Home Explore Help
Register Sign In
Kirin
/
yatang
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
yatang
/
app
/
controller
/
api
/
Auth.php

Auth.php 12 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310 
  1. <?php
    2. 

  2. 

  3. // +----------------------------------------------------------------------
    4. 

  4. // | CRMEB [ CRMEB赋能开发者,助力企业发展 ]
    5. 

  5. // +----------------------------------------------------------------------
    6. 

  6. // | Copyright (c) 2016~2020 https://www.crmeb.com All rights reserved.
    7. 

  7. // +----------------------------------------------------------------------
    8. 

  8. // | Licensed CRMEB并不是自由软件,未经许可不能去掉CRMEB相关版权
    9. 

  9. // +----------------------------------------------------------------------
    10. 

  10. // | Author: CRMEB Team <admin@crmeb.com>
    11. 

  11. // +----------------------------------------------------------------------
    12. 

  12. 

  13. 

  14. namespace app\controller\api;
    15. 

  15. 

  16. 

  17. use app\common\repositories\user\UserRepository;
    18. 

  18. use app\common\repositories\wechat\RoutineQrcodeRepository;
    19. 

  19. use app\common\repositories\wechat\WechatUserRepository;
    20. 

  20. use app\validate\api\ChangePasswordValidate;
    21. 

  21. use app\validate\api\UserAuthValidate;
    22. 

  22. use crmeb\basic\BaseController;
    23. 

  23. use crmeb\services\MiniProgramService;
    24. 

  24. use crmeb\services\WechatService;
    25. 

  25. use crmeb\services\YunxinSmsService;
    26. 

  26. use Exception;
    27. 

  27. use Gregwar\Captcha\CaptchaBuilder;
    28. 

  28. use Gregwar\Captcha\PhraseBuilder;
    29. 

  29. use Symfony\Component\HttpFoundation\Request;
    30. 

  30. use think\db\exception\DataNotFoundException;
    31. 

  31. use think\db\exception\DbException;
    32. 

  32. use think\db\exception\ModelNotFoundException;
    33. 

  33. use think\facade\Cache;
    34. 

  34. 

  35. 

  36. /**
    37. 

  37.  * Class Auth
    38. 

  38.  * @package app\controller\api
    39. 

  39.  * @author xaboy
    40. 

  40.  * @day 2020-05-06
    41. 

  41.  */
    42. 

  42. class Auth extends BaseController
    43. 

  43. {
    44. 

  44.     public function test()
    45. 

  45.     {
    46. 

  46.         Cache::set('_scan_login1cb532170a4bcc80938a13e9d41a567e', 7233);
    47. 

  47.         var_dump(Cache::get('_scan_login1cb532170a4bcc80938a13e9d41a567e'));
    48. 

  48.     }
    49. 

  49. 

  50.     /**
    51. 

  51.      * @param UserRepository $repository
    52. 

  52.      * @return mixed
    53. 

  53.      * @throws DbException
    54. 

  54.      * @author xaboy
    55. 

  55.      * @day 2020/6/1
    56. 

  56.      */
    57. 

  57.     public function login(UserRepository $repository)
    58. 

  58.     {
    59. 

  59.         $account = $this->request->param('account');
    60. 

  60.         if (!$account)
    61. 

  61.             return app('json')->fail('请输入账号');
    62. 

  62.         $user = $repository->accountByUser($this->request->param('account'));
    63. 

  63.         if (!$user)
    64. 

  64.             return app('json')->fail('账号或密码错误');
    65. 

  65.         if (!password_verify($pwd = (string)$this->request->param('password'), $user['pwd']))
    66. 

  66.             return app('json')->fail('账号或密码错误');
    67. 

  67.         $user = $repository->mainUser($user);
    68. 

  68.         $pid = $this->request->param('spread', 0);
    69. 

  69.         $repository->bindSpread($user, intval($pid));
    70. 

  70. 

  71.         $tokenInfo = $repository->createToken($user);
    72. 

  72.         $repository->loginAfter($user);
    73. 

  73. 

  74.         return app('json')->success($repository->returnToken($user, $tokenInfo));
    75. 

  75.     }
    76. 

  76. 

  77. 

  78.     /**
    79. 

  79.      * @return mixed
    80. 

  80.      * @author xaboy
    81. 

  81.      * @day 2020/6/1
    82. 

  82.      */
    83. 

  83.     public function userInfo()
    84. 

  84.     {
    85. 

  85.         $user = $this->request->userInfo()->hidden(['label_id', 'group_id', 'pwd', 'addres', 'card_id', 'last_time', 'last_ip', 'create_time', 'mark', 'status', 'spread_uid', 'spread_time', 'real_name', 'birthday', 'brokerage_price']);
    86. 

  86.         $user->append(['service', 'total_collect_product', 'total_collect_store', 'total_coupon', 'total_visit_product', 'total_unread', 'total_recharge']);
    87. 

  87.         $data = $user->toArray();
    88. 

  88.         $data['total_consume'] = $user['pay_price'];
    89. 

  89.         $data['extension_status'] = systemConfig('extension_status');
    90. 

  90.         return app('json')->success($data);
    91. 

  91.     }
    92. 

  92. 

  93.     /**
    94. 

  94.      * @param UserRepository $repository
    95. 

  95.      * @return mixed
    96. 

  96.      * @author xaboy
    97. 

  97.      * @day 2020/6/1
    98. 

  98.      */
    99. 

  99.     public function logout(UserRepository $repository)
    100. 

  100.     {
    101. 

  101.         $repository->clearToken($this->request->token());
    102. 

  102.         return app('json')->success('退出登录');
    103. 

  103.     }
    104. 

  104. 

  105.     /**
    106. 

  106.      * @return mixed
    107. 

  107.      * @throws DataNotFoundException
    108. 

  108.      * @throws DbException
    109. 

  109.      * @throws ModelNotFoundException
    110. 

  110.      * @author xaboy
    111. 

  111.      * @day 2020-05-11
    112. 

  112.      */
    113. 

  113.     public function auth()
    114. 

  114.     {
    115. 

  115.         $request = $this->request;
    116. 

  116.         $oauth = WechatService::create()->getApplication()->oauth;
    117. 

  117.         $oauth->setRequest(new Request($request->get(), $request->post(), [], [], [], $request->server(), $request->getContent()));
    118. 

  118.         try {
    119. 

  119.             $wechatInfo = $oauth->user()->getOriginal();
    120. 

  120.         } catch (Exception $e) {
    121. 

  121.             return app('json')->fail('授权失败[001]', ['message' => $e->getMessage()]);
    122. 

  122.         }
    123. 

  123.         if (!isset($wechatInfo['nickname'])) {
    124. 

  124.             return app('json')->fail('授权失败[002]');
    125. 

  125.         }
    126. 

  126.         /** @var WechatUserRepository $make */
    127. 

  127.         $make = app()->make(WechatUserRepository::class);
    128. 

  128. 

  129.         $user = $make->syncUser($wechatInfo['openid'], $wechatInfo);
    130. 

  130.         if (!$user)
    131. 

  131.             return app('json')->fail('授权失败[003]');
    132. 

  132.         /** @var UserRepository $make */
    133. 

  133.         $userRepository = app()->make(UserRepository::class);
    134. 

  134.         $user[1] = $userRepository->mainUser($user[1]);
    135. 

  135. 

  136.         $pid = $this->request->param('spread', 0);
    137. 

  137.         $userRepository->bindSpread($user[1], intval($pid));
    138. 

  138. 

  139.         $tokenInfo = $userRepository->createToken($user[1]);
    140. 

  140.         $userRepository->loginAfter($user[1]);
    141. 

  141. 

  142.         return app('json')->success($userRepository->returnToken($user[1], $tokenInfo));
    143. 

  143.     }
    144. 

  144. 

  145.     /**
    146. 

  146.      * @return mixed
    147. 

  147.      * @throws DataNotFoundException
    148. 

  148.      * @throws DbException
    149. 

  149.      * @throws ModelNotFoundException
    150. 

  150.      * @author xaboy
    151. 

  151.      * @day 2020-05-11
    152. 

  152.      */
    153. 

  153.     public function mpAuth()
    154. 

  154.     {
    155. 

  155.         list($code, $post_cache_key) = $this->request->params([
    156. 

  156.             'code',
    157. 

  157.             'cache_key',
    158. 

  158.         ], true);
    159. 

  159.         $session_key = Cache::get('eb_api_code_' . $post_cache_key);
    160. 

  160.         if (!$code && !$session_key)
    161. 

  161.             return app('json')->fail('授权失败,参数有误');
    162. 

  162.         $miniProgramService = MiniProgramService::create();
    163. 

  163.         if ($code && !$session_key) {
    164. 

  164.             try {
    165. 

  165.                 $userInfoCong = $miniProgramService->getUserInfo($code);
    166. 

  166.                 $session_key = $userInfoCong['session_key'];
    167. 

  167.                 $cache_key = md5(time() . $code);
    168. 

  168.                 Cache::set('eb_api_code_' . $cache_key, $session_key, 86400);
    169. 

  169.             } catch (Exception $e) {
    170. 

  170.                 return app('json')->fail('获取session_key失败,请检查您的配置!', ['line' => $e->getLine(), 'message' => $e->getMessage()]);
    171. 

  171.             }
    172. 

  172.         }
    173. 

  173. 

  174.         $data = $this->request->params([
    175. 

  175.             ['spread_spid', 0],
    176. 

  176.             ['spread_code', ''],
    177. 

  177.             ['iv', ''],
    178. 

  178.             ['encryptedData', ''],
    179. 

  179.         ]);
    180. 

  180. 

  181.         try {
    182. 

  182.             //解密获取用户信息
    183. 

  183.             $userInfo = $miniProgramService->encryptor($session_key, $data['iv'], $data['encryptedData']);
    184. 

  184.         } catch (Exception $e) {
    185. 

  185.             if ($e->getCode() == '-41003') return app('json')->fail('获取会话密匙失败', ['line' => $e->getLine(), 'message' => $e->getMessage()]);
    186. 

  186.             throw $e;
    187. 

  187.         }
    188. 

  188.         if (!$userInfo) return app('json')->fail('openid获取失败');
    189. 

  189.         if (!isset($userInfo['openId'])) $userInfo['openId'] = $userInfoCong['openid'] ?? '';
    190. 

  190.         $userInfo['unionId'] = $userInfoCong['unionid'] ?? $userInfo['unionId'] ?? '';
    191. 

  191.         if (!$userInfo['openId']) return app('json')->fail('openid获取失败');
    192. 

  192. 

  193.         /** @var WechatUserRepository $make */
    194. 

  194.         $make = app()->make(WechatUserRepository::class);
    195. 

  195.         $user = $make->syncRoutineUser($userInfo['openId'], $userInfo);
    196. 

  196.         if (!$user)
    197. 

  197.             return app('json')->fail('授权失败');
    198. 

  198.         /** @var UserRepository $make */
    199. 

  199.         $userRepository = app()->make(UserRepository::class);
    200. 

  200.         $user[1] = $userRepository->mainUser($user[1]);
    201. 

  201.         $code = intval($data['spread_code']['id'] ?? $data['spread_code']);
    202. 

  202.         //获取是否有扫码进小程序
    203. 

  203.         if ($code && ($info = app()->make(RoutineQrcodeRepository::class)->getRoutineQrcodeFindType($code))) {
    204. 

  204.             $data['spread_spid'] = $info['third_id'];
    205. 

  205.         }
    206. 

  206.         $userRepository->bindSpread($user[1], intval($data['spread_spid']));
    207. 

  207.         $tokenInfo = $userRepository->createToken($user[1]);
    208. 

  208.         $userRepository->loginAfter($user[1]);
    209. 

  209. 

  210.         return app('json')->success($userRepository->returnToken($user[1], $tokenInfo));
    211. 

  211.     }
    212. 

  212. 

  213.     public function getCaptcha()
    214. 

  214.     {
    215. 

  215.         $codeBuilder = new CaptchaBuilder(null, new PhraseBuilder(4));
    216. 

  216.         $key = uniqid(microtime(true), true);
    217. 

  217.         Cache::set('api_captche' . $key, $codeBuilder->getPhrase(), 300);
    218. 

  218.         $captcha = $codeBuilder->build()->inline();
    219. 

  219.         $code = $codeBuilder->getPhrase();
    220. 

  220.         return app('json')->success(compact('key', 'code', 'captcha'));
    221. 

  221.     }
    222. 

  222. 

  223.     protected function checkCaptcha($uni, string $code): bool
    224. 

  224.     {
    225. 

  225.         $cacheName = 'api_captche' . $uni;
    226. 

  226.         if (!Cache::has($cacheName)) return false;
    227. 

  227.         $key = Cache::get($cacheName);
    228. 

  228.         $code = mb_strtolower($code, 'UTF-8');
    229. 

  229.         $res = password_verify($code, $key);
    230. 

  230.         if ($res) Cache::delete($cacheName);
    231. 

  231.         return $res;
    232. 

  232.     }
    233. 

  233. 

  234.     public function verify(UserAuthValidate $validate)
    235. 

  235.     {
    236. 

  236.         $data = $this->request->params(['phone', 'code', 'key', ['type', 'login']]);
    237. 

  237.         $validate->sceneVerify()->check($data);
    238. 

  238. 

  239.         $sms_num_key = 'api.auth.num.' . $data['phone'];
    240. 

  240.         $num = Cache::get($sms_num_key) ? Cache::get($sms_num_key) : 0;
    241. 

  241.         if ($num > 2) {
    242. 

  242.             if (!$data['code'])
    243. 

  243.                 return app('json')->make(402, '请输入验证码');
    244. 

  244.             if (!$this->checkCaptcha($data['key'], $data['code']))
    245. 

  245.                 return app('json')->fail('验证码输入有误');
    246. 

  246.         }
    247. 

  247.         $sms = (YunxinSmsService::create());
    248. 

  248. //        if(!env('APP_DEBUG', false)){
    249. 

  249.         try {
    250. 

  250.             $sms_code = str_pad(random_int(1, 9999), 4, 0, STR_PAD_LEFT);
    251. 

  251.             $sms_time = systemConfig('sms_time') ? systemConfig('sms_time') : 30;
    252. 

  252.             $sms->send($data['phone'], 'VERIFICATION_CODE', ['code' => $sms_code, 'time' => $sms_time]);
    253. 

  253.         } catch (Exception $e) {
    254. 

  254.             return app('json')->fail($e->getMessage());
    255. 

  255.         }
    256. 

  256. //        }else{
    257. 

  257. //            $sms_code =  1234;
    258. 

  258. //            $sms_time = 5;
    259. 

  259. //        }
    260. 

  260.         $sms_key = $sms->sendSmsKey($data['phone'], $data['type']);
    261. 

  261.         Cache::set($sms_key, $sms_code, $sms_time * 60);
    262. 

  262.         Cache::set($sms_num_key, $num + 1, 300);
    263. 

  263.         //'短信发送成功'
    264. 

  264.         return app('json')->success('短信发送成功');
    265. 

  265.     }
    266. 

  266. 

  267. 

  268.     public function smsLogin(UserAuthValidate $validate, UserRepository $repository)
    269. 

  269.     {
    270. 

  270.         $data = $this->request->params(['phone', 'sms_code', 'spread']);
    271. 

  271.         $validate->sceneSmslogin()->check($data);
    272. 

  272. //        if (!(YunxinSmsService::create())->checkSmsCode($data['phone'], $data['sms_code'], 'login'))
    273. 

  273. //            return app('json')->fail('验证码不正确');
    274. 

  274.         $user = $repository->accountByUser($data['phone']);
    275. 

  275.         if (!$user) $user = $repository->registr($data['phone'], null);
    276. 

  276.         $user = $repository->mainUser($user);
    277. 

  277.         $repository->bindSpread($user, intval($data['spread']));
    278. 

  278. 

  279.         $tokenInfo = $repository->createToken($user);
    280. 

  280.         $repository->loginAfter($user);
    281. 

  281. 

  282.         return app('json')->success($repository->returnToken($user, $tokenInfo));
    283. 

  283.     }
    284. 

  284. 

  285.     public function changePassword(ChangePasswordValidate $validate, UserRepository $repository)
    286. 

  286.     {
    287. 

  287.         $data = $this->request->params(['phone', 'sms_code', 'pwd']);
    288. 

  288.         $validate->check($data);
    289. 

  289.         $user = $repository->accountByUser($data['phone']);
    290. 

  290.         if (!$user) return app('json')->fail('用户不存在');
    291. 

  291.         if (!(YunxinSmsService::create())->checkSmsCode($data['phone'], $data['sms_code'], 'change_pwd'))
    292. 

  292.             return app('json')->fail('验证码不正确');
    293. 

  293.         $user->pwd = $repository->encodePassword($data['pwd']);
    294. 

  294.         $user->save();
    295. 

  295.         return app('json')->success('修改成功');
    296. 

  296.     }
    297. 

  297. 

  298.     public function spread(UserRepository $userRepository)
    299. 

  299.     {
    300. 

  300.         $data = $this->request->params([
    301. 

  301.             ['spread_spid', 0],
    302. 

  302.             ['spread_code', null],
    303. 

  303.         ]);
    304. 

  304.         if (isset($data['spread_code']['id']) && ($info = app()->make(RoutineQrcodeRepository::class)->getRoutineQrcodeFindType($data['spread_code']['id']))) {
    305. 

  305.             $data['spread_spid'] = $info['third_id'];
    306. 

  306.         }
    307. 

  307.         $userRepository->bindSpread($this->request->userInfo(), intval($data['spread_spid']));
    308. 

  308.         return app('json')->success();
    309. 

  309.     }
    310. 

  310. }
    311.