mojiahui/dafuweng-saiadmin6.x
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化登录接口以及中间件

Browse Source
This commit is contained in:
zhenhui
2026-03-05 16:20:18 +08:00
parent e5f83846b3
commit 39955a17a8
12 changed files with 268 additions and 516 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/config/api.php
View File

@@ -3,6 +3,12 @@
* API 鉴权与用户相关配置
*/
return [
// 登录成功返回的连接地址前缀,如 https://127.0.0.1:6777
'login_url_base' => env('API_LOGIN_URL_BASE', 'https://127.0.0.1:6777'),
// 按 username 存储的登录会话 Redis key 前缀,用于 token 中间件校验
'session_username_prefix' => env('API_SESSION_USERNAME_PREFIX', 'api:user:session:'),
// 登录会话过期时间(秒),默认 7 天
'session_expire' => (int) env('API_SESSION_EXPIRE', 604800),
// auth-token 签名密钥(与客户端约定,用于 /api/authToken 的 signature 校验,必填)
'auth_token_secret' => env('API_AUTH_TOKEN_SECRET', ''),
// auth-token 时间戳允许误差(秒),防重放,默认 300 秒

18
server/config/route.php
View File

@@ -13,19 +13,14 @@
*/
use Webman\Route;
use app\api\middleware\CheckAuthTokenMiddleware;
use app\api\middleware\CheckUserTokenMiddleware;
use app\api\middleware\TokenMiddleware;
// 仅需 auth-token 的路由组authToken 接口在中间件内白名单跳过)
// 登录接口:无需 token提交 JSON 获取带 token 的连接地址
Route::group('/api', function () {
Route::any('/authToken', [app\api\controller\AuthTokenController::class, 'index']);
Route::any('/user/login', [app\api\controller\UserController::class, 'login']);
Route::any('/user/register', [app\api\controller\UserController::class, 'register']);
})->middleware([
CheckAuthTokenMiddleware::class,
]);
Route::any('/user/Login', [app\api\controller\UserController::class, 'Login']);
})->middleware([]);
// 需 auth-token + user-token 的路由组
// 其余接口:仅经 token 中间件鉴权header: tokenbase64(username.-.time)
Route::group('/api', function () {
Route::any('/user/logout', [app\api\controller\UserController::class, 'logout']);
Route::any('/user/info', [app\api\controller\UserController::class, 'info']);
@@ -36,6 +31,5 @@ Route::group('/api', function () {
Route::any('/game/lotteryPool', [app\api\controller\GameController::class, 'lotteryPool']);
Route::any('/game/playStart', [app\api\controller\GameController::class, 'playStart']);
})->middleware([
CheckAuthTokenMiddleware::class,
CheckUserTokenMiddleware::class,
TokenMiddleware::class,
]);