[接口]鉴权authToken用户登录login-注册register-退出logout, 并将用户信息保存到redis中

2026-03-04 11:39:11 +08:00
parent ad56d6d4ce
commit 77a898df22
10 changed files with 585 additions and 7 deletions
--- a/server/app/api/controller/UserController.php
+++ b/server/app/api/controller/UserController.php
@@ -0,0 +1,83 @@
+<?php
+declare(strict_types=1);
+
+namespace app\api\controller;
+
+use support\Request;
+use support\Response;
+use app\api\logic\UserLogic;
+use plugin\saiadmin\basic\OpenController;
+
+/**
+ * API 用户登录/注册
+ * 需先携带 auth-token，登录/注册成功后返回 user-token 与用户信息，用户信息已写入 Redis（key=base64(user_id)，value=加密）
+ */
+class UserController extends OpenController
+{
+    /**
+     * 登录
+     * POST /api/user/login
+     * body: phone (+60), password
+     */
+    public function login(Request $request): Response
+    {
+        $phone = $request->post('phone', '');
+        $password = $request->post('password', '');
+        if ($phone === '' || $password === '') {
+            return $this->fail('请填写手机号和密码');
+        }
+        $logic = new UserLogic();
+        $data = $logic->login($phone, $password);
+        return $this->success([
+            'user' => $data['user'],
+            'user-token' => $data['user-token'],
+            'user_id' => $data['user_id'],
+        ]);
+    }
+
+    /**
+     * 注册
+     * POST /api/user/register
+     * body: phone (+60), password, nickname(可选)
+     */
+    public function register(Request $request): Response
+    {
+        $phone = $request->post('phone', '');
+        $password = $request->post('password', '');
+        $nickname = $request->post('nickname');
+        if ($phone === '' || $password === '') {
+            return $this->fail('请填写手机号和密码');
+        }
+        $logic = new UserLogic();
+        $data = $logic->register($phone, $password, $nickname ? (string) $nickname : null);
+        return $this->success([
+            'user' => $data['user'],
+            'user-token' => $data['user-token'],
+            'user_id' => $data['user_id'],
+        ]);
+    }
+
+    /**
+     * 退出登录
+     * POST /api/user/logout
+     * header: user-token（或 Authorization: Bearer <user-token>）
+     * 将当前 user-token 加入黑名单，之后该 token 无法再用于获取 user_id
+     */
+    public function logout(Request $request): Response
+    {
+        $token = $request->header('user-token');
+        if (empty($token)) {
+            $auth = $request->header('authorization');
+            if ($auth && stripos($auth, 'Bearer ') === 0) {
+                $token = trim(substr($auth, 7));
+            }
+        }
+        if (empty($token)) {
+            return $this->fail('请携带 user-token');
+        }
+        if (UserLogic::logout($token)) {
+            return $this->success('已退出登录');
+        }
+        return $this->fail('退出失败或 token 已失效');
+    }
+}