优化登录接口以及中间件
This commit is contained in:
54
server/app/api/cache/AuthTokenCache.php
vendored
54
server/app/api/cache/AuthTokenCache.php
vendored
@@ -1,54 +0,0 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace app\api\cache;
|
||||
|
||||
use support\think\Cache;
|
||||
|
||||
/**
|
||||
* 按设备标识存储当前有效的 auth-token,同一设备只保留最新一个,旧 token 自动失效
|
||||
*/
|
||||
class AuthTokenCache
|
||||
{
|
||||
private static function prefix(): string
|
||||
{
|
||||
return config('api.auth_token_device_prefix', 'api:auth_token:');
|
||||
}
|
||||
|
||||
/**
|
||||
* 设置该设备当前有效的 auth-token(会覆盖同设备之前的 token,使旧 token 失效)
|
||||
* @param string $device 设备标识,如 dice
|
||||
* @param string $token 完整 auth-token 字符串
|
||||
* @param int $ttl 过期时间(秒),应与 auth_token_exp 一致
|
||||
*/
|
||||
public static function setDeviceToken(string $device, string $token, int $ttl): bool
|
||||
{
|
||||
if ($device === '' || $ttl <= 0) {
|
||||
return false;
|
||||
}
|
||||
$key = self::prefix() . $device;
|
||||
return Cache::set($key, $token, $ttl);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取该设备当前有效的 auth-token,不存在或已过期返回 null
|
||||
*/
|
||||
public static function getDeviceToken(string $device): ?string
|
||||
{
|
||||
if ($device === '') {
|
||||
return null;
|
||||
}
|
||||
$key = self::prefix() . $device;
|
||||
$value = Cache::get($key);
|
||||
return $value !== null && $value !== '' ? (string) $value : null;
|
||||
}
|
||||
|
||||
/**
|
||||
* 校验请求中的 token 是否为该设备当前唯一有效 token
|
||||
*/
|
||||
public static function isCurrentToken(string $device, string $token): bool
|
||||
{
|
||||
$current = self::getDeviceToken($device);
|
||||
return $current !== null && $current === $token;
|
||||
}
|
||||
}
|
||||
48
server/app/api/cache/UserCache.php
vendored
48
server/app/api/cache/UserCache.php
vendored
@@ -178,4 +178,52 @@ class UserCache
|
||||
$current = self::getCurrentUserToken($userId);
|
||||
return $current !== null && $current === $token;
|
||||
}
|
||||
|
||||
/** 按 username 的登录会话 key 前缀(token 中间件:存在即视为已登录) */
|
||||
private static function sessionUsernamePrefix(): string
|
||||
{
|
||||
return config('api.session_username_prefix', 'api:user:session:');
|
||||
}
|
||||
|
||||
private static function sessionExpire(): int
|
||||
{
|
||||
return (int) config('api.session_expire', 604800);
|
||||
}
|
||||
|
||||
/** 设置 username 当前有效 token(JWT),重新登录会覆盖,实现单点登录 */
|
||||
public static function setSessionByUsername(string $username, string $token): bool
|
||||
{
|
||||
if ($username === '' || $token === '') {
|
||||
return false;
|
||||
}
|
||||
$key = self::sessionUsernamePrefix() . $username;
|
||||
return Cache::set($key, $token, self::sessionExpire());
|
||||
}
|
||||
|
||||
/** 获取 username 当前在服务端登记的有效 token(JWT),不存在返回 null */
|
||||
public static function getSessionTokenByUsername(string $username): ?string
|
||||
{
|
||||
if ($username === '') {
|
||||
return null;
|
||||
}
|
||||
$key = self::sessionUsernamePrefix() . $username;
|
||||
$val = Cache::get($key);
|
||||
return $val !== null && $val !== '' ? (string) $val : null;
|
||||
}
|
||||
|
||||
/** 检查 username 是否已有登录会话(Redis 中是否存在当前 token) */
|
||||
public static function hasSessionByUsername(string $username): bool
|
||||
{
|
||||
return self::getSessionTokenByUsername($username) !== null;
|
||||
}
|
||||
|
||||
/** 删除 username 登录会话(退出登录时调用) */
|
||||
public static function deleteSessionByUsername(string $username): bool
|
||||
{
|
||||
if ($username === '') {
|
||||
return false;
|
||||
}
|
||||
$key = self::sessionUsernamePrefix() . $username;
|
||||
return Cache::delete($key);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user