优化登录接口以及中间件

server/app/api/controller/UserController.php

@@ -13,77 +13,85 @@ use app\dice\model\player_wallet_record\DicePlayerWalletRecord;
 use plugin\saiadmin\basic\OpenController;
 
 /**
- * API 用户登录/注册
- * 需先携带 auth-token，登录/注册成功后返回 user-token 与用户信息，用户信息已写入 Redis（key=base64(user_id)，value=加密）
+ * API 用户登录等
+ * 登录接口 /api/user/Login 无需 token；其余接口需在请求头携带 token（base64(username.-.time)），由 TokenMiddleware 鉴权并注入 request->player_id / request->player
  */
 class UserController extends OpenController
 {
     /**
-     * 登录
-     * POST /api/user/login
-     * body: phone (+60), password
+     * 登录（JSON body）
+     * POST /api/user/Login
+     * body: { "username": "+60123456789", "password": "123456", "lang": "chs", "coin": 2000.00, "time": 1772692089 }
+     * 根据 username 查找或创建 DicePlayer，按 coin 增减平台币，会话写 Redis，返回带 token 的连接地址
      */
-    public function login(Request $request): Response
+    public function Login(Request $request): Response
     {
-        $phone = $request->post('phone', '');
-        $password = $request->post('password', '');
-        if ($phone === '' || $password === '') {
-            return $this->fail('请填写手机号和密码', ReturnCode::PARAMS_ERROR);
+        $body = $request->rawBody();
+        if ($body === '' || $body === null) {
+            return $this->fail('请提交 JSON  body', ReturnCode::PARAMS_ERROR);
+        }
+        $data = json_decode($body, true);
+        if (!is_array($data)) {
+            return $this->fail('JSON 格式错误', ReturnCode::PARAMS_ERROR);
+        }
+        $username = trim((string) ($data['username'] ?? ''));
+        $password = trim((string) ($data['password'] ?? ''));
+        $lang = trim((string) ($data['lang'] ?? 'chs'));
+        $coin = isset($data['coin']) ? (float) $data['coin'] : 0.0;
+        $time = isset($data['time']) ? (string) $data['time'] : (string) time();
+        if ($username === '' || $password === '') {
+            return $this->fail('username、password 不能为空', ReturnCode::PARAMS_ERROR);
         }
-        $logic = new UserLogic();
-        $data = $logic->login($phone, $password);
-        return $this->success([
-            'user' => $data['user'],
-            'user-token' => $data['user-token'],
-            'user_id' => $data['user_id'],
-        ]);
-    }
 
-    /**
-     * 注册
-     * POST /api/user/register
-     * body: phone (+60), password, nickname(可选)
-     */
-    public function register(Request $request): Response
-    {
-        $phone = $request->post('phone', '');
-        $password = $request->post('password', '');
-        $nickname = $request->post('nickname');
-        if ($phone === '' || $password === '') {
-            return $this->fail('请填写手机号和密码', ReturnCode::PARAMS_ERROR);
+        try {
+            $logic = new UserLogic();
+            $result = $logic->loginByUsername($username, $password, $lang, $coin, $time);
+            return $this->success([
+                'url' => $result['url'],
+                'token' => $result['token'],
+                'lang' => $result['lang'],
+                'user_id' => $result['user_id'],
+                'user' => $result['user'],
+            ]);
+        } catch (\plugin\saiadmin\exception\ApiException $e) {
+            return $this->fail($e->getMessage(), ReturnCode::PARAMS_ERROR);
         }
-        $logic = new UserLogic();
-        $data = $logic->register($phone, $password, $nickname ? (string) $nickname : null);
-        return $this->success([
-            'user' => $data['user'],
-            'user-token' => $data['user-token'],
-            'user_id' => $data['user_id'],
-        ]);
     }
 
     /**
      * 退出登录
      * POST /api/user/logout
-     * header: user-token（由 CheckUserTokenMiddleware 校验并注入 request->userToken）
+     * header: token（JWT），清除该 username 的 Redis 会话
      */
     public function logout(Request $request): Response
     {
-        $token = $request->userToken ?? UserLogic::getTokenFromRequest($request);
-        if ($token === '' || !UserLogic::logout($token)) {
-            return $this->fail('退出失败或 token 已失效', ReturnCode::TOKEN_INVALID);
+        $token = $request->header('token');
+        if ($token === null || $token === '') {
+            $auth = $request->header('authorization');
+            if ($auth && stripos($auth, 'Bearer ') === 0) {
+                $token = trim(substr($auth, 7));
+            }
         }
+        $token = $token !== null ? trim((string) $token) : '';
+        if ($token === '') {
+            return $this->fail('请携带 token', ReturnCode::UNAUTHORIZED);
+        }
+        $username = UserLogic::getUsernameFromJwtPayload($token);
+        if ($username === null || $username === '') {
+            return $this->fail('token 无效', ReturnCode::TOKEN_INVALID);
+        }
+        UserCache::deleteSessionByUsername($username);
         return $this->success('已退出登录');
     }
 
     /**
      * 获取当前用户信息
      * GET /api/user/info
-     * header: user-token（由 CheckUserTokenMiddleware 校验并注入 request->user_id）
-     * 返回：id, username, phone, uid, name, coin, total_ticket_count
+     * header: token（由 TokenMiddleware 校验并注入 request->player_id）
      */
     public function info(Request $request): Response
     {
-        $userId = UserLogic::getUserIdFromRequest($request) ?? 0;
+        $userId = (int) ($request->player_id ?? 0);
         $user = UserLogic::getCachedUser($userId);
         if (empty($user)) {
             return $this->fail('用户不存在', ReturnCode::NOT_FOUND);
@@ -99,13 +107,13 @@ class UserController extends OpenController
     }
 
     /**
-     * 获取钱包余额（优先读缓存，缓存未命中时从库拉取并回写缓存）
+     * 获取钱包余额（优先读缓存）
      * GET /api/user/balance
-     * header: user-token（由 CheckUserTokenMiddleware 校验并注入 request->user_id）
+     * header: token（由 TokenMiddleware 注入 request->player_id）
      */
     public function balance(Request $request): Response
     {
-        $userId = UserLogic::getUserIdFromRequest($request) ?? 0;
+        $userId = (int) ($request->player_id ?? 0);
         $user = UserLogic::getCachedUser($userId);
         if (empty($user)) {
             return $this->fail('用户不存在', ReturnCode::NOT_FOUND);
@@ -124,12 +132,12 @@ class UserController extends OpenController
     /**
      * 玩家钱包流水
      * GET /api/user/walletRecord
-     * header: user-token（由 CheckUserTokenMiddleware 校验并注入 request->user_id）
+     * header: token（由 TokenMiddleware 注入 request->player_id）
      * 参数: page 页码（默认1）, limit 每页条数（默认10）, create_time_min/create_time_max 创建时间范围（可选）
      */
     public function walletRecord(Request $request): Response
     {
-        $userId = UserLogic::getUserIdFromRequest($request) ?? 0;
+        $userId = (int) ($request->player_id ?? 0);
         $page = (int) $request->post('page', 1);
         $limit = (int) $request->post('limit', 10);
         if ($page < 1) {
@@ -166,12 +174,12 @@ class UserController extends OpenController
     /**
      * 游玩记录
      * GET /api/user/playGameRecord
-     * header: user-token（由 CheckUserTokenMiddleware 校验并注入 request->user_id）
+     * header: token（由 TokenMiddleware 注入 request->player_id）
      * 参数: page 页码（默认1）, limit 每页条数（默认10）, create_time_min/create_time_max 创建时间范围（可选）
      */
     public function playGameRecord(Request $request): Response
     {
-        $userId = UserLogic::getUserIdFromRequest($request) ?? 0;
+        $userId = (int) ($request->player_id ?? 0);
         $page = (int) $request->post('page', 1);
         $limit = (int) $request->post('limit', 10);
         if ($page < 1) {