wpic-dev/datahub
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
datahub/backend/app/Middleware/AuthMiddleware.php
T
nz ff9951bb43 update backend p20.1 p20.2
2026-04-17 11:06:34 +08:00

152 lines
4.7 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
declare(strict_types=1);
namespace App\Middleware;
use App\Model\ApiKey;
use App\Model\User;
use Hyperf\HttpServer\Contract\ResponseInterface as HttpResponse;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Qbhy\HyperfAuth\AuthManager;
use Qbhy\HyperfAuth\Exception\UnauthorizedException;
class AuthMiddleware implements MiddlewareInterface
{
public function __construct(
protected AuthManager $auth,
protected HttpResponse $response
) {
}
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
// 1. 尝试 JWT Bearer Token 认证
$bearer_token = $this->extractBearerToken($request);
if ($bearer_token !== null) {
return $this->authenticateByJwt($request, $handler);
}
// 2. 尝试 API Key 认证
$api_key = $request->getHeaderLine('X-API-Key');
if ($api_key !== '') {
return $this->authenticateByApiKey($api_key, $request, $handler);
}
// 3. 无认证凭据
return $this->response->json([
'code' => 401,
'message' => '未授权,请先登录',
])->withStatus(401);
}
/**
* JWT Token 认证
*/
protected function authenticateByJwt(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
try {
$user = $this->auth->guard('jwt')->user();
if (!$user) {
return $this->response->json([
'code' => 401,
'message' => '未授权,请先登录',
])->withStatus(401);
}
// 检查用户状态
if ($user instanceof User && $user->status !== 1) {
return $this->response->json([
'code' => 403,
'message' => '账号已被禁用',
])->withStatus(403);
}
} catch (UnauthorizedException $e) {
return $this->response->json([
'code' => 401,
'message' => 'Token 无效或已过期',
])->withStatus(401);
} catch (\Throwable $e) {
return $this->response->json([
'code' => 500,
'message' => '认证失败: ' . $e->getMessage(),
])->withStatus(500);
}
// 统一存入 request attribute
$request = $request->withAttribute('auth_user', $user);
$request = $request->withAttribute('auth_type', 'jwt');
\Hyperf\Context\Context::set(ServerRequestInterface::class, $request);
return $handler->handle($request);
}
/**
* API Key 认证
*/
protected function authenticateByApiKey(string $plain_key, ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
$api_key = ApiKey::findByPlainKey($plain_key);
if (!$api_key) {
return $this->response->json([
'code' => 401,
'message' => 'API Key 无效或已过期',
])->withStatus(401);
}
if (!$api_key->enabled) {
return $this->response->json([
'code' => 403,
'message' => '该 API Key 已被禁用',
])->withStatus(403);
}
$user = $api_key->user;
if (!$user || $user->status !== 1) {
return $this->response->json([
'code' => 403,
'message' => '账号已被禁用',
])->withStatus(403);
}
if (!$user->api_key_enabled) {
return $this->response->json([
'code' => 403,
'message' => 'API Key 功能未启用,请联系管理员开启',
])->withStatus(403);
}
// 更新最后使用时间
$api_key->last_used_at = \Carbon\Carbon::now();
$api_key->save();
// 将用户存入 request attribute(不再生成临时 JWT
$request = $request->withAttribute('auth_user', $user);
$request = $request->withAttribute('auth_type', 'api_key');
\Hyperf\Context\Context::set(ServerRequestInterface::class, $request);
return $handler->handle($request);
}
/**
* 从请求头提取 Bearer Token
*/
protected function extractBearerToken(ServerRequestInterface $request): ?string
{
$header = $request->getHeaderLine('Authorization');
if ($header !== '' && str_starts_with($header, 'Bearer ')) {
$token = substr($header, 7);
return $token !== '' ? $token : null;
}
return null;
}
}
Reference in New Issue View Git Blame Copy Permalink