mojiahui/dafuweng-saiadmin6.x
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mojiahui:master
Branches Tags
mojiahui:master mojiahui:master-v3 mojiahui:master-v2
...
compare: mojiahui:005f261e03b9d52cba538dfd40005d6ed8cfff78
Branches Tags
mojiahui:master-v3 mojiahui:master-v2 mojiahui:master

4 Commits
master ... 005f261e03

Author SHA1 Message Date
zhenhui
005f261e03 优化性能 2026-03-05 17:20:44 +08:00
zhenhui
effdaaa38b 优化 2026-03-05 16:53:08 +08:00
zhenhui
aef404548d 优化 2026-03-05 16:50:52 +08:00
zhenhui
39955a17a8 优化登录接口以及中间件 2026-03-05 16:20:18 +08:00
23 changed files with 469 additions and 599 deletions
Expand all files Collapse all files

10
server/.env.example
View File

@@ -18,13 +18,13 @@ REDIS_DB = 0
# API 鉴权与用户(可选,不填则用默认值)
# authToken 签名密钥(必填,与客户端约定,用于 signature 校验)
API_AUTH_TOKEN_SECRET = xF75oK91TQj13s0UmNIr1NBWMWGfflNO
API_AUTH_TOKEN_SECRET = xF75oK91TQj13s0UmNIr1NBWMWGfflNO
# authToken 时间戳允许误差秒数,防重放,默认 300
API_AUTH_TOKEN_TIME_TOLERANCE = 300
API_AUTH_TOKEN_EXP = 86400
API_AUTH_TOKEN_TIME_TOLERANCE = 300
API_AUTH_TOKEN_EXP = 86400
# API_USER_TOKEN_EXP = 604800
API_USER_CACHE_EXPIRE = 86400
API_USER_ENCRYPT_KEY = Wj818SK8dhKBKNOY3PUTmZfhQDMCXEZi
API_USER_CACHE_EXPIRE = 86400
API_USER_ENCRYPT_KEY = Wj818SK8dhKBKNOY3PUTmZfhQDMCXEZi
# 验证码配置,支持cache|session
CAPTCHA_MODE = cache

54
server/app/api/cache/AuthTokenCache.php vendored
View File

@@ -1,54 +0,0 @@
<?php
declare(strict_types=1);
namespace app\api\cache;
use support\think\Cache;
/**
* 按设备标识存储当前有效的 auth-token同一设备只保留最新一个旧 token 自动失效
*/
class AuthTokenCache
{
private static function prefix(): string
{
return config('api.auth_token_device_prefix', 'api:auth_token:');
}
/**
* 设置该设备当前有效的 auth-token会覆盖同设备之前的 token使旧 token 失效)
* @param string $device 设备标识,如 dice
* @param string $token 完整 auth-token 字符串
* @param int $ttl 过期时间(秒),应与 auth_token_exp 一致
*/
public static function setDeviceToken(string $device, string $token, int $ttl): bool
{
if ($device === '' || $ttl <= 0) {
return false;
}
$key = self::prefix() . $device;
return Cache::set($key, $token, $ttl);
}
/**
* 获取该设备当前有效的 auth-token不存在或已过期返回 null
*/
public static function getDeviceToken(string $device): ?string
{
if ($device === '') {
return null;
}
$key = self::prefix() . $device;
$value = Cache::get($key);
return $value !== null && $value !== '' ? (string) $value : null;
}
/**
* 校验请求中的 token 是否为该设备当前唯一有效 token
*/
public static function isCurrentToken(string $device, string $token): bool
{
$current = self::getDeviceToken($device);
return $current !== null && $current === $token;
}
}

104
server/app/api/cache/UserCache.php vendored
View File

@@ -178,4 +178,108 @@ class UserCache
$current = self::getCurrentUserToken($userId);
return $current !== null && $current === $token;
}
/** 按 username 的登录会话 key 前缀token 中间件:存在即视为已登录) */
private static function sessionUsernamePrefix(): string
{
return config('api.session_username_prefix', 'api:user:session:');
}
private static function sessionExpire(): int
{
return (int) config('api.session_expire', 604800);
}
/** 设置 username 当前有效 tokenJWT重新登录会覆盖实现单点登录 */
public static function setSessionByUsername(string $username, string $token): bool
{
if ($username === '' || $token === '') {
return false;
}
$key = self::sessionUsernamePrefix() . $username;
return Cache::set($key, $token, self::sessionExpire());
}
/** 获取 username 当前在服务端登记的有效 tokenJWT不存在返回 null */
public static function getSessionTokenByUsername(string $username): ?string
{
if ($username === '') {
return null;
}
$key = self::sessionUsernamePrefix() . $username;
$val = Cache::get($key);
return $val !== null && $val !== '' ? (string) $val : null;
}
/** 检查 username 是否已有登录会话Redis 中是否存在当前 token */
public static function hasSessionByUsername(string $username): bool
{
return self::getSessionTokenByUsername($username) !== null;
}
/** 删除 username 登录会话(退出登录时调用) */
public static function deleteSessionByUsername(string $username): bool
{
if ($username === '') {
return false;
}
$key = self::sessionUsernamePrefix() . $username;
return Cache::delete($key);
}
/** 玩家缓存 key 前缀Token 中间件用,减少重复查库) */
private static function playerCachePrefix(): string
{
return config('api.player_cache_prefix', 'api:player:');
}
private static function playerCacheTtl(): int
{
return (int) config('api.player_cache_ttl', 300);
}
/**
* 按 username 缓存玩家信息(仅 id + username供中间件注入 request->player 后使用)
* 登录/信息变更时需调用 deletePlayerByUsername 失效
*/
public static function setPlayerByUsername(string $username, array $playerRow): bool
{
if ($username === '' || empty($playerRow)) {
return false;
}
$ttl = self::playerCacheTtl();
if ($ttl <= 0) {
return true;
}
$key = self::playerCachePrefix() . $username;
return Cache::set($key, json_encode($playerRow), $ttl);
}
/** 按 username 取缓存玩家,未命中返回 null */
public static function getPlayerByUsername(string $username): ?array
{
if ($username === '') {
return null;
}
if (self::playerCacheTtl() <= 0) {
return null;
}
$key = self::playerCachePrefix() . $username;
$val = Cache::get($key);
if ($val === null || $val === '') {
return null;
}
$data = json_decode((string) $val, true);
return is_array($data) ? $data : null;
}
/** 退出登录或玩家信息变更时删除玩家缓存 */
public static function deletePlayerByUsername(string $username): bool
{
if ($username === '') {
return false;
}
$key = self::playerCachePrefix() . $username;
return Cache::delete($key);
}
}

90
server/app/api/controller/AuthTokenController.php
View File

@@ -1,90 +0,0 @@
<?php
declare(strict_types=1);
namespace app\api\controller;
use support\Request;
use support\Response;
use Tinywan\Jwt\JwtToken;
use plugin\saiadmin\basic\OpenController;
use app\api\util\ReturnCode;
use app\api\cache\AuthTokenCache;
/**
* API 鉴权 Token 接口
* 仅支持 GET必传参数signature、secret、device、time签名规则signature = md5(device . secret . time)
* 后续所有 /api 接口调用均需在请求头携带此接口返回的 auth-token
*/
class AuthTokenController extends OpenController
{
/**
* 获取 auth-token
* GET /api/authToken
* 参数signature签名、secret密钥、device设备标识、time时间戳四者均为必传且非空
*/
public function index(Request $request): Response
{
if (strtoupper($request->method()) !== 'GET') {
return $this->fail('仅支持 GET 请求', ReturnCode::PARAMS_ERROR);
}
$param = $request->get();
$signature = trim((string) ($param['signature'] ?? ''));
$secret = trim((string) ($param['secret'] ?? ''));
$device = trim((string) ($param['device'] ?? ''));
$time = trim((string) ($param['time'] ?? ''));
if ($signature === '' || $secret === '' || $device === '' || $time === '') {
return $this->fail('signature、secret、device、time 均为必传且不能为空', ReturnCode::PARAMS_ERROR);
}
$serverSecret = trim((string) config('api.auth_token_secret', ''));
if ($serverSecret === '') {
return $this->fail('服务未配置 API_AUTH_TOKEN_SECRET', ReturnCode::PARAMS_ERROR);
}
if ($secret !== $serverSecret) {
return $this->fail('密钥错误', ReturnCode::FORBIDDEN);
}
$tolerance = (int) config('api.auth_token_time_tolerance', 300);
$now = time();
$ts = is_numeric($time) ? (int) $time : 0;
if ($ts <= 0 || abs($now - $ts) > $tolerance) {
return $this->fail('时间戳无效或已过期', ReturnCode::PARAMS_ERROR);
}
$sign = $this->getAuthToken($device, $serverSecret, $time);
if ($sign !== $signature) {
return $this->fail('签名验证失败', ReturnCode::FORBIDDEN);
}
$exp = (int) config('api.auth_token_exp', 86400);
$tokenResult = JwtToken::generateToken([
'id' => 0,
'plat' => 'api',
'device' => $device,
'access_exp' => $exp,
]);
// 同一设备只保留最新 token覆盖后旧 token 失效
AuthTokenCache::setDeviceToken($device, $tokenResult['access_token'], $exp);
return $this->success([
'auth-token' => $tokenResult['access_token'],
'expires_in' => $tokenResult['expires_in'],
]);
}
/**
* 生成签名signature = md5(device . secret . time)
*
* @param string $device 设备标识
* @param string $secret 密钥(来自配置)
* @param string $time 时间戳
* @return string
*/
private function getAuthToken(string $device, string $secret, string $time): string
{
return md5($device . $secret . $time);
}
}

11
server/app/api/controller/GameController.php
View File

@@ -7,7 +7,6 @@ use support\Request;
use support\Response;
use app\api\logic\GameLogic;
use app\api\logic\PlayStartLogic;
use app\api\logic\UserLogic;
use app\api\util\ReturnCode;
use app\dice\model\play_record\DicePlayRecord;
use app\dice\model\player\DicePlayer;
@@ -23,12 +22,12 @@ class GameController extends OpenController
/**
* 购买抽奖券
* POST /api/game/buyLotteryTickets
* header: auth-token, user-token由 CheckUserTokenMiddleware 注入 request->user_id
* header: tokenTokenMiddleware 注入 request->player_id
* body: count = 1 | 5 | 101次/100coin, 5次/500coin, 10次/1000coin
*/
public function buyLotteryTickets(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$userId = (int) ($request->player_id ?? 0);
$count = (int) $request->post('count', 0);
if (!in_array($count, [1, 5, 10], true)) {
return $this->fail('购买抽奖券错误', ReturnCode::PARAMS_ERROR);
@@ -52,7 +51,7 @@ class GameController extends OpenController
/**
* 获取彩金池(中奖配置表)
* GET /api/game/lotteryPool
* header: auth-token
* header: token
* 返回 DiceRewardConfig 列表(彩金池/中奖配置)
*/
public function lotteryPool(Request $request): Response
@@ -64,12 +63,12 @@ class GameController extends OpenController
/**
* 开始游戏(抽奖一局)
* POST /api/game/playStart
* header: auth-token, user-token由 CheckUserTokenMiddleware 注入 request->user_id
* header: tokenTokenMiddleware 注入 request->player_id
* body: rediction 必传0=无 1=中奖
*/
public function playStart(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$userId = (int) ($request->player_id ?? 0);
$rediction = $request->post('rediction');
if ($rediction === '' || $rediction === null) {
return $this->fail('请传递 rediction 参数', ReturnCode::PARAMS_ERROR);

105
server/app/api/controller/UserController.php
View File

@@ -13,77 +13,86 @@ use app\dice\model\player_wallet_record\DicePlayerWalletRecord;
use plugin\saiadmin\basic\OpenController;
/**
* API 用户登录/注册
* 需先携带 auth-token登录/注册成功后返回 user-token 与用户信息,用户信息已写入 Rediskey=base64(user_id)value=加密)
* API 用户登录
* 登录接口 /api/user/Login 无需 token其余接口需在请求头携带 tokenbase64(username.-.time)),由 TokenMiddleware 鉴权并注入 request->player_id / request->player
*/
class UserController extends OpenController
{
/**
* 登录
* POST /api/user/login
* body: phone (+60), password
* 登录JSON body
* POST /api/user/Login
* body: { "username": "+60123456789", "password": "123456", "lang": "chs", "coin": 2000.00, "time": 1772692089 }
* 根据 username 查找或创建 DicePlayer按 coin 增减平台币,会话写 Redis返回带 token 的连接地址
*/
public function login(Request $request): Response
public function Login(Request $request): Response
{
$phone = $request->post('phone', '');
$password = $request->post('password', '');
if ($phone === '' || $password === '') {
return $this->fail('请填写手机号和密码', ReturnCode::PARAMS_ERROR);
$body = $request->rawBody();
if ($body === '' || $body === null) {
return $this->fail('请提交 JSON body', ReturnCode::PARAMS_ERROR);
}
$logic = new UserLogic();
$data = $logic->login($phone, $password);
return $this->success([
'user' => $data['user'],
'user-token' => $data['user-token'],
'user_id' => $data['user_id'],
]);
$data = json_decode($body, true);
if (!is_array($data)) {
return $this->fail('JSON 格式错误', ReturnCode::PARAMS_ERROR);
}
$username = trim((string) ($data['username'] ?? ''));
$password = trim((string) ($data['password'] ?? ''));
$lang = trim((string) ($data['lang'] ?? 'chs'));
$coin = isset($data['coin']) ? (float) $data['coin'] : 0.0;
$time = isset($data['time']) ? (string) $data['time'] : (string) time();
if ($username === '' || $password === '') {
return $this->fail('username、password 不能为空', ReturnCode::PARAMS_ERROR);
}
/**
* 注册
* POST /api/user/register
* body: phone (+60), password, nickname(可选)
*/
public function register(Request $request): Response
{
$phone = $request->post('phone', '');
$password = $request->post('password', '');
$nickname = $request->post('nickname');
if ($phone === '' || $password === '') {
return $this->fail('请填写手机号和密码', ReturnCode::PARAMS_ERROR);
}
try {
$logic = new UserLogic();
$data = $logic->register($phone, $password, $nickname ? (string) $nickname : null);
$result = $logic->loginByUsername($username, $password, $lang, $coin, $time);
return $this->success([
'user' => $data['user'],
'user-token' => $data['user-token'],
'user_id' => $data['user_id'],
'url' => $result['url'],
'token' => $result['token'],
'lang' => $result['lang'],
'user_id' => $result['user_id'],
'user' => $result['user'],
]);
} catch (\plugin\saiadmin\exception\ApiException $e) {
return $this->fail($e->getMessage(), ReturnCode::PARAMS_ERROR);
}
}
/**
* 退出登录
* POST /api/user/logout
* header: user-token由 CheckUserTokenMiddleware 校验并注入 request->userToken
* header: tokenJWT清除该 username 的 Redis 会话
*/
public function logout(Request $request): Response
{
$token = $request->userToken ?? UserLogic::getTokenFromRequest($request);
if ($token === '' || !UserLogic::logout($token)) {
return $this->fail('退出失败或 token 已失效', ReturnCode::TOKEN_INVALID);
$token = $request->header('token');
if ($token === null || $token === '') {
$auth = $request->header('authorization');
if ($auth && stripos($auth, 'Bearer ') === 0) {
$token = trim(substr($auth, 7));
}
}
$token = $token !== null ? trim((string) $token) : '';
if ($token === '') {
return $this->fail('请携带 token', ReturnCode::UNAUTHORIZED);
}
$username = UserLogic::getUsernameFromJwtPayload($token);
if ($username === null || $username === '') {
return $this->fail('token 无效', ReturnCode::TOKEN_INVALID);
}
UserCache::deleteSessionByUsername($username);
UserCache::deletePlayerByUsername($username);
return $this->success('已退出登录');
}
/**
* 获取当前用户信息
* GET /api/user/info
* header: user-tokenCheckUserTokenMiddleware 校验并注入 request->user_id
* 返回id, username, phone, uid, name, coin, total_ticket_count
* header: token由 TokenMiddleware 校验并注入 request->player_id
*/
public function info(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$userId = (int) ($request->player_id ?? 0);
$user = UserLogic::getCachedUser($userId);
if (empty($user)) {
return $this->fail('用户不存在', ReturnCode::NOT_FOUND);
@@ -99,13 +108,13 @@ class UserController extends OpenController
}
/**
* 获取钱包余额(优先读缓存,缓存未命中时从库拉取并回写缓存
* 获取钱包余额(优先读缓存)
* GET /api/user/balance
* header: user-tokenCheckUserTokenMiddleware 校验并注入 request->user_id
* header: token由 TokenMiddleware 注入 request->player_id
*/
public function balance(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$userId = (int) ($request->player_id ?? 0);
$user = UserLogic::getCachedUser($userId);
if (empty($user)) {
return $this->fail('用户不存在', ReturnCode::NOT_FOUND);
@@ -124,12 +133,12 @@ class UserController extends OpenController
/**
* 玩家钱包流水
* GET /api/user/walletRecord
* header: user-tokenCheckUserTokenMiddleware 校验并注入 request->user_id
* header: token由 TokenMiddleware 注入 request->player_id
* 参数: page 页码默认1, limit 每页条数默认10, create_time_min/create_time_max 创建时间范围(可选)
*/
public function walletRecord(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$userId = (int) ($request->player_id ?? 0);
$page = (int) $request->post('page', 1);
$limit = (int) $request->post('limit', 10);
if ($page < 1) {
@@ -166,12 +175,12 @@ class UserController extends OpenController
/**
* 游玩记录
* GET /api/user/playGameRecord
* header: user-tokenCheckUserTokenMiddleware 校验并注入 request->user_id
* header: token由 TokenMiddleware 注入 request->player_id
* 参数: page 页码默认1, limit 每页条数默认10, create_time_min/create_time_max 创建时间范围(可选)
*/
public function playGameRecord(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$userId = (int) ($request->player_id ?? 0);
$page = (int) $request->post('page', 1);
$limit = (int) $request->post('limit', 10);
if ($page < 1) {

46
server/app/api/logic/GameLogic.php
View File

@@ -27,7 +27,8 @@ class GameLogic
/**
* 购买抽奖券
* @param int $playerId 玩家ID即 user_id
* 先更新 Redis 玩家信息(后续游玩从 Redis 读),再用事务更新数据库;事务失败则回滚 Redis
* @param int $playerId 玩家ID
* @param int $count 购买档位1 / 5 / 10
* @return array 更新后的 coin, total_ticket_count, paid_ticket_count, free_ticket_count
*/
@@ -55,7 +56,20 @@ class GameLogic
$totalBefore = (int) ($player->total_ticket_count ?? 0);
$paidBefore = (int) ($player->paid_ticket_count ?? 0);
$freeBefore = (int) ($player->free_ticket_count ?? 0);
$totalAfter = $totalBefore + $addTotal;
$paidAfter = $paidBefore + $addPaid;
$freeAfter = $freeBefore + $addFree;
$oldUserArr = $player->hidden(['password'])->toArray();
$updatedUserArr = $oldUserArr;
$updatedUserArr['coin'] = $coinAfter;
$updatedUserArr['total_ticket_count'] = $totalAfter;
$updatedUserArr['paid_ticket_count'] = $paidAfter;
$updatedUserArr['free_ticket_count'] = $freeAfter;
UserCache::setUser($playerId, $updatedUserArr);
try {
Db::transaction(function () use (
$player,
$playerId,
@@ -65,17 +79,16 @@ class GameLogic
$addTotal,
$addPaid,
$addFree,
$totalBefore,
$paidBefore,
$freeBefore
$totalAfter,
$paidAfter,
$freeAfter
) {
$player->coin = $coinAfter;
$player->total_ticket_count = $totalBefore + $addTotal;
$player->paid_ticket_count = $paidBefore + $addPaid;
$player->free_ticket_count = $freeBefore + $addFree;
$player->total_ticket_count = $totalAfter;
$player->paid_ticket_count = $paidAfter;
$player->free_ticket_count = $freeAfter;
$player->save();
// 钱包流水记录
DicePlayerWalletRecord::create([
'player_id' => $playerId,
'coin' => -$cost,
@@ -88,7 +101,6 @@ class GameLogic
'remark' => "购买抽奖券{$addTotal}次(付费{$addPaid}次+赠送{$addFree}次)",
]);
// 抽奖券获取记录
DicePlayerTicketRecord::create([
'player_id' => $playerId,
'use_coins' => $cost,
@@ -98,16 +110,16 @@ class GameLogic
'remark' => "购买抽奖券{$addTotal}次(付费{$addPaid}次+赠送{$addFree}次)",
]);
});
$updated = DicePlayer::find($playerId);
$userArr = $updated->hidden(['password'])->toArray();
UserCache::setUser($playerId, $userArr);
} catch (\Throwable $e) {
UserCache::setUser($playerId, $oldUserArr);
throw $e;
}
return [
'coin' => (float) $updated->coin,
'total_ticket_count' => (int) $updated->total_ticket_count,
'paid_ticket_count' => (int) $updated->paid_ticket_count,
'free_ticket_count' => (int) $updated->free_ticket_count,
'coin' => (float) $coinAfter,
'total_ticket_count' => (int) $totalAfter,
'paid_ticket_count' => (int) $paidAfter,
'free_ticket_count' => (int) $freeAfter,
];
}
}

211
server/app/api/logic/UserLogic.php
View File

@@ -33,78 +33,6 @@ class UserLogic
}
}
/**
* 登录:手机号 + 密码,返回用户信息与 user-token并写入 Redis 缓存
*/
public function login(string $phone, string $password): array
{
self::validatePhone($phone);
$user = DicePlayer::where('phone', $phone)->find();
if (!$user) {
throw new ApiException('手机号未注册');
}
if ((int) $user->status !== self::STATUS_NORMAL) {
throw new ApiException('账号已被禁用');
}
$hashed = $this->hashPassword($password);
if ($user->password !== $hashed) {
throw new ApiException('密码错误');
}
$userArr = $user->hidden(['password'])->toArray();
UserCache::setUser((int) $user->id, $userArr);
$userToken = $this->generateUserToken((int) $user->id);
// 同一用户只保留最新一次登录的 token旧 token 自动失效
UserCache::setCurrentUserToken((int) $user->id, $userToken);
return [
'user' => $userArr,
'user-token' => $userToken,
'user_id' => (int) $user->id,
];
}
/**
* 注册:手机号 + 密码(+60创建玩家并返回用户信息与 user-token写入 Redis
*/
public function register(string $phone, string $password, ?string $nickname = null): array
{
self::validatePhone($phone);
if (strlen($password) < 6) {
throw new ApiException('密码至少 6 位');
}
$exists = DicePlayer::where('phone', $phone)->find();
if ($exists) {
throw new ApiException('该手机号已注册');
}
$user = new DicePlayer();
$user->phone = $phone;
$user->username = $phone;
if ($nickname !== null && $nickname !== '') {
$user->name = $nickname;
}
// name 未传时由 DicePlayer::onBeforeInsert 默认设为 uid
$user->password = $this->hashPassword($password);
$user->status = self::STATUS_NORMAL;
$user->save();
$userArr = $user->hidden(['password'])->toArray();
UserCache::setUser((int) $user->id, $userArr);
$userToken = $this->generateUserToken((int) $user->id);
// 同一用户只保留最新一次登录的 token旧 token 自动失效
UserCache::setCurrentUserToken((int) $user->id, $userToken);
return [
'user' => $userArr,
'user-token' => $userToken,
'user_id' => (int) $user->id,
];
}
/**
* 与 DicePlayerLogic 一致的密码加密md5(salt . password)
*/
@@ -114,97 +42,84 @@ class UserLogic
}
/**
* 生成 user-tokenJWTplat=api_userid=user_id
* 登录JSONusername, password, lang, coin, time
* 存在则校验密码并更新 coin累加不存在则创建用户并写入 coin。
* 将会话写入 Redis返回 token 与前端连接地址。
*/
private function generateUserToken(int $userId): string
public function loginByUsername(string $username, string $password, string $lang, float $coin, string $time): array
{
$exp = config('api.user_token_exp', 604800);
$result = JwtToken::generateToken([
'id' => $userId,
'plat' => 'api_user',
$username = trim($username);
if ($username === '') {
throw new ApiException('username 不能为空');
}
$player = DicePlayer::where('username', $username)->find();
if ($player) {
$hashed = $this->hashPassword($password);
if ($player->password !== $hashed) {
throw new ApiException('密码错误');
}
$currentCoin = (float) $player->coin;
$player->coin = $currentCoin + $coin;
$player->save();
} else {
$player = new DicePlayer();
$player->username = $username;
$player->phone = $username;
$player->password = $this->hashPassword($password);
$player->status = self::STATUS_NORMAL;
$player->coin = $coin;
$player->save();
}
$exp = (int) config('api.session_expire', 604800);
$tokenResult = JwtToken::generateToken([
'id' => (int) $player->id,
'username' => $username,
'plat' => 'api_login',
'access_exp' => $exp,
]);
return $result['access_token'];
$token = $tokenResult['access_token'];
UserCache::setSessionByUsername($username, $token);
$userArr = $player->hidden(['password'])->toArray();
UserCache::setUser((int) $player->id, $userArr);
UserCache::setPlayerByUsername($username, $userArr);
$baseUrl = rtrim(config('api.login_url_base', 'https://127.0.0.1:6777'), '/');
$lang = in_array($lang, ['chs', 'en'], true) ? $lang : 'chs';
$tokenInUrl = str_replace('%3D', '=', urlencode($token));
$url = $baseUrl . '?token=' . $tokenInUrl . '&lang=' . $lang;
return [
'url' => $url,
'token' => $token,
'lang' => $lang,
'user_id' => (int) $player->id,
'user' => $userArr,
];
}
/**
* 从请求中解析 user-tokenheader: user-token 或 Authorization: Bearer
* @param object $request 需有 header(string $name) 方法
* 从 JWT 中解析 username仅解码 payload不校验签名与过期用于退出时清除会话
*/
public static function getTokenFromRequest(object $request): string
public static function getUsernameFromJwtPayload(string $token): ?string
{
$token = $request->header('user-token') ?? '';
if ($token !== '') {
return trim((string) $token);
}
$auth = $request->header('authorization');
if ($auth && stripos($auth, 'Bearer ') === 0) {
return trim(substr($auth, 7));
}
return '';
}
/**
* 从请求获取当前用户 ID优先 request->user_id否则从 header 的 user-token 解析
* 中间件未正确注入时仍可兜底解析
* @param object $request 需有 user_id 属性及 header() 方法
*/
public static function getUserIdFromRequest(object $request): ?int
{
$id = $request->user_id ?? null;
if ($id !== null && (int) $id > 0) {
return (int) $id;
}
$token = self::getTokenFromRequest($request);
if ($token === '') {
$parts = explode('.', $token);
if (count($parts) !== 3) {
return null;
}
return self::getUserIdFromToken($token);
}
/**
* 根据 user-token 获取 user_id不写缓存仅解析 JWT
* 若 token 已通过退出接口加入黑名单,返回 null
*/
public static function getUserIdFromToken(string $userToken): ?int
{
if (UserCache::isTokenBlacklisted($userToken)) {
$payload = base64_decode(strtr($parts[1], '-_', '+/'), true);
if ($payload === false) {
return null;
}
try {
$decoded = JwtToken::verify(1, $userToken);
$extend = $decoded['extend'] ?? [];
if (($extend['plat'] ?? '') !== 'api_user') {
$data = json_decode($payload, true);
if (!is_array($data)) {
return null;
}
$id = $extend['id'] ?? null;
if ($id === null) {
return null;
}
$userId = (int) $id;
// 同一用户只允许当前登记的 token 生效,重新登录/注册后旧 token 失效
if (!UserCache::isCurrentUserToken($userId, $userToken)) {
return null;
}
return $userId;
} catch (\Throwable $e) {
return null;
}
}
/**
* 退出登录:将当前 user-token 加入黑名单,使该 token 失效
*/
public static function logout(string $userToken): bool
{
try {
$decoded = JwtToken::verify(1, $userToken);
$exp = (int) ($decoded['exp'] ?? 0);
$ttl = $exp > time() ? $exp - time() : 86400;
return UserCache::addTokenToBlacklist($userToken, $ttl);
} catch (\Throwable $e) {
return false;
}
$extend = $data['extend'] ?? $data;
$username = $extend['username'] ?? null;
return $username !== null ? trim((string) $username) : null;
}
/**

109
server/app/api/middleware/CheckAuthTokenMiddleware.php
View File

@@ -1,109 +0,0 @@
<?php
declare(strict_types=1);
namespace app\api\middleware;
use support\Log;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;
use Tinywan\Jwt\JwtToken;
use Tinywan\Jwt\Exception\JwtTokenException;
use Tinywan\Jwt\Exception\JwtTokenExpiredException;
use app\api\util\ReturnCode;
use app\api\cache\AuthTokenCache;
use plugin\saiadmin\exception\ApiException;
/**
* 仅校验 auth-token 请求头
* 白名单路径(如 /api/authToken不校验其它接口必须携带有效 auth-token 或 Authorization: Bearer <token>,且必须通过 JWT 签名与 plat=api 校验
*/
class CheckAuthTokenMiddleware implements MiddlewareInterface
{
/** 不需要 auth-token 的路径 */
private const WHITELIST = [
'api/authToken',
];
/** JWT 至少为 xxx.yyy.zzz 三段 */
private const JWT_PARTS_MIN = 3;
public function process(Request $request, callable $handler): Response
{
$path = trim((string) $request->path(), '/');
if ($this->isWhitelist($path)) {
return $handler($request);
}
$token = $this->getAuthTokenFromRequest($request);
if ($token === '') {
throw new ApiException('请携带 auth-token', ReturnCode::UNAUTHORIZED);
}
if (!$this->looksLikeJwt($token)) {
throw new ApiException('auth-token 格式无效', ReturnCode::TOKEN_INVALID);
}
$decoded = $this->verifyAuthToken($token);
$extend = $decoded['extend'] ?? [];
if (($extend['plat'] ?? '') !== 'api') {
throw new ApiException('auth-token 无效(非 API 凭证)', ReturnCode::TOKEN_INVALID);
}
// 同一设备只允许一个 auth-token 生效,非当前 token 视为已失效
$device = (string) ($extend['device'] ?? '');
if ($device !== '' && !AuthTokenCache::isCurrentToken($device, $token)) {
throw new ApiException('auth-token 已失效(该设备已签发新凭证,请使用新 auth-token', ReturnCode::TOKEN_INVALID);
}
return $handler($request);
}
private function getAuthTokenFromRequest(Request $request): string
{
$token = $request->header('auth-token');
if ($token !== null && $token !== '') {
return trim((string) $token);
}
$auth = $request->header('authorization');
if ($auth && stripos($auth, 'Bearer ') === 0) {
return trim(substr($auth, 7));
}
return '';
}
private function looksLikeJwt(string $token): bool
{
$parts = explode('.', $token);
return count($parts) >= self::JWT_PARTS_MIN;
}
/**
* 校验 auth-token 有效性签名、过期、iss 等),无效或过期必抛 ApiException
*/
private function verifyAuthToken(string $token): array
{
try {
return JwtToken::verify(1, $token);
} catch (JwtTokenExpiredException $e) {
Log::error('auth-token 已过期, 报错信息' . $e);
throw new ApiException('auth-token 已过期', ReturnCode::TOKEN_INVALID);
} catch (JwtTokenException $e) {
Log::error('auth-token 无效, 报错信息' . $e);
throw new ApiException($e->getMessage() ?: 'auth-token 无效', ReturnCode::TOKEN_INVALID);
} catch (\Throwable $e) {
Log::error('auth-token 校验失败, 报错信息' . $e);
throw new ApiException('auth-token 校验失败', ReturnCode::TOKEN_INVALID);
}
}
private function isWhitelist(string $path): bool
{
foreach (self::WHITELIST as $prefix) {
if ($path === $prefix || str_starts_with($path, $prefix . '/')) {
return true;
}
}
return false;
}
}

42
server/app/api/middleware/CheckUserTokenMiddleware.php
View File

@@ -1,42 +0,0 @@
<?php
declare(strict_types=1);
namespace app\api\middleware;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;
use app\api\logic\UserLogic;
use app\api\util\ReturnCode;
use plugin\saiadmin\exception\ApiException;
/**
* 校验 user-token 请求头
* 从 header 读取 user-token 或 Authorization: Bearer <user-token>,校验通过后将 user_id、userToken 写入 request 供控制器使用
*/
class CheckUserTokenMiddleware implements MiddlewareInterface
{
public function process(Request $request, callable $handler): Response
{
$token = $request->header('user-token');
if (empty($token)) {
$auth = $request->header('authorization');
if ($auth && stripos($auth, 'Bearer ') === 0) {
$token = trim(substr($auth, 7));
}
}
if (empty($token)) {
throw new ApiException('请携带 user-token', ReturnCode::UNAUTHORIZED);
}
$userId = UserLogic::getUserIdFromToken($token);
if ($userId === null) {
throw new ApiException('user-token 无效或已过期', ReturnCode::TOKEN_INVALID);
}
$request->user_id = $userId;
$request->userToken = $token;
return $handler($request);
}
}

87
server/app/api/middleware/TokenMiddleware.php Normal file
View File

@@ -0,0 +1,87 @@
<?php
declare(strict_types=1);
namespace app\api\middleware;
use app\api\cache\UserCache;
use app\api\util\ReturnCode;
use app\dice\model\player\DicePlayer;
use plugin\saiadmin\exception\ApiException;
use Tinywan\Jwt\JwtToken;
use Tinywan\Jwt\Exception\JwtTokenException;
use Tinywan\Jwt\Exception\JwtTokenExpiredException;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;
/**
* 校验 token 请求头JWT
* 解码 JWT 取 username与 Redis 中当前有效 token 比对;不一致则旧 token 已失效,请重新登录
* 通过后注入 request->player_id、request->player
*/
class TokenMiddleware implements MiddlewareInterface
{
public function process(Request $request, callable $handler): Response
{
$token = $request->header('token');
if ($token === null || $token === '') {
$auth = $request->header('authorization');
if ($auth && stripos($auth, 'Bearer ') === 0) {
$token = trim(substr($auth, 7));
}
}
$token = $token !== null ? trim((string) $token) : '';
if ($token === '') {
throw new ApiException('请携带 token', ReturnCode::UNAUTHORIZED);
}
try {
$decoded = JwtToken::verify(1, $token);
} catch (JwtTokenExpiredException $e) {
throw new ApiException('token 已过期,请重新登录', ReturnCode::TOKEN_INVALID);
} catch (JwtTokenException $e) {
throw new ApiException('token 无效', ReturnCode::TOKEN_INVALID);
} catch (\Throwable $e) {
throw new ApiException('token 格式无效', ReturnCode::TOKEN_INVALID);
}
$extend = $decoded['extend'] ?? [];
if ((string) ($extend['plat'] ?? '') !== 'api_login') {
throw new ApiException('token 无效', ReturnCode::TOKEN_INVALID);
}
$username = trim((string) ($extend['username'] ?? ''));
if ($username === '') {
throw new ApiException('token 无效', ReturnCode::TOKEN_INVALID);
}
$currentToken = UserCache::getSessionTokenByUsername($username);
if ($currentToken === null || $currentToken === '') {
$player = DicePlayer::where('username', $username)->find();
if (!$player) {
throw new ApiException('请注册', ReturnCode::TOKEN_INVALID);
}
throw new ApiException('请重新登录', ReturnCode::TOKEN_INVALID);
}
if ($currentToken !== $token) {
throw new ApiException('请重新登录(当前账号已在其他处登录)', ReturnCode::TOKEN_INVALID);
}
// 优先从 Redis 缓存取玩家,避免每次请求都查库
$player = null;
$cached = UserCache::getPlayerByUsername($username);
if ($cached !== null && isset($cached['id'])) {
$player = (new DicePlayer())->data($cached, true);
}
if ($player === null) {
$player = DicePlayer::where('username', $username)->find();
if (!$player) {
UserCache::deleteSessionByUsername($username);
throw new ApiException('请重新登录', ReturnCode::TOKEN_INVALID);
}
UserCache::setPlayerByUsername($username, $player->hidden(['password'])->toArray());
}
$request->player_id = (int) $player->id;
$request->player = $player;
return $handler($request);
}
}

5
server/app/dice/model/player/DicePlayer.php
View File

@@ -49,6 +49,11 @@ class DicePlayer extends BaseModel
*/
protected $table = 'dice_player';
/** 创建时间字段dice_player 表为 created_at */
protected $createTime = 'created_at';
/** 更新时间字段dice_player 表为 updated_at */
protected $updateTime = 'updated_at';
/**
* 新增前:生成唯一 uid昵称 name 默认使用 uid
* 用 try-catch 避免表尚未含 uid 时 getAttr/getData 抛 InvalidArgumentException

9
server/config/api.php
View File

@@ -3,6 +3,12 @@
* API 鉴权与用户相关配置
*/
return [
// 登录成功返回的连接地址前缀,如 https://127.0.0.1:6777
'login_url_base' => env('API_LOGIN_URL_BASE', 'https://127.0.0.1:6777'),
// 按 username 存储的登录会话 Redis key 前缀,用于 token 中间件校验
'session_username_prefix' => env('API_SESSION_USERNAME_PREFIX', 'api:user:session:'),
// 登录会话过期时间(秒),默认 7 天
'session_expire' => (int) env('API_SESSION_EXPIRE', 604800),
// auth-token 签名密钥(与客户端约定,用于 /api/authToken 的 signature 校验,必填)
'auth_token_secret' => env('API_AUTH_TOKEN_SECRET', ''),
// auth-token 时间戳允许误差(秒),防重放,默认 300 秒
@@ -21,4 +27,7 @@ return [
'user_cache_prefix' => env('API_USER_CACHE_PREFIX', 'api:user:'),
// 用户信息加密密钥(用于 Redis 中 value 的加密),建议 32 位
'user_encrypt_key' => env('API_USER_ENCRYPT_KEY', 'dafuweng_api_user_cache_key_32'),
// 玩家信息按 username 缓存Token 中间件用0 表示不缓存
'player_cache_ttl' => (int) env('API_PLAYER_CACHE_TTL', 300),
'player_cache_prefix' => env('API_PLAYER_CACHE_PREFIX', 'api:player:'),
];

3
server/config/app.php
View File

@@ -15,7 +15,8 @@
use support\Request;
return [
'debug' => true,
// 生产环境务必设为 false减少 I/O 与堆栈输出,提升接口响应
'debug' => env('APP_DEBUG', false),
'error_reporting' => E_ALL,
'default_timezone' => 'Asia/Shanghai',
'request_class' => Request::class,

8
server/config/database.php
View File

@@ -18,10 +18,10 @@ return [
PDO::ATTR_EMULATE_PREPARES => false, // Must be false for Swoole and Swow drivers.
],
'pool' => [
'max_connections' => 5,
'min_connections' => 1,
'wait_timeout' => 3,
'idle_timeout' => 60,
'max_connections' => (int) env('DB_POOL_MAX', 20),
'min_connections' => (int) env('DB_POOL_MIN', 2),
'wait_timeout' => (float) env('DB_POOL_WAIT_TIMEOUT', 1.0),
'idle_timeout' => (int) env('DB_POOL_IDLE_TIMEOUT', 60),
'heartbeat_interval' => 50,
],
],

2
server/config/log.php
View File

@@ -20,7 +20,7 @@ return [
'constructor' => [
runtime_path() . '/logs/webman.log',
7, //$maxFiles
Monolog\Logger::DEBUG,
env('LOG_LEVEL', Monolog\Logger::INFO),
],
'formatter' => [
'class' => Monolog\Formatter\LineFormatter::class,

6
server/config/redis.php
View File

@@ -7,9 +7,9 @@ return [
'port' => env('REDIS_PORT', 6379),
'database' => env('REDIS_DB', 0),
'pool' => [
'max_connections' => 5,
'min_connections' => 1,
'wait_timeout' => 3,
'max_connections' => (int) env('REDIS_POOL_MAX', 20),
'min_connections' => (int) env('REDIS_POOL_MIN', 2),
'wait_timeout' => (float) env('REDIS_POOL_WAIT_TIMEOUT', 1.0),
'idle_timeout' => 60,
'heartbeat_interval' => 50,
],

18
server/config/route.php
View File

@@ -13,19 +13,14 @@
*/
use Webman\Route;
use app\api\middleware\CheckAuthTokenMiddleware;
use app\api\middleware\CheckUserTokenMiddleware;
use app\api\middleware\TokenMiddleware;
// 仅需 auth-token 的路由组authToken 接口在中间件内白名单跳过)
// 登录接口:无需 token提交 JSON 获取带 token 的连接地址
Route::group('/api', function () {
Route::any('/authToken', [app\api\controller\AuthTokenController::class, 'index']);
Route::any('/user/login', [app\api\controller\UserController::class, 'login']);
Route::any('/user/register', [app\api\controller\UserController::class, 'register']);
})->middleware([
CheckAuthTokenMiddleware::class,
]);
Route::any('/user/Login', [app\api\controller\UserController::class, 'Login']);
})->middleware([]);
// 需 auth-token + user-token 的路由组
// 其余接口:仅经 token 中间件鉴权header: tokenbase64(username.-.time)
Route::group('/api', function () {
Route::any('/user/logout', [app\api\controller\UserController::class, 'logout']);
Route::any('/user/info', [app\api\controller\UserController::class, 'info']);
@@ -36,6 +31,5 @@ Route::group('/api', function () {
Route::any('/game/lotteryPool', [app\api\controller\GameController::class, 'lotteryPool']);
Route::any('/game/playStart', [app\api\controller\GameController::class, 'playStart']);
})->middleware([
CheckAuthTokenMiddleware::class,
CheckUserTokenMiddleware::class,
TokenMiddleware::class,
]);

12
server/config/think-cache.php
View File

@@ -24,13 +24,13 @@ return [
'tag_expire' => 86400 * 30,
// 缓存标签前缀
'tag_prefix' => 'tag:',
// 连接池配置
// 连接池配置(与 redis.php 对齐,生产可调大以减少等待)
'pool' => [
'max_connections' => 5, // 最大连接数
'min_connections' => 1, // 最小连接数
'wait_timeout' => 3, // 从连接池获取连接等待超时时间
'idle_timeout' => 60, // 连接最大空闲时间,超过该时间会被回收
'heartbeat_interval' => 50, // 心跳检测间隔需要小于60秒
'max_connections' => (int) env('REDIS_POOL_MAX', 20),
'min_connections' => (int) env('REDIS_POOL_MIN', 2),
'wait_timeout' => (float) env('REDIS_POOL_WAIT_TIMEOUT', 1.0),
'idle_timeout' => 60,
'heartbeat_interval' => 50,
],
],
// 文件缓存

15
server/config/think-orm.php
View File

@@ -18,8 +18,7 @@ return [
'hostport' => env('DB_PORT', 3306),
// 数据库连接参数
'params' => [
// 连接超时3秒
\PDO::ATTR_TIMEOUT => 3,
\PDO::ATTR_TIMEOUT => (int) env('DB_CONNECT_TIMEOUT', 2),
],
// 数据库编码默认采用utf8
'charset' => 'utf8',
@@ -29,13 +28,13 @@ return [
'break_reconnect' => true,
// 自定义分页类
'bootstrap' => '',
// 连接池配置
// 连接池配置(与 database.php 对齐)
'pool' => [
'max_connections' => 5, // 最大连接数
'min_connections' => 1, // 最小连接数
'wait_timeout' => 3, // 从连接池获取连接等待超时时间
'idle_timeout' => 60, // 连接最大空闲时间,超过该时间会被回收
'heartbeat_interval' => 50, // 心跳检测间隔需要小于60秒
'max_connections' => (int) env('DB_POOL_MAX', 20),
'min_connections' => (int) env('DB_POOL_MIN', 2),
'wait_timeout' => (float) env('DB_POOL_WAIT_TIMEOUT', 1.0),
'idle_timeout' => (int) env('DB_POOL_IDLE_TIMEOUT', 60),
'heartbeat_interval' => 50,
],
],
],

38
server/plugin/saiadmin/basic/think/BaseModel.php
View File

@@ -35,6 +35,12 @@ class BaseModel extends Model implements ModelInterface
*/
protected $updateTime = 'update_time';
/**
* 自动写入时间戳(创建时写 create_time更新时写 update_time
* @var bool
*/
protected $autoWriteTimestamp = true;
/**
* 隐藏字段
* @var array
@@ -94,24 +100,48 @@ class BaseModel extends Model implements ModelInterface
}
/**
* 新增前事件
* 新增前事件:自动写入 create_time有后台登录信息时写入 created_by
* @param Model $model
* @return void
*/
public static function onBeforeInsert($model): void
{
$createTime = $model->createTime ?? 'create_time';
if ($createTime && !$model->getData($createTime)) {
$model->set($createTime, date('Y-m-d H:i:s'));
}
if (function_exists('getCurrentInfo')) {
$info = getCurrentInfo();
$info && $model->setAttr('created_by', $info['id']);
if (!empty($info['id'])) {
try {
$model->setAttr('created_by', $info['id']);
} catch (\Throwable $e) {
}
}
}
}
/**
* 写入前事件
* 写入前事件:更新时自动写入 update_time有后台登录信息时写入 updated_by
* @param Model $model
* @return void
*/
public static function onBeforeWrite($model): void
{
if ($model->isExists()) {
$updateTime = $model->updateTime ?? 'update_time';
if ($updateTime) {
$model->set($updateTime, date('Y-m-d H:i:s'));
}
}
if (function_exists('getCurrentInfo')) {
$info = getCurrentInfo();
$info && $model->setAttr('updated_by', $info['id']);
if (!empty($info['id'])) {
try {
$model->setAttr('updated_by', $info['id']);
} catch (\Throwable $e) {
}
}
}
}
}

3
server/plugin/saiadmin/config/middleware.php
View File

@@ -4,8 +4,9 @@ use plugin\saiadmin\app\middleware\SystemLog;
use plugin\saiadmin\app\middleware\CheckLogin;
use plugin\saiadmin\app\middleware\CheckAuth;
// 仅对 /core 后台路由生效,避免 /api 请求经过登录/权限/操作日志中间件,提升接口响应
return [
'' => [
'core' => [
CheckLogin::class,
CheckAuth::class,
SystemLog::class,

8
server/support/Request.php
View File

@@ -20,11 +20,11 @@ namespace support;
*/
class Request extends \Webman\Http\Request
{
/** 由 CheckUserTokenMiddleware 注入:当前用户 ID */
public ?int $user_id = null;
/** 由 TokenMiddleware 注入:当前玩家 IDDicePlayer.id */
public ?int $player_id = null;
/** 由 CheckUserTokenMiddleware 注入:当前 user-token 原始字符串 */
public ?string $userToken = null;
/** 由 TokenMiddleware 注入:当前玩家模型实例 */
public $player = null;
/**
* 获取参数增强方法