update auth middleware

2026-03-09 10:14:53 +08:00
parent 05b45e4918
commit be607c7704
1 changed files with 75 additions and 3 deletions
@@ -4,6 +4,8 @@ declare(strict_types=1);

 namespace App\Middleware;

+use App\Model\ApiKey;
+use App\Model\User;
 use Hyperf\HttpServer\Contract\ResponseInterface as HttpResponse;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
@@ -21,9 +23,32 @@ class AuthMiddleware implements MiddlewareInterface
    }

    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        // 1. 尝试 JWT Bearer Token 认证
+        $bearer_token = $this->extractBearerToken($request);
+        if ($bearer_token !== null) {
+            return $this->authenticateByJwt($request, $handler);
+        }
+
+        // 2. 尝试 API Key 认证
+        $api_key = $request->getHeaderLine('X-API-Key');
+        if ($api_key !== '') {
+            return $this->authenticateByApiKey($api_key, $request, $handler);
+        }
+
+        // 3. 无认证凭据
+        return $this->response->json([
+            'code' => 401,
+            'message' => '未授权，请先登录',
+        ])->withStatus(401);
+    }
+
+    /**
+     * JWT Token 认证
+     */
+    protected function authenticateByJwt(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        try {
-            // 验证 token
            $user = $this->auth->guard('jwt')->user();

            if (!$user) {
@@ -33,9 +58,8 @@ class AuthMiddleware implements MiddlewareInterface
                ])->withStatus(401);
            }

-            // @attention check here!
            // 检查用户状态
-            if (method_exists($user, '__get') && $user->status !== 1) {
+            if ($user instanceof User && $user->status !== 1) {
                return $this->response->json([
                    'code' => 403,
                    'message' => '账号已被禁用',
@@ -55,4 +79,52 @@ class AuthMiddleware implements MiddlewareInterface

        return $handler->handle($request);
    }
+
+    /**
+     * API Key 认证
+     */
+    protected function authenticateByApiKey(string $plain_key, ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $api_key = ApiKey::findByPlainKey($plain_key);
+
+        if (!$api_key) {
+            return $this->response->json([
+                'code' => 401,
+                'message' => 'API Key 无效或已过期',
+            ])->withStatus(401);
+        }
+
+        $user = $api_key->user;
+
+        if (!$user || $user->status !== 1) {
+            return $this->response->json([
+                'code' => 403,
+                'message' => '账号已被禁用',
+            ])->withStatus(403);
+        }
+
+        // 更新最后使用时间
+        $api_key->last_used_at = \Carbon\Carbon::now();
+        $api_key->save();
+
+        // 通过 JWT guard 登录用户，使后续代码可通过 auth->guard('jwt')->user() 获取用户
+        $this->auth->guard('jwt')->login($user);
+
+        return $handler->handle($request);
+    }
+
+    /**
+     * 从请求头提取 Bearer Token
+     */
+    protected function extractBearerToken(ServerRequestInterface $request): ?string
+    {
+        $header = $request->getHeaderLine('Authorization');
+
+        if ($header !== '' && str_starts_with($header, 'Bearer ')) {
+            $token = substr($header, 7);
+            return $token !== '' ? $token : null;
+        }
+
+        return null;
+    }
 }