$redis->get('ticket:' . $ticket),
'userurl'=>$reqData['userurl']
]);
if($resultR['code']==-1){
return $this->response->redirect($this->fun_http('http://'.$theHost.'/#/loginAlert'), 302);
}
}else{
$backurl = rtrim($backurl, '/');
return $this->response->redirect($this->fun_http($backurl . '?ticket=' . $ticket . '&admintoken=' . urlencode($adminToken)), 302);
}
}else{
var_dump("222222222:");
return $this->response->redirect($this->fun_http('http://'.$theHost.'/#/login?backurl='.urlencode($backurl)), 302);
}
}else{
$ticket = md5($adminToken);
}
var_dump("333333333333333:");
return $this->response->redirect($this->fun_http($backurl . '?ticket=' . $ticket . '&admintoken=' . urlencode($adminToken)), 302);
}else{
var_dump("444444444444444:");
return $this->response->redirect($this->fun_http('http://'.$theHost.'/#/login?backurl='.urlencode($backurl)), 302);
}
}
/**
* 安全过滤输入数据
* @param string $input
* @return string
*/
private function sanitizeInput(string $input): string
{
return htmlspecialchars(trim($input), ENT_QUOTES, 'UTF-8');
}
/**
* 校验并清理 backurl
* @param string $backurl
* @return string
*/
private function sanitizeBackUrl(string $backurl): string
{
// 解码并去除多余字符
$decodedUrl = urldecode($backurl);
return filter_var($decodedUrl, FILTER_VALIDATE_URL) ?: '';
}
/**
* 跳转到目标页面
* @param string $backurl
* @param string $ticket
* @param string $adminToken
*/
private function redirectWithTicket(string $backurl, string $ticket, string $adminToken)
{
$backurl = rtrim($backurl, '/');
$redirectUrl = $this->fun_http($backurl . '?ticket=' . $ticket . '&admintoken=' . urlencode($adminToken));
// $loginUrl = 'http://' . $theHost . '/#/login?backurl=' . urlencode($backurl);
// return $this->response->redirect($loginUrl, 302);
return $this->response->redirect($redirectUrl, 302);
}
/**
* 处理 URL
* @param string $url
* @return string
*/
private function fun_http(string $url): string
{
// 确保 URL 以 http 或 https 开头
if (!preg_match('/^https?:\/\//i', $url)) {
$url = 'http://' . $url;
}
return $url;
}
/**
* 退出
* @return void
*/
public function logout(Jwt $jwt)
{
$reqData = $this->request->all();
$validator = $this->validationFactory->make(
$reqData,
[
'backurl' => 'required',
'admintoken' => 'required',
],
[
'backurl.required' => 'backurl不能为空',
'admintoken.required' => 'admintoken不能为空',
]
);
if ($validator->fails()) {
$errorMessage = $validator->errors()->first();
return Result::error($errorMessage);
}
$redis = $this->container->get(\Hyperf\Redis\Redis::class);
$ticket = md5($reqData['admintoken']);
$res = $redis->del('ticket:' . $ticket);
var_dump("删除redis:", $res);
var_dump("获取redis:", $redis->get('ticket:' . $ticket));
// 获取所有 Cookie
$cookies = $this->request->getCookieParams();
var_dump("获取cookie:", $cookies);
if($cookies){
foreach ($cookies as $name => $value) {
if($name){
$expire = time() - 3600; // 设置过期时间为过去的时间
$cookie = new Cookie((string)$name, '', $expire, '/');
$this->response = $this->response->withCookie($cookie);
}
}
}
try {
$jwt->logout($reqData['admintoken']);
} catch (\Exception $e) {
var_dump("返回错误信息:", $e->getMessage());
}
$backurl = $this->fun_http($reqData['backurl']);
var_dump("返回地址:", $backurl);
return $this->response->redirect($backurl, 302);
}
/**
* 登录回调
* @return void
*/
public function backlogin()
{
$reqData = $this->request->all();
var_dump("===============接收参数:",$reqData);
$validator = $this->validationFactory->make(
$reqData,
[
'backurl' => 'required',
'token' => 'required',
],
[
'backurl.required' => 'backurl不能为空',
'token.required' => 'token不能为空',
]
);
if ($validator->fails()) {
$errorMessage = $validator->errors()->first();
return Result::error($errorMessage);
}
$redis = $this->container->get(\Hyperf\Redis\Redis::class);
$ticket = md5($reqData['token']);
$res = $redis->set('ticket:' . $ticket, $reqData['token'], 3600*24);
var_dump("===============返回值:",$res);
$expire = time()+3600*24;
$cookieName = 'Admin-Token';
// 创建 Cookie 实例
$cookie = new Cookie($cookieName, $reqData['token'], $expire, '/');
// 清空 Cookie
$r = $this->response = $this->response->withCookie($cookie);
var_dump("设置token:", $r);
if($res && !empty($ticket)){
$url = $reqData['backurl'] . '/?ticket=' . $ticket . '&admintoken=' . urlencode($reqData['token']);
$url = $this->fun_http($url);
var_dump("跳转地址gogo:",$url);
return $this->response->redirect($url, 302);
}
}
/**
* 检测用户是否有权限
* @param $data
* @return void
* $data['token]
* $data['userurl']
*/
public function checkAuth($data)
{
$jwt = new JWT();
$ver =$jwt->getClaimsByToken($data['token']);
$tokenTime = $jwt->getTokenDynamicCacheTime($data['token']);
if($tokenTime==0){
return Result::error("token已过期,请重新登录",-1);
}
if(isset($data['userurl']) && $data['userurl']){
$result = $this->websiteServiceClient->getWebsiteId(['website_url'=>$data['userurl']]);
if(!isset($result['data']['id']) || !$result['data']['id']){
return Result::error("网站不存在...",-1);
}
if($ver['type_id']!=10000){
$userInfo = $this->userServiceClient->getUserInfo($ver['uid']);
if($userInfo['code'] == 200 && isset($userInfo['data']) && !empty($userInfo['data']['sszq'])){
$sszq = $userInfo['data']['sszq'];
//组id
$authData = [
'id' => $sszq,
'SiteId' => $result['data']['id']
];
// 调用 LoginController 中的 checkUserAuth 方法
$resultAuth = $this->checkUserAuth($authData);
if (!$resultAuth) {
// 如果没有权限,返回错误响应
return Result::error("没有权限登陆此网站...",-1);
}else{
return Result::success([]);
}
}else{
return Result::error("用户没有群组...",-1);
}
}else{
return Result::success([]);
}
}else{
return Result::error("userurl不能为空...",-1);
}
}
}