update backend p20.1 p20.2
This commit is contained in:
@@ -12,10 +12,12 @@ declare(strict_types=1);
|
||||
|
||||
namespace App\Controller;
|
||||
|
||||
use App\Model\User;
|
||||
use Hyperf\Di\Annotation\Inject;
|
||||
use Hyperf\HttpServer\Contract\RequestInterface;
|
||||
use Hyperf\HttpServer\Contract\ResponseInterface;
|
||||
use Psr\Container\ContainerInterface;
|
||||
use Qbhy\HyperfAuth\AuthManager;
|
||||
|
||||
abstract class AbstractController
|
||||
{
|
||||
@@ -27,4 +29,27 @@ abstract class AbstractController
|
||||
|
||||
#[Inject]
|
||||
protected ResponseInterface $response;
|
||||
|
||||
/**
|
||||
* 统一获取当前认证用户
|
||||
*
|
||||
* 优先从 request attribute 获取(JWT/API Key 中间件统一设置),
|
||||
* 兜底通过 JWT guard 获取(过渡期兼容)。
|
||||
*/
|
||||
protected function getAuthUser(): ?User
|
||||
{
|
||||
$user = $this->request->getAttribute('auth_user');
|
||||
if ($user instanceof User) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
// 兜底:直接通过 JWT guard 获取
|
||||
try {
|
||||
$auth = $this->container->get(AuthManager::class);
|
||||
$user = $auth->guard('jwt')->user();
|
||||
return $user instanceof User ? $user : null;
|
||||
} catch (\Throwable) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -410,7 +410,7 @@ class AuthController extends AbstractController
|
||||
#[Middleware(AuthMiddleware::class)]
|
||||
public function me(AuthManager $auth, ResponseInterface $response): \Psr\Http\Message\ResponseInterface|array
|
||||
{
|
||||
$user = $auth->guard('jwt')->user();
|
||||
$user = $this->getAuthUser();
|
||||
|
||||
if (!$user) {
|
||||
return $response->json([
|
||||
|
||||
@@ -77,6 +77,11 @@ class AuthMiddleware implements MiddlewareInterface
|
||||
])->withStatus(500);
|
||||
}
|
||||
|
||||
// 统一存入 request attribute
|
||||
$request = $request->withAttribute('auth_user', $user);
|
||||
$request = $request->withAttribute('auth_type', 'jwt');
|
||||
\Hyperf\Context\Context::set(ServerRequestInterface::class, $request);
|
||||
|
||||
return $handler->handle($request);
|
||||
}
|
||||
|
||||
@@ -121,11 +126,9 @@ class AuthMiddleware implements MiddlewareInterface
|
||||
$api_key->last_used_at = \Carbon\Carbon::now();
|
||||
$api_key->save();
|
||||
|
||||
// 通过 JWT guard 登录用户,生成 token 并注入请求头,使后续代码可通过 auth->guard('jwt')->user() 获取用户
|
||||
$token = $this->auth->guard('jwt')->login($user);
|
||||
$request = $request->withHeader('Authorization', 'Bearer ' . $token);
|
||||
|
||||
// 将带 Authorization 头的新请求写回协程 Context,确保 JwtGuard 代理对象能读到
|
||||
// 将用户存入 request attribute(不再生成临时 JWT)
|
||||
$request = $request->withAttribute('auth_user', $user);
|
||||
$request = $request->withAttribute('auth_type', 'api_key');
|
||||
\Hyperf\Context\Context::set(ServerRequestInterface::class, $request);
|
||||
|
||||
return $handler->handle($request);
|
||||
|
||||
@@ -31,8 +31,8 @@ class PermissionMiddleware implements MiddlewareInterface
|
||||
|
||||
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
||||
{
|
||||
// 获取已认证用户(由 AuthMiddleware 预先认证)
|
||||
$user = $this->auth->guard('jwt')->user();
|
||||
// 获取已认证用户(优先从 attribute 获取,兼容 JWT guard)
|
||||
$user = $request->getAttribute('auth_user') ?? $this->auth->guard('jwt')->user();
|
||||
if (!$user) {
|
||||
return $this->forbiddenResponse('用户认证异常');
|
||||
}
|
||||
|
||||
@@ -32,7 +32,9 @@ class RequestLogMiddleware implements MiddlewareInterface
|
||||
// 在父协程中提取 user_id(子协程不继承 Swoole Context)
|
||||
$user_id = null;
|
||||
try {
|
||||
$user_id = $this->auth->guard('jwt')->user()?->getId();
|
||||
$ctx_request = \Hyperf\Context\Context::get(\Psr\Http\Message\ServerRequestInterface::class);
|
||||
$auth_user = $ctx_request?->getAttribute('auth_user');
|
||||
$user_id = $auth_user?->getId() ?? $this->auth->guard('jwt')->user()?->getId();
|
||||
} catch (\Throwable) {
|
||||
// 未认证请求,user_id 保持 null
|
||||
}
|
||||
|
||||
@@ -62,13 +62,14 @@ class ApiKey extends Model
|
||||
*/
|
||||
public static function generate(int $user_id, string $name, ?string $expires_at = null): array
|
||||
{
|
||||
$plain_key = bin2hex(random_bytes(32));
|
||||
$token = bin2hex(random_bytes(32));
|
||||
$plain_key = $user_id . '#' . $token;
|
||||
|
||||
$model = static::query()->create([
|
||||
'user_id' => $user_id,
|
||||
'name' => $name,
|
||||
'key_hash' => hash('sha256', $plain_key),
|
||||
'key_prefix' => substr($plain_key, 0, 8),
|
||||
'key_hash' => hash('sha256', $token),
|
||||
'key_prefix' => substr($token, 0, 8),
|
||||
'expires_at' => $expires_at,
|
||||
'enabled' => true,
|
||||
'created_at' => \Carbon\Carbon::now(),
|
||||
@@ -82,9 +83,16 @@ class ApiKey extends Model
|
||||
*/
|
||||
public static function findByPlainKey(string $plain_key): ?static
|
||||
{
|
||||
$hash = hash('sha256', $plain_key);
|
||||
// 仅支持新格式: {user_id}#{token}
|
||||
if (!str_contains($plain_key, '#')) {
|
||||
return null;
|
||||
}
|
||||
|
||||
[$user_id, $token] = explode('#', $plain_key, 2);
|
||||
$hash = hash('sha256', $token);
|
||||
|
||||
return static::query()
|
||||
->where('user_id', (int) $user_id)
|
||||
->where('key_hash', $hash)
|
||||
->where(function ($query): void {
|
||||
$query->whereNull('expires_at')
|
||||
|
||||
Reference in New Issue
Block a user