wpic-dev/datahub
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update auth middleware

Browse Source
This commit is contained in:
Nick Zeng
2026-03-09 10:14:53 +08:00
parent 05b45e4918
commit be607c7704
1 changed files with 75 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/Middleware/AuthMiddleware.php
+75 -3
View File
@@ -4,6 +4,8 @@ declare(strict_types=1);
namespace App\Middleware; namespace App\Middleware;
use App\Model\ApiKey;
use App\Model\User;
use Hyperf\HttpServer\Contract\ResponseInterface as HttpResponse; use Hyperf\HttpServer\Contract\ResponseInterface as HttpResponse;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
@@ -21,9 +23,32 @@ class AuthMiddleware implements MiddlewareInterface
} }
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
// 1. 尝试 JWT Bearer Token 认证
$bearer_token = $this->extractBearerToken($request);
if ($bearer_token !== null) {
return $this->authenticateByJwt($request, $handler);
}
// 2. 尝试 API Key 认证
$api_key = $request->getHeaderLine('X-API-Key');
if ($api_key !== '') {
return $this->authenticateByApiKey($api_key, $request, $handler);
}
// 3. 无认证凭据
return $this->response->json([
'code' => 401,
'message' => '未授权,请先登录',
])->withStatus(401);
}
/**
* JWT Token 认证
*/
protected function authenticateByJwt(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{ {
try { try {
// 验证 token
$user = $this->auth->guard('jwt')->user(); $user = $this->auth->guard('jwt')->user();
if (!$user) { if (!$user) {
@@ -33,9 +58,8 @@ class AuthMiddleware implements MiddlewareInterface
])->withStatus(401); ])->withStatus(401);
} }
// @attention check here!
// 检查用户状态 // 检查用户状态
if (method_exists($user, '__get') && $user->status !== 1) { if ($user instanceof User && $user->status !== 1) {
return $this->response->json([ return $this->response->json([
'code' => 403, 'code' => 403,
'message' => '账号已被禁用', 'message' => '账号已被禁用',
@@ -55,4 +79,52 @@ class AuthMiddleware implements MiddlewareInterface
return $handler->handle($request); return $handler->handle($request);
} }
/**
* API Key 认证
*/
protected function authenticateByApiKey(string $plain_key, ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
$api_key = ApiKey::findByPlainKey($plain_key);
if (!$api_key) {
return $this->response->json([
'code' => 401,
'message' => 'API Key 无效或已过期',
])->withStatus(401);
}
$user = $api_key->user;
if (!$user || $user->status !== 1) {
return $this->response->json([
'code' => 403,
'message' => '账号已被禁用',
])->withStatus(403);
}
// 更新最后使用时间
$api_key->last_used_at = \Carbon\Carbon::now();
$api_key->save();
// 通过 JWT guard 登录用户,使后续代码可通过 auth->guard('jwt')->user() 获取用户
$this->auth->guard('jwt')->login($user);
return $handler->handle($request);
}
/**
* 从请求头提取 Bearer Token
*/
protected function extractBearerToken(ServerRequestInterface $request): ?string
{
$header = $request->getHeaderLine('Authorization');
if ($header !== '' && str_starts_with($header, 'Bearer ')) {
$token = substr($header, 7);
return $token !== '' ? $token : null;
}
return null;
}
} }