backend/app/Controller/api/v1/AuthController.php

<?php

declare(strict_types=1);

namespace App\Controller\Api\V1;

use App\Controller\AbstractController;
use App\Model\User;
use Hyperf\HttpServer\Contract\RequestInterface;
use Hyperf\HttpServer\Contract\ResponseInterface;
use Qbhy\HyperfAuth\AuthManager;
use Carbon\Carbon;
use Hyperf\HttpServer\Annotation\Controller;
use Hyperf\HttpServer\Annotation\RequestMapping;
use Hyperf\HttpServer\Annotation\Middleware;
use Qbhy\HyperfAuth\AuthMiddleware;


 #[Controller]
class AuthController extends AbstractController
{
    /**
     * 用户注册
     */
    #[RequestMapping(path:'/register', methods:'post')]
    public function register(RequestInterface $request, ResponseInterface $response)
    {
        $username = $request->input('username');
        $password = $request->input('password');
        $email = $request->input('email');

        // 验证用户是否已存在
        if (User::query()->where('username', $username)->exists()) {
            return $response->json([
                'code' => 400,
                'message' => '用户名已存在',
            ]);
        }

        if (User::query()->where('email', $email)->exists()) {
            return $response->json([
                'code' => 400,
                'message' => '邮箱已被注册',
            ]);
        }

        // 创建用户
        $user = User::create([
            'username' => $username,
            'password' => $password,  // 自动加密
            'email' => $email,
            'status' => 1,
        ]);

        return $response->json([
            'code' => 0,
            'message' => '注册成功',
            'data' => [
                'id' => $user->id,
                'username' => $user->username,
                'email' => $user->email,
            ],
        ]);
    }

    /**
     * 用户登录
     */
    #[RequestMapping(path:'/login', methods:'post')]
    public function login(RequestInterface $request, ResponseInterface $response, AuthManager $auth)
    {
        $username = $request->input('username');
        $password = $request->input('password');

        // 查找用户
        $user = User::query()->where('username', $username)->first();

        if (!$user) {
            return $response->json([
                'code' => 401,
                'message' => '用户名或密码错误',
            ]);
        }

        // 验证密码
        if (!$user->verifyPassword($password)) {
            return $response->json([
                'code' => 401,
                'message' => '用户名或密码错误',
            ]);
        }

        // 检查用户状态
        if ($user->status !== 1) {
            return $response->json([
                'code' => 403,
                'message' => '账号已被禁用',
            ]);
        }

        // 生成 Access Token
        $token = $auth->guard('jwt')->login($user);

        // 生成 Refresh Token
        $refreshToken = bin2hex(random_bytes(32));
        $user->refresh_token = $refreshToken;
        $user->refresh_token_expires_at = Carbon::now()->addDays(30);
        $user->save();

        return $response->json([
            'code' => 0,
            'message' => '登录成功',
            'data' => [
                'access_token' => $token,
                'refresh_token' => $refreshToken,
                'token_type' => 'Bearer',
                'expires_in' => 7200,  // 2 小时
                'user' => [
                    'id' => $user->id,
                    'username' => $user->username,
                    'email' => $user->email,
                ],
            ],
        ]);
    }

    /**
     * 刷新 Access Token
     */
    #[RequestMapping(path:'/refresh', methods:'get')]
    #[Middleware(AuthMiddleware::class)]
    public function refresh(RequestInterface $request, ResponseInterface $response, AuthManager $auth)
    {
        $refreshToken = $request->input('refresh_token');

        if (!$refreshToken) {
            return $response->json([
                'code' => 400,
                'message' => '缺少 refresh_token 参数',
            ]);
        }

        // 查找用户
        $user = User::query()->where('refresh_token', $refreshToken)->first();

        if (!$user) {
            return $response->json([
                'code' => 401,
                'message' => '无效的 refresh_token',
            ]);
        }

        // 验证 refresh token 是否过期
        if (!$user->isRefreshTokenValid()) {
            return $response->json([
                'code' => 401,
                'message' => 'refresh_token 已过期，请重新登录',
            ]);
        }

        // 检查用户状态
        if ($user->status !== 1) {
            return $response->json([
                'code' => 403,
                'message' => '账号已被禁用',
            ]);
        }

        // 生成新的 Access Token
        $token = $auth->guard('jwt')->login($user);

        // 可选：生成新的 Refresh Token（更安全）
        $newRefreshToken = bin2hex(random_bytes(32));
        $user->refresh_token = $newRefreshToken;
        $user->refresh_token_expires_at = Carbon::now()->addDays(30);
        $user->save();

        return $response->json([
            'code' => 0,
            'message' => 'Token 刷新成功',
            'data' => [
                'access_token' => $token,
                'refresh_token' => $newRefreshToken,
                'token_type' => 'Bearer',
                'expires_in' => 7200,
            ],
        ]);
    }

    /**
     * 获取当前用户信息
     */
    #[RequestMapping(path:'/me', methods:'get')]
    #[Middleware(AuthMiddleware::class)]
    public function me(AuthManager $auth, ResponseInterface $response)
    {
        $user = $auth->guard('jwt')->user();

        if (!$user) {
            return $response->json([
                'code' => 401,
                'message' => '未授权',
            ]);
        }

        return $response->json([
            'code' => 0,
            'message' => '获取成功',
            'data' => [
                'id' => $user->id,
                'username' => $user->username,
                'email' => $user->email,
                'status' => $user->status,
                'ext' => $user->ext,
                'created_at' => $user->created_at->toDateTimeString(),
            ],
        ]);
    }

    /**
     * 退出登录
     */
    #[RequestMapping(path:'/logout', methods:'get')]
    #[Middleware(AuthMiddleware::class)]
    public function logout(AuthManager $auth, ResponseInterface $response)
    {
        $user = $auth->guard('jwt')->user();

        if ($user instanceof User) {
            // 清除 refresh token
            $user->refresh_token = null;
            $user->refresh_token_expires_at = null;
            $user->save();
        }

        // 注销当前 token
        $auth->guard('jwt')->logout();

        return $response->json([
            'code' => 0,
            'message' => '退出成功',
        ]);
    }
}
add user manager and auth for backend 2025-11-10 10:45:43 +08:00			`<?php`

			`declare(strict_types=1);`

update user api 2026-03-06 15:29:04 +08:00			`namespace App\Controller\Api\V1;`
add user manager and auth for backend 2025-11-10 10:45:43 +08:00
update user api 2026-03-06 15:29:04 +08:00			`use App\Controller\AbstractController;`
add user manager and auth for backend 2025-11-10 10:45:43 +08:00			`use App\Model\User;`
			`use Hyperf\HttpServer\Contract\RequestInterface;`
			`use Hyperf\HttpServer\Contract\ResponseInterface;`
			`use Qbhy\HyperfAuth\AuthManager;`
			`use Carbon\Carbon;`
backend switch to annotation route config 2025-11-10 15:27:00 +08:00			`use Hyperf\HttpServer\Annotation\Controller;`
			`use Hyperf\HttpServer\Annotation\RequestMapping;`
			`use Hyperf\HttpServer\Annotation\Middleware;`
			`use Qbhy\HyperfAuth\AuthMiddleware;`
add user manager and auth for backend 2025-11-10 10:45:43 +08:00
backend switch to annotation route config 2025-11-10 15:27:00 +08:00
			`#[Controller]`
add user manager and auth for backend 2025-11-10 10:45:43 +08:00			`class AuthController extends AbstractController`
			`{`
			`/**`
			`* 用户注册`
			`*/`
backend switch to annotation route config 2025-11-10 15:27:00 +08:00			`#[RequestMapping(path:'/register', methods:'post')]`
add user manager and auth for backend 2025-11-10 10:45:43 +08:00			`public function register(RequestInterface $request, ResponseInterface $response)`
			`{`
			`$username = $request->input('username');`
			`$password = $request->input('password');`
			`$email = $request->input('email');`

			`// 验证用户是否已存在`
			`if (User::query()->where('username', $username)->exists()) {`
			`return $response->json([`
			`'code' => 400,`
			`'message' => '用户名已存在',`
			`]);`
			`}`

			`if (User::query()->where('email', $email)->exists()) {`
			`return $response->json([`
			`'code' => 400,`
			`'message' => '邮箱已被注册',`
			`]);`
			`}`

			`// 创建用户`
			`$user = User::create([`
			`'username' => $username,`
			`'password' => $password, // 自动加密`
			`'email' => $email,`
			`'status' => 1,`
			`]);`

			`return $response->json([`
			`'code' => 0,`
			`'message' => '注册成功',`
			`'data' => [`
			`'id' => $user->id,`
			`'username' => $user->username,`
			`'email' => $user->email,`
			`],`
			`]);`
			`}`

			`/**`
			`* 用户登录`
			`*/`
backend switch to annotation route config 2025-11-10 15:27:00 +08:00			`#[RequestMapping(path:'/login', methods:'post')]`
add user manager and auth for backend 2025-11-10 10:45:43 +08:00			`public function login(RequestInterface $request, ResponseInterface $response, AuthManager $auth)`
			`{`
			`$username = $request->input('username');`
			`$password = $request->input('password');`

			`// 查找用户`
			`$user = User::query()->where('username', $username)->first();`

			`if (!$user) {`
			`return $response->json([`
			`'code' => 401,`
			`'message' => '用户名或密码错误',`
			`]);`
			`}`

			`// 验证密码`
			`if (!$user->verifyPassword($password)) {`
			`return $response->json([`
			`'code' => 401,`
			`'message' => '用户名或密码错误',`
			`]);`
			`}`

			`// 检查用户状态`
			`if ($user->status !== 1) {`
			`return $response->json([`
			`'code' => 403,`
			`'message' => '账号已被禁用',`
			`]);`
			`}`

			`// 生成 Access Token`
			`$token = $auth->guard('jwt')->login($user);`

			`// 生成 Refresh Token`
			`$refreshToken = bin2hex(random_bytes(32));`
			`$user->refresh_token = $refreshToken;`
			`$user->refresh_token_expires_at = Carbon::now()->addDays(30);`
			`$user->save();`

			`return $response->json([`
			`'code' => 0,`
			`'message' => '登录成功',`
			`'data' => [`
			`'access_token' => $token,`
			`'refresh_token' => $refreshToken,`
			`'token_type' => 'Bearer',`
			`'expires_in' => 7200, // 2 小时`
			`'user' => [`
			`'id' => $user->id,`
			`'username' => $user->username,`
			`'email' => $user->email,`
			`],`
			`],`
			`]);`
			`}`

			`/**`
			`* 刷新 Access Token`
			`*/`
backend switch to annotation route config 2025-11-10 15:27:00 +08:00			`#[RequestMapping(path:'/refresh', methods:'get')]`
			`#[Middleware(AuthMiddleware::class)]`
add user manager and auth for backend 2025-11-10 10:45:43 +08:00			`public function refresh(RequestInterface $request, ResponseInterface $response, AuthManager $auth)`
			`{`
			`$refreshToken = $request->input('refresh_token');`

			`if (!$refreshToken) {`
			`return $response->json([`
			`'code' => 400,`
			`'message' => '缺少 refresh_token 参数',`
			`]);`
			`}`

			`// 查找用户`
			`$user = User::query()->where('refresh_token', $refreshToken)->first();`

			`if (!$user) {`
			`return $response->json([`
			`'code' => 401,`
			`'message' => '无效的 refresh_token',`
			`]);`
			`}`

			`// 验证 refresh token 是否过期`
			`if (!$user->isRefreshTokenValid()) {`
			`return $response->json([`
			`'code' => 401,`
			`'message' => 'refresh_token 已过期，请重新登录',`
			`]);`
			`}`

			`// 检查用户状态`
			`if ($user->status !== 1) {`
			`return $response->json([`
			`'code' => 403,`
			`'message' => '账号已被禁用',`
			`]);`
			`}`

			`// 生成新的 Access Token`
			`$token = $auth->guard('jwt')->login($user);`

			`// 可选：生成新的 Refresh Token（更安全）`
			`$newRefreshToken = bin2hex(random_bytes(32));`
			`$user->refresh_token = $newRefreshToken;`
			`$user->refresh_token_expires_at = Carbon::now()->addDays(30);`
			`$user->save();`

			`return $response->json([`
			`'code' => 0,`
			`'message' => 'Token 刷新成功',`
			`'data' => [`
			`'access_token' => $token,`
			`'refresh_token' => $newRefreshToken,`
			`'token_type' => 'Bearer',`
			`'expires_in' => 7200,`
			`],`
			`]);`
			`}`

			`/**`
			`* 获取当前用户信息`
			`*/`
backend switch to annotation route config 2025-11-10 15:27:00 +08:00			`#[RequestMapping(path:'/me', methods:'get')]`
			`#[Middleware(AuthMiddleware::class)]`
add user manager and auth for backend 2025-11-10 10:45:43 +08:00			`public function me(AuthManager $auth, ResponseInterface $response)`
			`{`
			`$user = $auth->guard('jwt')->user();`

			`if (!$user) {`
			`return $response->json([`
			`'code' => 401,`
			`'message' => '未授权',`
			`]);`
			`}`

			`return $response->json([`
			`'code' => 0,`
			`'message' => '获取成功',`
			`'data' => [`
			`'id' => $user->id,`
			`'username' => $user->username,`
			`'email' => $user->email,`
			`'status' => $user->status,`
			`'ext' => $user->ext,`
			`'created_at' => $user->created_at->toDateTimeString(),`
			`],`
			`]);`
			`}`

			`/**`
			`* 退出登录`
			`*/`
backend switch to annotation route config 2025-11-10 15:27:00 +08:00			`#[RequestMapping(path:'/logout', methods:'get')]`
			`#[Middleware(AuthMiddleware::class)]`
add user manager and auth for backend 2025-11-10 10:45:43 +08:00			`public function logout(AuthManager $auth, ResponseInterface $response)`
			`{`
			`$user = $auth->guard('jwt')->user();`

			`if ($user instanceof User) {`
			`// 清除 refresh token`
			`$user->refresh_token = null;`
			`$user->refresh_token_expires_at = null;`
			`$user->save();`
			`}`

			`// 注销当前 token`
			`$auth->guard('jwt')->logout();`

			`return $response->json([`
			`'code' => 0,`
			`'message' => '退出成功',`
			`]);`
			`}`
			`}`