优化登录接口以及中间件

2026-03-05 16:20:18 +08:00
parent e5f83846b3
commit 39955a17a8
12 changed files with 268 additions and 516 deletions
--- a/server/app/api/controller/AuthTokenController.php
+++ b/server/app/api/controller/AuthTokenController.php
@@ -1,90 +0,0 @@
-<?php
-declare(strict_types=1);
-
-namespace app\api\controller;
-
-use support\Request;
-use support\Response;
-use Tinywan\Jwt\JwtToken;
-use plugin\saiadmin\basic\OpenController;
-use app\api\util\ReturnCode;
-use app\api\cache\AuthTokenCache;
-
-/**
- * API 鉴权 Token 接口
- * 仅支持 GET，必传参数：signature、secret、device、time，签名规则：signature = md5(device . secret . time)
- * 后续所有 /api 接口调用均需在请求头携带此接口返回的 auth-token
- */
-class AuthTokenController extends OpenController
-{
-    /**
-     * 获取 auth-token
-     * GET /api/authToken
-     * 参数：signature（签名）、secret（密钥）、device（设备标识）、time（时间戳，秒），四者均为必传且非空
-     */
-    public function index(Request $request): Response
-    {
-        if (strtoupper($request->method()) !== 'GET') {
-            return $this->fail('仅支持 GET 请求', ReturnCode::PARAMS_ERROR);
-        }
-
-        $param = $request->get();
-        $signature = trim((string) ($param['signature'] ?? ''));
-        $secret = trim((string) ($param['secret'] ?? ''));
-        $device = trim((string) ($param['device'] ?? ''));
-        $time = trim((string) ($param['time'] ?? ''));
-
-        if ($signature === '' || $secret === '' || $device === '' || $time === '') {
-            return $this->fail('signature、secret、device、time 均为必传且不能为空', ReturnCode::PARAMS_ERROR);
-        }
-
-        $serverSecret = trim((string) config('api.auth_token_secret', ''));
-        if ($serverSecret === '') {
-            return $this->fail('服务未配置 API_AUTH_TOKEN_SECRET', ReturnCode::PARAMS_ERROR);
-        }
-        if ($secret !== $serverSecret) {
-            return $this->fail('密钥错误', ReturnCode::FORBIDDEN);
-        }
-
-        $tolerance = (int) config('api.auth_token_time_tolerance', 300);
-        $now = time();
-        $ts = is_numeric($time) ? (int) $time : 0;
-        if ($ts <= 0 || abs($now - $ts) > $tolerance) {
-            return $this->fail('时间戳无效或已过期', ReturnCode::PARAMS_ERROR);
-        }
-
-        $sign = $this->getAuthToken($device, $serverSecret, $time);
-        if ($sign !== $signature) {
-            return $this->fail('签名验证失败', ReturnCode::FORBIDDEN);
-        }
-
-        $exp = (int) config('api.auth_token_exp', 86400);
-        $tokenResult = JwtToken::generateToken([
-            'id' => 0,
-            'plat' => 'api',
-            'device' => $device,
-            'access_exp' => $exp,
-        ]);
-
-        // 同一设备只保留最新 token，覆盖后旧 token 失效
-        AuthTokenCache::setDeviceToken($device, $tokenResult['access_token'], $exp);
-
-        return $this->success([
-            'auth-token' => $tokenResult['access_token'],
-            'expires_in' => $tokenResult['expires_in'],
-        ]);
-    }
-
-    /**
-     * 生成签名：signature = md5(device . secret . time)
-     *
-     * @param string $device 设备标识
-     * @param string $secret 密钥（来自配置）
-     * @param string $time 时间戳
-     * @return string
-     */
-    private function getAuthToken(string $device, string $secret, string $time): string
-    {
-        return md5($device . $secret . $time);
-    }
-}
--- a/server/app/api/controller/GameController.php
+++ b/server/app/api/controller/GameController.php
@@ -7,7 +7,6 @@ use support\Request;
 use support\Response;
 use app\api\logic\GameLogic;
 use app\api\logic\PlayStartLogic;
-use app\api\logic\UserLogic;
 use app\api\util\ReturnCode;
 use app\dice\model\play_record\DicePlayRecord;
 use app\dice\model\player\DicePlayer;
@@ -23,12 +22,12 @@ class GameController extends OpenController
    /**
     * 购买抽奖券
     * POST /api/game/buyLotteryTickets
-     * header: auth-token, user-token（由 CheckUserTokenMiddleware 注入 request->user_id）
+     * header: token（由 TokenMiddleware 注入 request->player_id）
     * body: count = 1 | 5 | 10（1次/100coin, 5次/500coin, 10次/1000coin）
     */
    public function buyLotteryTickets(Request $request): Response
    {
-        $userId = UserLogic::getUserIdFromRequest($request) ?? 0;
+        $userId = (int) ($request->player_id ?? 0);
        $count = (int) $request->post('count', 0);
        if (!in_array($count, [1, 5, 10], true)) {
            return $this->fail('购买抽奖券错误', ReturnCode::PARAMS_ERROR);
@@ -52,7 +51,7 @@ class GameController extends OpenController
    /**
     * 获取彩金池（中奖配置表）
     * GET /api/game/lotteryPool
-     * header: auth-token
+     * header: token
     * 返回 DiceRewardConfig 列表（彩金池/中奖配置）
     */
    public function lotteryPool(Request $request): Response
@@ -64,12 +63,12 @@ class GameController extends OpenController
    /**
     * 开始游戏（抽奖一局）
     * POST /api/game/playStart
-     * header: auth-token, user-token（由 CheckUserTokenMiddleware 注入 request->user_id）
+     * header: token（由 TokenMiddleware 注入 request->player_id）
     * body: rediction 必传，0=无 1=中奖
     */
    public function playStart(Request $request): Response
    {
-        $userId = UserLogic::getUserIdFromRequest($request) ?? 0;
+        $userId = (int) ($request->player_id ?? 0);
        $rediction = $request->post('rediction');
        if ($rediction === '' || $rediction === null) {
            return $this->fail('请传递 rediction 参数', ReturnCode::PARAMS_ERROR);
--- a/server/app/api/controller/UserController.php
+++ b/server/app/api/controller/UserController.php
@@ -13,77 +13,85 @@ use app\dice\model\player_wallet_record\DicePlayerWalletRecord;
 use plugin\saiadmin\basic\OpenController;

 /**
- * API 用户登录/注册
- * 需先携带 auth-token，登录/注册成功后返回 user-token 与用户信息，用户信息已写入 Redis（key=base64(user_id)，value=加密）
+ * API 用户登录等
+ * 登录接口 /api/user/Login 无需 token；其余接口需在请求头携带 token（base64(username.-.time)），由 TokenMiddleware 鉴权并注入 request->player_id / request->player
 */
 class UserController extends OpenController
 {
    /**
-     * 登录
-     * POST /api/user/login
-     * body: phone (+60), password
+     * 登录（JSON body）
+     * POST /api/user/Login
+     * body: { "username": "+60123456789", "password": "123456", "lang": "chs", "coin": 2000.00, "time": 1772692089 }
+     * 根据 username 查找或创建 DicePlayer，按 coin 增减平台币，会话写 Redis，返回带 token 的连接地址
     */
-    public function login(Request $request): Response
+    public function Login(Request $request): Response
    {
-        $phone = $request->post('phone', '');
-        $password = $request->post('password', '');
-        if ($phone === '' || $password === '') {
-            return $this->fail('请填写手机号和密码', ReturnCode::PARAMS_ERROR);
+        $body = $request->rawBody();
+        if ($body === '' || $body === null) {
+            return $this->fail('请提交 JSON  body', ReturnCode::PARAMS_ERROR);
+        }
+        $data = json_decode($body, true);
+        if (!is_array($data)) {
+            return $this->fail('JSON 格式错误', ReturnCode::PARAMS_ERROR);
+        }
+        $username = trim((string) ($data['username'] ?? ''));
+        $password = trim((string) ($data['password'] ?? ''));
+        $lang = trim((string) ($data['lang'] ?? 'chs'));
+        $coin = isset($data['coin']) ? (float) $data['coin'] : 0.0;
+        $time = isset($data['time']) ? (string) $data['time'] : (string) time();
+        if ($username === '' || $password === '') {
+            return $this->fail('username、password 不能为空', ReturnCode::PARAMS_ERROR);
        }
-        $logic = new UserLogic();
-        $data = $logic->login($phone, $password);
-        return $this->success([
-            'user' => $data['user'],
-            'user-token' => $data['user-token'],
-            'user_id' => $data['user_id'],
-        ]);
-    }

-    /**
-     * 注册
-     * POST /api/user/register
-     * body: phone (+60), password, nickname(可选)
-     */
-    public function register(Request $request): Response
-    {
-        $phone = $request->post('phone', '');
-        $password = $request->post('password', '');
-        $nickname = $request->post('nickname');
-        if ($phone === '' || $password === '') {
-            return $this->fail('请填写手机号和密码', ReturnCode::PARAMS_ERROR);
+        try {
+            $logic = new UserLogic();
+            $result = $logic->loginByUsername($username, $password, $lang, $coin, $time);
+            return $this->success([
+                'url' => $result['url'],
+                'token' => $result['token'],
+                'lang' => $result['lang'],
+                'user_id' => $result['user_id'],
+                'user' => $result['user'],
+            ]);
+        } catch (\plugin\saiadmin\exception\ApiException $e) {
+            return $this->fail($e->getMessage(), ReturnCode::PARAMS_ERROR);
        }
-        $logic = new UserLogic();
-        $data = $logic->register($phone, $password, $nickname ? (string) $nickname : null);
-        return $this->success([
-            'user' => $data['user'],
-            'user-token' => $data['user-token'],
-            'user_id' => $data['user_id'],
-        ]);
    }

    /**
     * 退出登录
     * POST /api/user/logout
-     * header: user-token（由 CheckUserTokenMiddleware 校验并注入 request->userToken）
+     * header: token（JWT），清除该 username 的 Redis 会话
     */
    public function logout(Request $request): Response
    {
-        $token = $request->userToken ?? UserLogic::getTokenFromRequest($request);
-        if ($token === '' || !UserLogic::logout($token)) {
-            return $this->fail('退出失败或 token 已失效', ReturnCode::TOKEN_INVALID);
+        $token = $request->header('token');
+        if ($token === null || $token === '') {
+            $auth = $request->header('authorization');
+            if ($auth && stripos($auth, 'Bearer ') === 0) {
+                $token = trim(substr($auth, 7));
+            }
        }
+        $token = $token !== null ? trim((string) $token) : '';
+        if ($token === '') {
+            return $this->fail('请携带 token', ReturnCode::UNAUTHORIZED);
+        }
+        $username = UserLogic::getUsernameFromJwtPayload($token);
+        if ($username === null || $username === '') {
+            return $this->fail('token 无效', ReturnCode::TOKEN_INVALID);
+        }
+        UserCache::deleteSessionByUsername($username);
        return $this->success('已退出登录');
    }

    /**
     * 获取当前用户信息
     * GET /api/user/info
-     * header: user-token（由 CheckUserTokenMiddleware 校验并注入 request->user_id）
-     * 返回：id, username, phone, uid, name, coin, total_ticket_count
+     * header: token（由 TokenMiddleware 校验并注入 request->player_id）
     */
    public function info(Request $request): Response
    {
-        $userId = UserLogic::getUserIdFromRequest($request) ?? 0;
+        $userId = (int) ($request->player_id ?? 0);
        $user = UserLogic::getCachedUser($userId);
        if (empty($user)) {
            return $this->fail('用户不存在', ReturnCode::NOT_FOUND);
@@ -99,13 +107,13 @@ class UserController extends OpenController
    }

    /**
-     * 获取钱包余额（优先读缓存，缓存未命中时从库拉取并回写缓存）
+     * 获取钱包余额（优先读缓存）
     * GET /api/user/balance
-     * header: user-token（由 CheckUserTokenMiddleware 校验并注入 request->user_id）
+     * header: token（由 TokenMiddleware 注入 request->player_id）
     */
    public function balance(Request $request): Response
    {
-        $userId = UserLogic::getUserIdFromRequest($request) ?? 0;
+        $userId = (int) ($request->player_id ?? 0);
        $user = UserLogic::getCachedUser($userId);
        if (empty($user)) {
            return $this->fail('用户不存在', ReturnCode::NOT_FOUND);
@@ -124,12 +132,12 @@ class UserController extends OpenController
    /**
     * 玩家钱包流水
     * GET /api/user/walletRecord
-     * header: user-token（由 CheckUserTokenMiddleware 校验并注入 request->user_id）
+     * header: token（由 TokenMiddleware 注入 request->player_id）
     * 参数: page 页码（默认1）, limit 每页条数（默认10）, create_time_min/create_time_max 创建时间范围（可选）
     */
    public function walletRecord(Request $request): Response
    {
-        $userId = UserLogic::getUserIdFromRequest($request) ?? 0;
+        $userId = (int) ($request->player_id ?? 0);
        $page = (int) $request->post('page', 1);
        $limit = (int) $request->post('limit', 10);
        if ($page < 1) {
@@ -166,12 +174,12 @@ class UserController extends OpenController
    /**
     * 游玩记录
     * GET /api/user/playGameRecord
-     * header: user-token（由 CheckUserTokenMiddleware 校验并注入 request->user_id）
+     * header: token（由 TokenMiddleware 注入 request->player_id）
     * 参数: page 页码（默认1）, limit 每页条数（默认10）, create_time_min/create_time_max 创建时间范围（可选）
     */
    public function playGameRecord(Request $request): Response
    {
-        $userId = UserLogic::getUserIdFromRequest($request) ?? 0;
+        $userId = (int) ($request->player_id ?? 0);
        $page = (int) $request->post('page', 1);
        $limit = (int) $request->post('limit', 10);
        if ($page < 1) {