wpic-dev/datahub
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add user manager and auth for backend

Browse Source
This commit is contained in:
Nick Zeng
2025-11-10 10:45:43 +08:00
parent bf57db57f1
commit 0cfecab68f
9 changed files with 1014 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/Controller/AuthController.php
+229
View File
@@ -0,0 +1,229 @@
<?php
declare(strict_types=1);
namespace App\Controller;
use App\Model\User;
use Hyperf\HttpServer\Contract\RequestInterface;
use Hyperf\HttpServer\Contract\ResponseInterface;
use Qbhy\HyperfAuth\AuthManager;
use Carbon\Carbon;
class AuthController extends AbstractController
{
/**
* 用户注册
*/
public function register(RequestInterface $request, ResponseInterface $response)
{
$username = $request->input('username');
$password = $request->input('password');
$email = $request->input('email');
// 验证用户是否已存在
if (User::query()->where('username', $username)->exists()) {
return $response->json([
'code' => 400,
'message' => '用户名已存在',
]);
}
if (User::query()->where('email', $email)->exists()) {
return $response->json([
'code' => 400,
'message' => '邮箱已被注册',
]);
}
// 创建用户
$user = User::create([
'username' => $username,
'password' => $password, // 自动加密
'email' => $email,
'status' => 1,
]);
return $response->json([
'code' => 0,
'message' => '注册成功',
'data' => [
'id' => $user->id,
'username' => $user->username,
'email' => $user->email,
],
]);
}
/**
* 用户登录
*/
public function login(RequestInterface $request, ResponseInterface $response, AuthManager $auth)
{
$username = $request->input('username');
$password = $request->input('password');
// 查找用户
$user = User::query()->where('username', $username)->first();
if (!$user) {
return $response->json([
'code' => 401,
'message' => '用户名或密码错误',
]);
}
// 验证密码
if (!$user->verifyPassword($password)) {
return $response->json([
'code' => 401,
'message' => '用户名或密码错误',
]);
}
// 检查用户状态
if ($user->status !== 1) {
return $response->json([
'code' => 403,
'message' => '账号已被禁用',
]);
}
// 生成 Access Token
$token = $auth->guard('jwt')->login($user);
// 生成 Refresh Token
$refreshToken = bin2hex(random_bytes(32));
$user->refresh_token = $refreshToken;
$user->refresh_token_expires_at = Carbon::now()->addDays(30);
$user->save();
return $response->json([
'code' => 0,
'message' => '登录成功',
'data' => [
'access_token' => $token,
'refresh_token' => $refreshToken,
'token_type' => 'Bearer',
'expires_in' => 7200, // 2 小时
'user' => [
'id' => $user->id,
'username' => $user->username,
'email' => $user->email,
],
],
]);
}
/**
* 刷新 Access Token
*/
public function refresh(RequestInterface $request, ResponseInterface $response, AuthManager $auth)
{
$refreshToken = $request->input('refresh_token');
if (!$refreshToken) {
return $response->json([
'code' => 400,
'message' => '缺少 refresh_token 参数',
]);
}
// 查找用户
$user = User::query()->where('refresh_token', $refreshToken)->first();
if (!$user) {
return $response->json([
'code' => 401,
'message' => '无效的 refresh_token',
]);
}
// 验证 refresh token 是否过期
if (!$user->isRefreshTokenValid()) {
return $response->json([
'code' => 401,
'message' => 'refresh_token 已过期,请重新登录',
]);
}
// 检查用户状态
if ($user->status !== 1) {
return $response->json([
'code' => 403,
'message' => '账号已被禁用',
]);
}
// 生成新的 Access Token
$token = $auth->guard('jwt')->login($user);
// 可选:生成新的 Refresh Token(更安全)
$newRefreshToken = bin2hex(random_bytes(32));
$user->refresh_token = $newRefreshToken;
$user->refresh_token_expires_at = Carbon::now()->addDays(30);
$user->save();
return $response->json([
'code' => 0,
'message' => 'Token 刷新成功',
'data' => [
'access_token' => $token,
'refresh_token' => $newRefreshToken,
'token_type' => 'Bearer',
'expires_in' => 7200,
],
]);
}
/**
* 获取当前用户信息
*/
public function me(AuthManager $auth, ResponseInterface $response)
{
$user = $auth->guard('jwt')->user();
if (!$user) {
return $response->json([
'code' => 401,
'message' => '未授权',
]);
}
return $response->json([
'code' => 0,
'message' => '获取成功',
'data' => [
'id' => $user->id,
'username' => $user->username,
'email' => $user->email,
'status' => $user->status,
'ext' => $user->ext,
'created_at' => $user->created_at->toDateTimeString(),
],
]);
}
/**
* 退出登录
*/
public function logout(AuthManager $auth, ResponseInterface $response)
{
$user = $auth->guard('jwt')->user();
if ($user instanceof User) {
// 清除 refresh token
$user->refresh_token = null;
$user->refresh_token_expires_at = null;
$user->save();
}
// 注销当前 token
$auth->guard('jwt')->logout();
return $response->json([
'code' => 0,
'message' => '退出成功',
]);
}
}
backend/app/Middleware/AuthMiddleware.php
+58
View File
@@ -0,0 +1,58 @@
<?php
declare(strict_types=1);
namespace App\Middleware;
use Hyperf\HttpServer\Contract\ResponseInterface as HttpResponse;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Qbhy\HyperfAuth\AuthManager;
use Qbhy\HyperfAuth\Exception\UnauthorizedException;
class AuthMiddleware implements MiddlewareInterface
{
public function __construct(
protected AuthManager $auth,
protected HttpResponse $response
) {
}
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
try {
// 验证 token
$user = $this->auth->guard('jwt')->user();
if (!$user) {
return $this->response->json([
'code' => 401,
'message' => '未授权,请先登录',
])->withStatus(401);
}
// @attention check here!
// 检查用户状态
if (method_exists($user, '__get') && $user->status !== 1) {
return $this->response->json([
'code' => 403,
'message' => '账号已被禁用',
])->withStatus(403);
}
} catch (UnauthorizedException $e) {
return $this->response->json([
'code' => 401,
'message' => 'Token 无效或已过期',
])->withStatus(401);
} catch (\Throwable $e) {
return $this->response->json([
'code' => 500,
'message' => '认证失败: ' . $e->getMessage(),
])->withStatus(500);
}
return $handler->handle($request);
}
}
backend/app/Model/User.php
+105
View File
@@ -0,0 +1,105 @@
<?php
declare(strict_types=1);
namespace App\Model;
use Hyperf\DbConnection\Model\Model;
use Qbhy\HyperfAuth\Authenticatable;
/**
* @property int $id
* @property string $username
* @property string $password
* @property string $email
* @property int $status
* @property array $ext
* @property string $refresh_token
* @property \Carbon\Carbon $refresh_token_expires_at
* @property \Carbon\Carbon $created_at
* @property \Carbon\Carbon $updated_at
*/
class User extends Model implements Authenticatable
{
/**
* The table associated with the model.
*/
protected ?string $table = 'users';
/**
* The attributes that are mass assignable.
*/
protected array $fillable = [
'username',
'password',
'email',
'status',
'ext',
'refresh_token',
'refresh_token_expires_at',
];
/**
* The attributes that should be hidden for serialization.
*/
protected array $hidden = [
'password',
'refresh_token',
];
/**
* The attributes that should be cast to native types.
*/
protected array $casts = [
'id' => 'integer',
'status' => 'integer',
'ext' => 'array',
'refresh_token_expires_at' => 'datetime',
'created_at' => 'datetime',
'updated_at' => 'datetime',
];
/**
* Get the name of the unique identifier for the user.
*/
public function getId()
{
return $this->id;
}
/**
* Retrieve a user by their unique identifier.
*/
public static function retrieveById($key): ?Authenticatable
{
return static::query()->find($key);
}
/**
* Set the user's password (auto-hash).
*/
public function setPasswordAttribute($value): void
{
$this->attributes['password'] = password_hash($value, PASSWORD_DEFAULT);
}
/**
* Verify the user's password.
*/
public function verifyPassword(string $password): bool
{
return password_verify($password, $this->password);
}
/**
* Check if refresh token is valid.
*/
public function isRefreshTokenValid(): bool
{
if (!$this->refresh_token || !$this->refresh_token_expires_at) {
return false;
}
return $this->refresh_token_expires_at->isFuture();
}
}