mojiahui/dafuweng-saiadmin6.x
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mojiahui:master
Branches Tags
mojiahui:master mojiahui:master-v3 mojiahui:master-v2
...
compare: mojiahui:8cd7de9f1b78c5901fa66fcb90bc955f7e8b0ae4
Branches Tags
mojiahui:master-v3 mojiahui:master-v2 mojiahui:master

16 Commits
master ... 8cd7de9f1b

Author SHA1 Message Date
zhenhui
8cd7de9f1b 优化设计中奖T5获取抽奖券逻辑 2026-03-06 16:15:56 +08:00
zhenhui
27f95a303a 从新设计抽奖逻辑 2026-03-06 16:02:17 +08:00
zhenhui
931af70c36 优化-实例化奖励列表到缓存中 2026-03-06 14:16:01 +08:00
zhenhui
f7d9b18f02 环境文件中配置是否开启生产环境APP_DEBUG 2026-03-06 13:41:13 +08:00
zhenhui
c1b4790f04 优化所有接口使用form-data类型 2026-03-06 12:29:40 +08:00
zhenhui
943d8f7b5f 修复优化后台报错 2026-03-06 11:34:36 +08:00
zhenhui
01f71a4871 优化/api/game/playStart接口 2026-03-06 11:14:08 +08:00
zhenhui
02549f4feb 优化/api/game/playStart接口 2026-03-06 10:54:58 +08:00
zhenhui
7a4d89d216 优化/api/game/playStart接口 2026-03-06 10:42:03 +08:00
zhenhui
cfe026b5eb 优化/api/game/playStart接口 2026-03-06 10:37:58 +08:00
zhenhui
768cf5137c 优化访问接口报错Server internal error 2026-03-06 10:33:44 +08:00
zhenhui
7e8867ed12 [色子游戏]玩家钱包流水记录-优化抽奖逻辑根据结果推断起始位置 2026-03-06 10:33:20 +08:00
zhenhui
005f261e03 优化性能 2026-03-05 17:20:44 +08:00
zhenhui
effdaaa38b 优化 2026-03-05 16:53:08 +08:00
zhenhui
aef404548d 优化 2026-03-05 16:50:52 +08:00
zhenhui
39955a17a8 优化登录接口以及中间件 2026-03-05 16:20:18 +08:00
30 changed files with 838 additions and 693 deletions
Expand all files Collapse all files

15
server/.env.example
View File

@@ -18,17 +18,20 @@ REDIS_DB = 0
# API 鉴权与用户(可选,不填则用默认值)
# authToken 签名密钥(必填,与客户端约定,用于 signature 校验)
API_AUTH_TOKEN_SECRET = xF75oK91TQj13s0UmNIr1NBWMWGfflNO
API_AUTH_TOKEN_SECRET = xF75oK91TQj13s0UmNIr1NBWMWGfflNO
# authToken 时间戳允许误差秒数,防重放,默认 300
API_AUTH_TOKEN_TIME_TOLERANCE = 300
API_AUTH_TOKEN_EXP = 86400
API_AUTH_TOKEN_TIME_TOLERANCE = 300
API_AUTH_TOKEN_EXP = 86400
# API_USER_TOKEN_EXP = 604800
API_USER_CACHE_EXPIRE = 86400
API_USER_ENCRYPT_KEY = Wj818SK8dhKBKNOY3PUTmZfhQDMCXEZi
API_USER_CACHE_EXPIRE = 86400
API_USER_ENCRYPT_KEY = Wj818SK8dhKBKNOY3PUTmZfhQDMCXEZi
# 验证码配置,支持cache|session
CAPTCHA_MODE = cache
LOGIN_CAPTCHA_ENABLE = false
#前端目录
FRONTEND_DIR = saiadmin-vue
FRONTEND_DIR = saiadmin-vue
#生成环境
APP_DEBUG = false

54
server/app/api/cache/AuthTokenCache.php vendored
View File

@@ -1,54 +0,0 @@
<?php
declare(strict_types=1);
namespace app\api\cache;
use support\think\Cache;
/**
* 按设备标识存储当前有效的 auth-token同一设备只保留最新一个旧 token 自动失效
*/
class AuthTokenCache
{
private static function prefix(): string
{
return config('api.auth_token_device_prefix', 'api:auth_token:');
}
/**
* 设置该设备当前有效的 auth-token会覆盖同设备之前的 token使旧 token 失效)
* @param string $device 设备标识,如 dice
* @param string $token 完整 auth-token 字符串
* @param int $ttl 过期时间(秒),应与 auth_token_exp 一致
*/
public static function setDeviceToken(string $device, string $token, int $ttl): bool
{
if ($device === '' || $ttl <= 0) {
return false;
}
$key = self::prefix() . $device;
return Cache::set($key, $token, $ttl);
}
/**
* 获取该设备当前有效的 auth-token不存在或已过期返回 null
*/
public static function getDeviceToken(string $device): ?string
{
if ($device === '') {
return null;
}
$key = self::prefix() . $device;
$value = Cache::get($key);
return $value !== null && $value !== '' ? (string) $value : null;
}
/**
* 校验请求中的 token 是否为该设备当前唯一有效 token
*/
public static function isCurrentToken(string $device, string $token): bool
{
$current = self::getDeviceToken($device);
return $current !== null && $current === $token;
}
}

104
server/app/api/cache/UserCache.php vendored
View File

@@ -178,4 +178,108 @@ class UserCache
$current = self::getCurrentUserToken($userId);
return $current !== null && $current === $token;
}
/** 按 username 的登录会话 key 前缀token 中间件:存在即视为已登录) */
private static function sessionUsernamePrefix(): string
{
return config('api.session_username_prefix', 'api:user:session:');
}
private static function sessionExpire(): int
{
return (int) config('api.session_expire', 604800);
}
/** 设置 username 当前有效 tokenJWT重新登录会覆盖实现单点登录 */
public static function setSessionByUsername(string $username, string $token): bool
{
if ($username === '' || $token === '') {
return false;
}
$key = self::sessionUsernamePrefix() . $username;
return Cache::set($key, $token, self::sessionExpire());
}
/** 获取 username 当前在服务端登记的有效 tokenJWT不存在返回 null */
public static function getSessionTokenByUsername(string $username): ?string
{
if ($username === '') {
return null;
}
$key = self::sessionUsernamePrefix() . $username;
$val = Cache::get($key);
return $val !== null && $val !== '' ? (string) $val : null;
}
/** 检查 username 是否已有登录会话Redis 中是否存在当前 token */
public static function hasSessionByUsername(string $username): bool
{
return self::getSessionTokenByUsername($username) !== null;
}
/** 删除 username 登录会话(退出登录时调用) */
public static function deleteSessionByUsername(string $username): bool
{
if ($username === '') {
return false;
}
$key = self::sessionUsernamePrefix() . $username;
return Cache::delete($key);
}
/** 玩家缓存 key 前缀Token 中间件用,减少重复查库) */
private static function playerCachePrefix(): string
{
return config('api.player_cache_prefix', 'api:player:');
}
private static function playerCacheTtl(): int
{
return (int) config('api.player_cache_ttl', 300);
}
/**
* 按 username 缓存玩家信息(仅 id + username供中间件注入 request->player 后使用)
* 登录/信息变更时需调用 deletePlayerByUsername 失效
*/
public static function setPlayerByUsername(string $username, array $playerRow): bool
{
if ($username === '' || empty($playerRow)) {
return false;
}
$ttl = self::playerCacheTtl();
if ($ttl <= 0) {
return true;
}
$key = self::playerCachePrefix() . $username;
return Cache::set($key, json_encode($playerRow), $ttl);
}
/** 按 username 取缓存玩家,未命中返回 null */
public static function getPlayerByUsername(string $username): ?array
{
if ($username === '') {
return null;
}
if (self::playerCacheTtl() <= 0) {
return null;
}
$key = self::playerCachePrefix() . $username;
$val = Cache::get($key);
if ($val === null || $val === '') {
return null;
}
$data = json_decode((string) $val, true);
return is_array($data) ? $data : null;
}
/** 退出登录或玩家信息变更时删除玩家缓存 */
public static function deletePlayerByUsername(string $username): bool
{
if ($username === '') {
return false;
}
$key = self::playerCachePrefix() . $username;
return Cache::delete($key);
}
}

90
server/app/api/controller/AuthTokenController.php
View File

@@ -1,90 +0,0 @@
<?php
declare(strict_types=1);
namespace app\api\controller;
use support\Request;
use support\Response;
use Tinywan\Jwt\JwtToken;
use plugin\saiadmin\basic\OpenController;
use app\api\util\ReturnCode;
use app\api\cache\AuthTokenCache;
/**
* API 鉴权 Token 接口
* 仅支持 GET必传参数signature、secret、device、time签名规则signature = md5(device . secret . time)
* 后续所有 /api 接口调用均需在请求头携带此接口返回的 auth-token
*/
class AuthTokenController extends OpenController
{
/**
* 获取 auth-token
* GET /api/authToken
* 参数signature签名、secret密钥、device设备标识、time时间戳四者均为必传且非空
*/
public function index(Request $request): Response
{
if (strtoupper($request->method()) !== 'GET') {
return $this->fail('仅支持 GET 请求', ReturnCode::PARAMS_ERROR);
}
$param = $request->get();
$signature = trim((string) ($param['signature'] ?? ''));
$secret = trim((string) ($param['secret'] ?? ''));
$device = trim((string) ($param['device'] ?? ''));
$time = trim((string) ($param['time'] ?? ''));
if ($signature === '' || $secret === '' || $device === '' || $time === '') {
return $this->fail('signature、secret、device、time 均为必传且不能为空', ReturnCode::PARAMS_ERROR);
}
$serverSecret = trim((string) config('api.auth_token_secret', ''));
if ($serverSecret === '') {
return $this->fail('服务未配置 API_AUTH_TOKEN_SECRET', ReturnCode::PARAMS_ERROR);
}
if ($secret !== $serverSecret) {
return $this->fail('密钥错误', ReturnCode::FORBIDDEN);
}
$tolerance = (int) config('api.auth_token_time_tolerance', 300);
$now = time();
$ts = is_numeric($time) ? (int) $time : 0;
if ($ts <= 0 || abs($now - $ts) > $tolerance) {
return $this->fail('时间戳无效或已过期', ReturnCode::PARAMS_ERROR);
}
$sign = $this->getAuthToken($device, $serverSecret, $time);
if ($sign !== $signature) {
return $this->fail('签名验证失败', ReturnCode::FORBIDDEN);
}
$exp = (int) config('api.auth_token_exp', 86400);
$tokenResult = JwtToken::generateToken([
'id' => 0,
'plat' => 'api',
'device' => $device,
'access_exp' => $exp,
]);
// 同一设备只保留最新 token覆盖后旧 token 失效
AuthTokenCache::setDeviceToken($device, $tokenResult['access_token'], $exp);
return $this->success([
'auth-token' => $tokenResult['access_token'],
'expires_in' => $tokenResult['expires_in'],
]);
}
/**
* 生成签名signature = md5(device . secret . time)
*
* @param string $device 设备标识
* @param string $secret 密钥(来自配置)
* @param string $time 时间戳
* @return string
*/
private function getAuthToken(string $device, string $secret, string $time): string
{
return md5($device . $secret . $time);
}
}

51
server/app/api/controller/GameController.php
View File

@@ -3,11 +3,11 @@ declare(strict_types=1);
namespace app\api\controller;
use support\Log;
use support\Request;
use support\Response;
use app\api\logic\GameLogic;
use app\api\logic\PlayStartLogic;
use app\api\logic\UserLogic;
use app\api\util\ReturnCode;
use app\dice\model\play_record\DicePlayRecord;
use app\dice\model\player\DicePlayer;
@@ -23,12 +23,12 @@ class GameController extends OpenController
/**
* 购买抽奖券
* POST /api/game/buyLotteryTickets
* header: auth-token, user-token由 CheckUserTokenMiddleware 注入 request->user_id
* header: tokenTokenMiddleware 注入 request->player_id
* body: count = 1 | 5 | 101次/100coin, 5次/500coin, 10次/1000coin
*/
public function buyLotteryTickets(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$userId = (int) ($request->player_id ?? 0);
$count = (int) $request->post('count', 0);
if (!in_array($count, [1, 5, 10], true)) {
return $this->fail('购买抽奖券错误', ReturnCode::PARAMS_ERROR);
@@ -52,58 +52,67 @@ class GameController extends OpenController
/**
* 获取彩金池(中奖配置表)
* GET /api/game/lotteryPool
* header: auth-token
* header: token
* 返回 DiceRewardConfig 列表(彩金池/中奖配置)
*/
public function lotteryPool(Request $request): Response
{
$list = DiceRewardConfig::order('id', 'asc')->select()->toArray();
$list = DiceRewardConfig::getCachedList();
return $this->success($list);
}
/**
* 开始游戏(抽奖一局)
* POST /api/game/playStart
* header: auth-token, user-token由 CheckUserTokenMiddleware 注入 request->user_id
* body: rediction 必传0=无 1=中奖
* header: tokenTokenMiddleware 注入 request->player_id
* body: direction 必传0=无 1=中奖
*/
public function playStart(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$rediction = $request->post('rediction');
if ($rediction === '' || $rediction === null) {
return $this->fail('请传递 rediction 参数', ReturnCode::PARAMS_ERROR);
$userId = (int) ($request->player_id ?? 0);
$direction = $request->post('direction');
if ($direction !== null) {
$direction = (int) $direction;
}
$direction = (int) $rediction;
if (!in_array($direction, [0, 1], true)) {
return $this->fail('rediction 必须为 0 或 1', ReturnCode::PARAMS_ERROR);
return $this->fail('direction 必须为 0 或 1', ReturnCode::PARAMS_ERROR);
}
$player = DicePlayer::find($userId);
if (!$player) {
return $this->fail('用户不存在', ReturnCode::NOT_FOUND);
}
$minEv = (float) DiceRewardConfig::min('real_ev');
$minEv = DiceRewardConfig::getCachedMinRealEv();
$minCoin = abs($minEv + 100);
$coin = (float) $player->coin;
if ($coin < $minCoin) {
return $this->success([], '当前玩家余额小于DiceRewardConfigMin.real_ev+100无法继续游戏');
return $this->success([], '当前玩家余额'.$coin.'小于'.$minCoin.'无法继续游戏');
}
try {
$logic = new PlayStartLogic();
$data = $logic->run($userId, $direction);
$data = $logic->run($userId, (int)$direction);
return $this->success($data);
} catch (ApiException $e) {
return $this->fail($e->getMessage(), ReturnCode::BUSINESS_ERROR);
} catch (\Throwable $e) {
// 记录抽奖逻辑抛出的真实异常,便于排查“服务超时,没有原因”
Log::error('playStart 异常: ' . $e->getMessage(), [
'file' => $e->getFile(),
'line' => $e->getLine(),
'trace' => $e->getTraceAsString(),
'player_id' => $userId,
'direction' => $direction,
]);
$timeoutRecord = null;
$timeout_message = '';
try {
$timeoutRecord = DicePlayRecord::create([
'player_id' => $userId,
'lottery_config_id' => 0,
'lottery_type' => 0,
'win_coin' => 0,
'use_coins' => 0,
'direction' => $direction,
'reward_config_id' => 0,
'start_index' => 0,
@@ -111,10 +120,16 @@ class GameController extends OpenController
'roll_array' => '[]',
'status' => PlayStartLogic::RECORD_STATUS_TIMEOUT,
]);
} catch (\Throwable $_) {
} catch (\Exception $inner) {
$timeout_message = $inner->getMessage();
Log::error('游玩记录写入超时: ' . $inner->getMessage());
}
$payload = $timeoutRecord ? ['record' => $timeoutRecord->toArray()] : [];
return $this->success($payload, '服务超时');
$msg = $timeout_message !== '' ? $timeout_message : $e->getMessage();
if ($msg === '') {
$msg = '没有原因';
}
return $this->fail('服务超时,' . $msg);
}
}
}

105
server/app/api/controller/UserController.php
View File

@@ -13,77 +13,80 @@ use app\dice\model\player_wallet_record\DicePlayerWalletRecord;
use plugin\saiadmin\basic\OpenController;
/**
* API 用户登录/注册
* 需先携带 auth-token登录/注册成功后返回 user-token 与用户信息,用户信息已写入 Rediskey=base64(user_id)value=加密)
* API 用户登录
* 登录接口 /api/user/Login 无需 token其余接口需在请求头携带 tokenbase64(username.-.time)),由 TokenMiddleware 鉴权并注入 request->player_id / request->player
*/
class UserController extends OpenController
{
/**
* 登录
* POST /api/user/login
* body: phone (+60), password
* 登录form-data 参数)
* POST /api/user/Login
* body: username, password, lang(可选), coin(可选), time(可选)
* 根据 username 查找或创建 DicePlayer按 coin 增减平台币,会话写 Redis返回带 token 的连接地址
*/
public function login(Request $request): Response
public function Login(Request $request): Response
{
$phone = $request->post('phone', '');
$password = $request->post('password', '');
if ($phone === '' || $password === '') {
return $this->fail('请填写手机号和密码', ReturnCode::PARAMS_ERROR);
$username = trim((string) ($request->post('username', '')));
$password = trim((string) ($request->post('password', '')));
$lang = trim((string) ($request->post('lang', 'chs')));
$coin = $request->post('coin');
$coin = $coin !== null && $coin !== '' ? (float) $coin : 0.0;
$time = $request->post('time');
$time = $time !== null && $time !== '' ? (string) $time : (string) time();
if ($username === '' || $password === '') {
return $this->fail('username、password 不能为空', ReturnCode::PARAMS_ERROR);
}
$logic = new UserLogic();
$data = $logic->login($phone, $password);
return $this->success([
'user' => $data['user'],
'user-token' => $data['user-token'],
'user_id' => $data['user_id'],
]);
}
/**
* 注册
* POST /api/user/register
* body: phone (+60), password, nickname(可选)
*/
public function register(Request $request): Response
{
$phone = $request->post('phone', '');
$password = $request->post('password', '');
$nickname = $request->post('nickname');
if ($phone === '' || $password === '') {
return $this->fail('请填写手机号和密码', ReturnCode::PARAMS_ERROR);
try {
$logic = new UserLogic();
$result = $logic->loginByUsername($username, $password, $lang, $coin, $time);
return $this->success([
'url' => $result['url'],
'token' => $result['token'],
'lang' => $result['lang'],
'user_id' => $result['user_id'],
'user' => $result['user'],
]);
} catch (\plugin\saiadmin\exception\ApiException $e) {
return $this->fail($e->getMessage(), ReturnCode::PARAMS_ERROR);
}
$logic = new UserLogic();
$data = $logic->register($phone, $password, $nickname ? (string) $nickname : null);
return $this->success([
'user' => $data['user'],
'user-token' => $data['user-token'],
'user_id' => $data['user_id'],
]);
}
/**
* 退出登录
* POST /api/user/logout
* header: user-token由 CheckUserTokenMiddleware 校验并注入 request->userToken
* header: tokenJWT清除该 username 的 Redis 会话
*/
public function logout(Request $request): Response
{
$token = $request->userToken ?? UserLogic::getTokenFromRequest($request);
if ($token === '' || !UserLogic::logout($token)) {
return $this->fail('退出失败或 token 已失效', ReturnCode::TOKEN_INVALID);
$token = $request->header('token');
if ($token === null || $token === '') {
$auth = $request->header('authorization');
if ($auth && stripos($auth, 'Bearer ') === 0) {
$token = trim(substr($auth, 7));
}
}
$token = $token !== null ? trim((string) $token) : '';
if ($token === '') {
return $this->fail('请携带 token', ReturnCode::UNAUTHORIZED);
}
$username = UserLogic::getUsernameFromJwtPayload($token);
if ($username === null || $username === '') {
return $this->fail('token 无效', ReturnCode::TOKEN_INVALID);
}
UserCache::deleteSessionByUsername($username);
UserCache::deletePlayerByUsername($username);
return $this->success('已退出登录');
}
/**
* 获取当前用户信息
* GET /api/user/info
* header: user-tokenCheckUserTokenMiddleware 校验并注入 request->user_id
* 返回id, username, phone, uid, name, coin, total_ticket_count
* header: token由 TokenMiddleware 校验并注入 request->player_id
*/
public function info(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$userId = (int) ($request->player_id ?? 0);
$user = UserLogic::getCachedUser($userId);
if (empty($user)) {
return $this->fail('用户不存在', ReturnCode::NOT_FOUND);
@@ -99,13 +102,13 @@ class UserController extends OpenController
}
/**
* 获取钱包余额(优先读缓存,缓存未命中时从库拉取并回写缓存
* 获取钱包余额(优先读缓存)
* GET /api/user/balance
* header: user-tokenCheckUserTokenMiddleware 校验并注入 request->user_id
* header: token由 TokenMiddleware 注入 request->player_id
*/
public function balance(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$userId = (int) ($request->player_id ?? 0);
$user = UserLogic::getCachedUser($userId);
if (empty($user)) {
return $this->fail('用户不存在', ReturnCode::NOT_FOUND);
@@ -124,12 +127,12 @@ class UserController extends OpenController
/**
* 玩家钱包流水
* GET /api/user/walletRecord
* header: user-tokenCheckUserTokenMiddleware 校验并注入 request->user_id
* header: token由 TokenMiddleware 注入 request->player_id
* 参数: page 页码默认1, limit 每页条数默认10, create_time_min/create_time_max 创建时间范围(可选)
*/
public function walletRecord(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$userId = (int) ($request->player_id ?? 0);
$page = (int) $request->post('page', 1);
$limit = (int) $request->post('limit', 10);
if ($page < 1) {
@@ -166,12 +169,12 @@ class UserController extends OpenController
/**
* 游玩记录
* GET /api/user/playGameRecord
* header: user-tokenCheckUserTokenMiddleware 校验并注入 request->user_id
* header: token由 TokenMiddleware 注入 request->player_id
* 参数: page 页码默认1, limit 每页条数默认10, create_time_min/create_time_max 创建时间范围(可选)
*/
public function playGameRecord(Request $request): Response
{
$userId = UserLogic::getUserIdFromRequest($request) ?? 0;
$userId = (int) ($request->player_id ?? 0);
$page = (int) $request->post('page', 1);
$limit = (int) $request->post('limit', 10);
if ($page < 1) {

108
server/app/api/logic/GameLogic.php
View File

@@ -27,7 +27,8 @@ class GameLogic
/**
* 购买抽奖券
* @param int $playerId 玩家ID即 user_id
* 先更新 Redis 玩家信息(后续游玩从 Redis 读),再用事务更新数据库;事务失败则回滚 Redis
* @param int $playerId 玩家ID
* @param int $count 购买档位1 / 5 / 10
* @return array 更新后的 coin, total_ticket_count, paid_ticket_count, free_ticket_count
*/
@@ -55,59 +56,70 @@ class GameLogic
$totalBefore = (int) ($player->total_ticket_count ?? 0);
$paidBefore = (int) ($player->paid_ticket_count ?? 0);
$freeBefore = (int) ($player->free_ticket_count ?? 0);
$totalAfter = $totalBefore + $addTotal;
$paidAfter = $paidBefore + $addPaid;
$freeAfter = $freeBefore + $addFree;
Db::transaction(function () use (
$player,
$playerId,
$cost,
$coinBefore,
$coinAfter,
$addTotal,
$addPaid,
$addFree,
$totalBefore,
$paidBefore,
$freeBefore
) {
$player->coin = $coinAfter;
$player->total_ticket_count = $totalBefore + $addTotal;
$player->paid_ticket_count = $paidBefore + $addPaid;
$player->free_ticket_count = $freeBefore + $addFree;
$player->save();
$oldUserArr = $player->hidden(['password'])->toArray();
$updatedUserArr = $oldUserArr;
$updatedUserArr['coin'] = $coinAfter;
$updatedUserArr['total_ticket_count'] = $totalAfter;
$updatedUserArr['paid_ticket_count'] = $paidAfter;
$updatedUserArr['free_ticket_count'] = $freeAfter;
// 钱包流水记录
DicePlayerWalletRecord::create([
'player_id' => $playerId,
'coin' => -$cost,
'type' => self::WALLET_TYPE_BUY_DRAW,
'wallet_before' => $coinBefore,
'wallet_after' => $coinAfter,
'total_ticket_count' => $addTotal,
'paid_ticket_count' => $addPaid,
'free_ticket_count' => $addFree,
'remark' => "购买抽奖券{$addTotal}次(付费{$addPaid}次+赠送{$addFree}次)",
]);
UserCache::setUser($playerId, $updatedUserArr);
// 抽奖券获取记录
DicePlayerTicketRecord::create([
'player_id' => $playerId,
'use_coins' => $cost,
'total_ticket_count' => $addTotal,
'paid_ticket_count' => $addPaid,
'free_ticket_count' => $addFree,
'remark' => "购买抽奖券{$addTotal}次(付费{$addPaid}次+赠送{$addFree}次)",
]);
});
try {
Db::transaction(function () use (
$player,
$playerId,
$cost,
$coinBefore,
$coinAfter,
$addTotal,
$addPaid,
$addFree,
$totalAfter,
$paidAfter,
$freeAfter
) {
$player->coin = $coinAfter;
$player->total_ticket_count = $totalAfter;
$player->paid_ticket_count = $paidAfter;
$player->free_ticket_count = $freeAfter;
$player->save();
$updated = DicePlayer::find($playerId);
$userArr = $updated->hidden(['password'])->toArray();
UserCache::setUser($playerId, $userArr);
DicePlayerWalletRecord::create([
'player_id' => $playerId,
'coin' => -$cost,
'type' => self::WALLET_TYPE_BUY_DRAW,
'wallet_before' => $coinBefore,
'wallet_after' => $coinAfter,
'total_ticket_count' => $addTotal,
'paid_ticket_count' => $addPaid,
'free_ticket_count' => $addFree,
'remark' => "购买抽奖券{$addTotal}次(付费{$addPaid}次+赠送{$addFree}次)",
]);
DicePlayerTicketRecord::create([
'player_id' => $playerId,
'use_coins' => $cost,
'total_ticket_count' => $addTotal,
'paid_ticket_count' => $addPaid,
'free_ticket_count' => $addFree,
'remark' => "购买抽奖券{$addTotal}次(付费{$addPaid}次+赠送{$addFree}次)",
]);
});
} catch (\Throwable $e) {
UserCache::setUser($playerId, $oldUserArr);
throw $e;
}
return [
'coin' => (float) $updated->coin,
'total_ticket_count' => (int) $updated->total_ticket_count,
'paid_ticket_count' => (int) $updated->paid_ticket_count,
'free_ticket_count' => (int) $updated->free_ticket_count,
'coin' => (float) $coinAfter,
'total_ticket_count' => (int) $totalAfter,
'paid_ticket_count' => (int) $paidAfter,
'free_ticket_count' => (int) $freeAfter,
];
}
}

109
server/app/api/logic/PlayStartLogic.php
View File

@@ -12,6 +12,7 @@ use app\dice\model\player_ticket_record\DicePlayerTicketRecord;
use app\dice\model\player_wallet_record\DicePlayerWalletRecord;
use app\dice\model\reward_config\DiceRewardConfig;
use plugin\saiadmin\exception\ApiException;
use support\Log;
use support\think\Cache;
use support\think\Db;
@@ -37,7 +38,7 @@ class PlayStartLogic
/**
* 执行一局游戏
* @param int $playerId 玩家ID
* @param int $direction 方向 0=无/顺时针 1=中奖/逆时针(前端 rediction
* @param int $direction 方向 0=无/顺时针 1=中奖/逆时针(前端 direction
* @return array 成功返回 DicePlayRecord 数据;余额不足时抛 ApiExceptionmessage 为约定文案
*/
public function run(int $playerId, int $direction): array
@@ -47,11 +48,11 @@ class PlayStartLogic
throw new ApiException('用户不存在');
}
$minEv = (float) DiceRewardConfig::min('real_ev');
$minEv = DiceRewardConfig::getCachedMinRealEv();
$minCoin = abs($minEv + self::MIN_COIN_EXTRA);
$coin = (float) $player->coin;
if ($coin < $minCoin) {
throw new ApiException('当前玩家余额小于DiceRewardConfigMin.real_ev+100无法继续游戏');
throw new ApiException('当前玩家余额'.$coin.'小于'.$minCoin.'无法继续游戏');
}
$paid = (int) ($player->paid_ticket_count ?? 0);
@@ -69,25 +70,63 @@ class PlayStartLogic
throw new ApiException('奖池配置不存在');
}
$tier = LotteryService::drawTierByWeights($config);
$rewards = DiceRewardConfig::where('tier', $tier)->select();
if ($rewards->isEmpty()) {
throw new ApiException('该档位暂无奖励配置');
// 按玩家权重抽取档位;若该档位无奖励或该方向下均无可用路径则重新摇取档位
$maxTierRetry = 10;
$chosen = null;
$startCandidates = [];
$tier = null;
for ($tierAttempt = 0; $tierAttempt < $maxTierRetry; $tierAttempt++) {
$tier = LotteryService::drawTierByPlayerWeights($player);
$tierRewards = DiceRewardConfig::getCachedByTier($tier);
if (empty($tierRewards)) {
Log::warning("档位 {$tier} 无任何奖励配置,重新摇取档位");
continue;
}
$maxRewardRetry = count($tierRewards);
for ($attempt = 0; $attempt < $maxRewardRetry; $attempt++) {
$chosen = $tierRewards[array_rand($tierRewards)];
$chosenId = (int) ($chosen['id'] ?? 0);
if ($direction === 0) {
$startCandidates = DiceRewardConfig::getCachedBySEndIndex($chosenId);
} else {
$startCandidates = DiceRewardConfig::getCachedByNEndIndex($chosenId);
}
if (!empty($startCandidates)) {
break 2;
}
Log::warning("方向 {$direction} 下无 s_end_index/n_end_index={$chosenId} 的配置,重新摇取");
}
Log::warning("方向 {$direction} 下档位 {$tier} 所有奖励均无可用路径配置,重新摇取档位");
}
$rewardList = $rewards->all();
$reward = $rewardList[array_rand($rewardList)];
$realEv = (float) $reward->real_ev;
if (empty($startCandidates)) {
Log::error("方向 {$direction} 下多次摇取档位后仍无可用路径配置");
throw new ApiException('该方向下暂无可用路径配置');
}
$chosenId = (int) ($chosen['id'] ?? 0);
$startRecord = $startCandidates[array_rand($startCandidates)];
$startIndex = (int) ($startRecord['id'] ?? 0);
$targetIndex = $direction === 0
? (int) ($startRecord['s_end_index'] ?? 0)
: (int) ($startRecord['n_end_index'] ?? 0);
$rollNumber = (int) ($startRecord['grid_number'] ?? 0);
$rollArray = $this->generateRollArrayFromSum($rollNumber);
Log::info(sprintf(
'摇取点数 roll_number=%d, 方向=%d, start_index=%d, target_index=%d',
$rollNumber,
$direction,
$startIndex,
$targetIndex
));
$realEv = (float) ($chosen['real_ev'] ?? 0);
$winCoin = 100 + $realEv; // 赢取平台币 = 100 + DiceRewardConfig.real_ev
$gridNumber = (int) $reward->grid_number;
$startIndex = (int) Cache::get(LotteryService::getStartIndexKey($playerId), 0);
$targetIndex = (int) $reward->id;
$rollArray = $this->generateRollArray($gridNumber);
$record = null;
$configId = (int) $config->id;
$rewardId = (int) $reward->id;
$rewardId = $chosenId;
$configName = (string) ($config->name ?? '');
$isTierT5 = (string) ($reward->tier ?? '') === 'T5';
$isTierT5 = (string) ($chosen['tier'] ?? '') === 'T5';
try {
Db::transaction(function () use (
$playerId,
@@ -109,6 +148,7 @@ class PlayStartLogic
'lottery_config_id' => $configId,
'lottery_type' => $ticketType,
'win_coin' => $winCoin,
'use_coins' => 0,
'direction' => $direction,
'reward_config_id' => $rewardId,
'start_index' => $startIndex,
@@ -162,8 +202,6 @@ class PlayStartLogic
'wallet_after' => $coinAfter,
'remark' => '抽奖|play_record_id=' . $record->id,
]);
Cache::set(LotteryService::getStartIndexKey($playerId), $targetIndex, 86400 * 30);
});
} catch (\Throwable $e) {
if ($record === null) {
@@ -173,6 +211,7 @@ class PlayStartLogic
'lottery_config_id' => $configId ?? 0,
'lottery_type' => $ticketType,
'win_coin' => 0,
'use_coins' => 0,
'direction' => $direction,
'reward_config_id' => 0,
'start_index' => $startIndex,
@@ -199,26 +238,30 @@ class PlayStartLogic
if (isset($arr['roll_array']) && is_string($arr['roll_array'])) {
$arr['roll_array'] = json_decode($arr['roll_array'], true) ?? [];
}
$arr['roll_number'] = is_array($arr['roll_array'] ?? null) ? array_sum($arr['roll_array']) : 0;
return $arr;
}
/** 生成 5 个 1-6 的点数,和为 grid_number5~30严格不超范围 */
private function generateRollArray(int $gridNumber): array
/**
* 根据摇取点数5-30生成 5 个色子数组,每个 1-6总和为 $sum
* @return int[] 如 [1,2,3,4,5]
*/
private function generateRollArrayFromSum(int $sum): array
{
$minSum = 5;
$maxSum = 30;
$n = max($minSum, min($maxSum, $gridNumber));
$dice = [1, 1, 1, 1, 1];
$remain = $n - 5;
while ($remain > 0) {
$i = array_rand($dice);
if ($dice[$i] < 6) {
$add = min($remain, 6 - $dice[$i]);
$dice[$i] += $add;
$remain -= $add;
$sum = max(5, min(30, $sum));
$arr = [1, 1, 1, 1, 1];
$remain = $sum - 5;
for ($i = 0; $i < $remain; $i++) {
$candidates = array_keys(array_filter($arr, function ($v) {
return $v < 6;
}));
if (empty($candidates)) {
break;
}
$idx = $candidates[array_rand($candidates)];
$arr[$idx]++;
}
shuffle($dice);
return $dice;
shuffle($arr);
return array_values($arr);
}
}

211
server/app/api/logic/UserLogic.php
View File

@@ -33,78 +33,6 @@ class UserLogic
}
}
/**
* 登录:手机号 + 密码,返回用户信息与 user-token并写入 Redis 缓存
*/
public function login(string $phone, string $password): array
{
self::validatePhone($phone);
$user = DicePlayer::where('phone', $phone)->find();
if (!$user) {
throw new ApiException('手机号未注册');
}
if ((int) $user->status !== self::STATUS_NORMAL) {
throw new ApiException('账号已被禁用');
}
$hashed = $this->hashPassword($password);
if ($user->password !== $hashed) {
throw new ApiException('密码错误');
}
$userArr = $user->hidden(['password'])->toArray();
UserCache::setUser((int) $user->id, $userArr);
$userToken = $this->generateUserToken((int) $user->id);
// 同一用户只保留最新一次登录的 token旧 token 自动失效
UserCache::setCurrentUserToken((int) $user->id, $userToken);
return [
'user' => $userArr,
'user-token' => $userToken,
'user_id' => (int) $user->id,
];
}
/**
* 注册:手机号 + 密码(+60创建玩家并返回用户信息与 user-token写入 Redis
*/
public function register(string $phone, string $password, ?string $nickname = null): array
{
self::validatePhone($phone);
if (strlen($password) < 6) {
throw new ApiException('密码至少 6 位');
}
$exists = DicePlayer::where('phone', $phone)->find();
if ($exists) {
throw new ApiException('该手机号已注册');
}
$user = new DicePlayer();
$user->phone = $phone;
$user->username = $phone;
if ($nickname !== null && $nickname !== '') {
$user->name = $nickname;
}
// name 未传时由 DicePlayer::onBeforeInsert 默认设为 uid
$user->password = $this->hashPassword($password);
$user->status = self::STATUS_NORMAL;
$user->save();
$userArr = $user->hidden(['password'])->toArray();
UserCache::setUser((int) $user->id, $userArr);
$userToken = $this->generateUserToken((int) $user->id);
// 同一用户只保留最新一次登录的 token旧 token 自动失效
UserCache::setCurrentUserToken((int) $user->id, $userToken);
return [
'user' => $userArr,
'user-token' => $userToken,
'user_id' => (int) $user->id,
];
}
/**
* 与 DicePlayerLogic 一致的密码加密md5(salt . password)
*/
@@ -114,97 +42,84 @@ class UserLogic
}
/**
* 生成 user-tokenJWTplat=api_userid=user_id
* 登录JSONusername, password, lang, coin, time
* 存在则校验密码并更新 coin累加不存在则创建用户并写入 coin。
* 将会话写入 Redis返回 token 与前端连接地址。
*/
private function generateUserToken(int $userId): string
public function loginByUsername(string $username, string $password, string $lang, float $coin, string $time): array
{
$exp = config('api.user_token_exp', 604800);
$result = JwtToken::generateToken([
'id' => $userId,
'plat' => 'api_user',
$username = trim($username);
if ($username === '') {
throw new ApiException('username 不能为空');
}
$player = DicePlayer::where('username', $username)->find();
if ($player) {
$hashed = $this->hashPassword($password);
if ($player->password !== $hashed) {
throw new ApiException('密码错误');
}
$currentCoin = (float) $player->coin;
$player->coin = $currentCoin + $coin;
$player->save();
} else {
$player = new DicePlayer();
$player->username = $username;
$player->phone = $username;
$player->password = $this->hashPassword($password);
$player->status = self::STATUS_NORMAL;
$player->coin = $coin;
$player->save();
}
$exp = (int) config('api.session_expire', 604800);
$tokenResult = JwtToken::generateToken([
'id' => (int) $player->id,
'username' => $username,
'plat' => 'api_login',
'access_exp' => $exp,
]);
return $result['access_token'];
$token = $tokenResult['access_token'];
UserCache::setSessionByUsername($username, $token);
$userArr = $player->hidden(['password'])->toArray();
UserCache::setUser((int) $player->id, $userArr);
UserCache::setPlayerByUsername($username, $userArr);
$baseUrl = rtrim(config('api.login_url_base', 'https://127.0.0.1:6777'), '/');
$lang = in_array($lang, ['chs', 'en'], true) ? $lang : 'chs';
$tokenInUrl = str_replace('%3D', '=', urlencode($token));
$url = $baseUrl . '?token=' . $tokenInUrl . '&lang=' . $lang;
return [
'url' => $url,
'token' => $token,
'lang' => $lang,
'user_id' => (int) $player->id,
'user' => $userArr,
];
}
/**
* 从请求中解析 user-tokenheader: user-token 或 Authorization: Bearer
* @param object $request 需有 header(string $name) 方法
* 从 JWT 中解析 username仅解码 payload不校验签名与过期用于退出时清除会话
*/
public static function getTokenFromRequest(object $request): string
public static function getUsernameFromJwtPayload(string $token): ?string
{
$token = $request->header('user-token') ?? '';
if ($token !== '') {
return trim((string) $token);
}
$auth = $request->header('authorization');
if ($auth && stripos($auth, 'Bearer ') === 0) {
return trim(substr($auth, 7));
}
return '';
}
/**
* 从请求获取当前用户 ID优先 request->user_id否则从 header 的 user-token 解析
* 中间件未正确注入时仍可兜底解析
* @param object $request 需有 user_id 属性及 header() 方法
*/
public static function getUserIdFromRequest(object $request): ?int
{
$id = $request->user_id ?? null;
if ($id !== null && (int) $id > 0) {
return (int) $id;
}
$token = self::getTokenFromRequest($request);
if ($token === '') {
$parts = explode('.', $token);
if (count($parts) !== 3) {
return null;
}
return self::getUserIdFromToken($token);
}
/**
* 根据 user-token 获取 user_id不写缓存仅解析 JWT
* 若 token 已通过退出接口加入黑名单,返回 null
*/
public static function getUserIdFromToken(string $userToken): ?int
{
if (UserCache::isTokenBlacklisted($userToken)) {
$payload = base64_decode(strtr($parts[1], '-_', '+/'), true);
if ($payload === false) {
return null;
}
try {
$decoded = JwtToken::verify(1, $userToken);
$extend = $decoded['extend'] ?? [];
if (($extend['plat'] ?? '') !== 'api_user') {
return null;
}
$id = $extend['id'] ?? null;
if ($id === null) {
return null;
}
$userId = (int) $id;
// 同一用户只允许当前登记的 token 生效,重新登录/注册后旧 token 失效
if (!UserCache::isCurrentUserToken($userId, $userToken)) {
return null;
}
return $userId;
} catch (\Throwable $e) {
$data = json_decode($payload, true);
if (!is_array($data)) {
return null;
}
}
/**
* 退出登录:将当前 user-token 加入黑名单,使该 token 失效
*/
public static function logout(string $userToken): bool
{
try {
$decoded = JwtToken::verify(1, $userToken);
$exp = (int) ($decoded['exp'] ?? 0);
$ttl = $exp > time() ? $exp - time() : 86400;
return UserCache::addTokenToBlacklist($userToken, $ttl);
} catch (\Throwable $e) {
return false;
}
$extend = $data['extend'] ?? $data;
$username = $extend['username'] ?? null;
return $username !== null ? trim((string) $username) : null;
}
/**

109
server/app/api/middleware/CheckAuthTokenMiddleware.php
View File

@@ -1,109 +0,0 @@
<?php
declare(strict_types=1);
namespace app\api\middleware;
use support\Log;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;
use Tinywan\Jwt\JwtToken;
use Tinywan\Jwt\Exception\JwtTokenException;
use Tinywan\Jwt\Exception\JwtTokenExpiredException;
use app\api\util\ReturnCode;
use app\api\cache\AuthTokenCache;
use plugin\saiadmin\exception\ApiException;
/**
* 仅校验 auth-token 请求头
* 白名单路径(如 /api/authToken不校验其它接口必须携带有效 auth-token 或 Authorization: Bearer <token>,且必须通过 JWT 签名与 plat=api 校验
*/
class CheckAuthTokenMiddleware implements MiddlewareInterface
{
/** 不需要 auth-token 的路径 */
private const WHITELIST = [
'api/authToken',
];
/** JWT 至少为 xxx.yyy.zzz 三段 */
private const JWT_PARTS_MIN = 3;
public function process(Request $request, callable $handler): Response
{
$path = trim((string) $request->path(), '/');
if ($this->isWhitelist($path)) {
return $handler($request);
}
$token = $this->getAuthTokenFromRequest($request);
if ($token === '') {
throw new ApiException('请携带 auth-token', ReturnCode::UNAUTHORIZED);
}
if (!$this->looksLikeJwt($token)) {
throw new ApiException('auth-token 格式无效', ReturnCode::TOKEN_INVALID);
}
$decoded = $this->verifyAuthToken($token);
$extend = $decoded['extend'] ?? [];
if (($extend['plat'] ?? '') !== 'api') {
throw new ApiException('auth-token 无效(非 API 凭证)', ReturnCode::TOKEN_INVALID);
}
// 同一设备只允许一个 auth-token 生效,非当前 token 视为已失效
$device = (string) ($extend['device'] ?? '');
if ($device !== '' && !AuthTokenCache::isCurrentToken($device, $token)) {
throw new ApiException('auth-token 已失效(该设备已签发新凭证,请使用新 auth-token', ReturnCode::TOKEN_INVALID);
}
return $handler($request);
}
private function getAuthTokenFromRequest(Request $request): string
{
$token = $request->header('auth-token');
if ($token !== null && $token !== '') {
return trim((string) $token);
}
$auth = $request->header('authorization');
if ($auth && stripos($auth, 'Bearer ') === 0) {
return trim(substr($auth, 7));
}
return '';
}
private function looksLikeJwt(string $token): bool
{
$parts = explode('.', $token);
return count($parts) >= self::JWT_PARTS_MIN;
}
/**
* 校验 auth-token 有效性签名、过期、iss 等),无效或过期必抛 ApiException
*/
private function verifyAuthToken(string $token): array
{
try {
return JwtToken::verify(1, $token);
} catch (JwtTokenExpiredException $e) {
Log::error('auth-token 已过期, 报错信息' . $e);
throw new ApiException('auth-token 已过期', ReturnCode::TOKEN_INVALID);
} catch (JwtTokenException $e) {
Log::error('auth-token 无效, 报错信息' . $e);
throw new ApiException($e->getMessage() ?: 'auth-token 无效', ReturnCode::TOKEN_INVALID);
} catch (\Throwable $e) {
Log::error('auth-token 校验失败, 报错信息' . $e);
throw new ApiException('auth-token 校验失败', ReturnCode::TOKEN_INVALID);
}
}
private function isWhitelist(string $path): bool
{
foreach (self::WHITELIST as $prefix) {
if ($path === $prefix || str_starts_with($path, $prefix . '/')) {
return true;
}
}
return false;
}
}

42
server/app/api/middleware/CheckUserTokenMiddleware.php
View File

@@ -1,42 +0,0 @@
<?php
declare(strict_types=1);
namespace app\api\middleware;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;
use app\api\logic\UserLogic;
use app\api\util\ReturnCode;
use plugin\saiadmin\exception\ApiException;
/**
* 校验 user-token 请求头
* 从 header 读取 user-token 或 Authorization: Bearer <user-token>,校验通过后将 user_id、userToken 写入 request 供控制器使用
*/
class CheckUserTokenMiddleware implements MiddlewareInterface
{
public function process(Request $request, callable $handler): Response
{
$token = $request->header('user-token');
if (empty($token)) {
$auth = $request->header('authorization');
if ($auth && stripos($auth, 'Bearer ') === 0) {
$token = trim(substr($auth, 7));
}
}
if (empty($token)) {
throw new ApiException('请携带 user-token', ReturnCode::UNAUTHORIZED);
}
$userId = UserLogic::getUserIdFromToken($token);
if ($userId === null) {
throw new ApiException('user-token 无效或已过期', ReturnCode::TOKEN_INVALID);
}
$request->user_id = $userId;
$request->userToken = $token;
return $handler($request);
}
}

87
server/app/api/middleware/TokenMiddleware.php Normal file
View File

@@ -0,0 +1,87 @@
<?php
declare(strict_types=1);
namespace app\api\middleware;
use app\api\cache\UserCache;
use app\api\util\ReturnCode;
use app\dice\model\player\DicePlayer;
use plugin\saiadmin\exception\ApiException;
use Tinywan\Jwt\JwtToken;
use Tinywan\Jwt\Exception\JwtTokenException;
use Tinywan\Jwt\Exception\JwtTokenExpiredException;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;
/**
* 校验 token 请求头JWT
* 解码 JWT 取 username与 Redis 中当前有效 token 比对;不一致则旧 token 已失效,请重新登录
* 通过后注入 request->player_id、request->player
*/
class TokenMiddleware implements MiddlewareInterface
{
public function process(Request $request, callable $handler): Response
{
$token = $request->header('token');
if ($token === null || $token === '') {
$auth = $request->header('authorization');
if ($auth && stripos($auth, 'Bearer ') === 0) {
$token = trim(substr($auth, 7));
}
}
$token = $token !== null ? trim((string) $token) : '';
if ($token === '') {
throw new ApiException('请携带 token', ReturnCode::UNAUTHORIZED);
}
try {
$decoded = JwtToken::verify(1, $token);
} catch (JwtTokenExpiredException $e) {
throw new ApiException('token 已过期,请重新登录', ReturnCode::TOKEN_INVALID);
} catch (JwtTokenException $e) {
throw new ApiException('token 无效', ReturnCode::TOKEN_INVALID);
} catch (\Throwable $e) {
throw new ApiException('token 格式无效', ReturnCode::TOKEN_INVALID);
}
$extend = $decoded['extend'] ?? [];
if ((string) ($extend['plat'] ?? '') !== 'api_login') {
throw new ApiException('token 无效', ReturnCode::TOKEN_INVALID);
}
$username = trim((string) ($extend['username'] ?? ''));
if ($username === '') {
throw new ApiException('token 无效', ReturnCode::TOKEN_INVALID);
}
$currentToken = UserCache::getSessionTokenByUsername($username);
if ($currentToken === null || $currentToken === '') {
$player = DicePlayer::where('username', $username)->find();
if (!$player) {
throw new ApiException('请注册', ReturnCode::TOKEN_INVALID);
}
throw new ApiException('请重新登录', ReturnCode::TOKEN_INVALID);
}
if ($currentToken !== $token) {
throw new ApiException('请重新登录(当前账号已在其他处登录)', ReturnCode::TOKEN_INVALID);
}
// 优先从 Redis 缓存取玩家,避免每次请求都查库
$player = null;
$cached = UserCache::getPlayerByUsername($username);
if ($cached !== null && isset($cached['id'])) {
$player = (new DicePlayer())->data($cached, true);
}
if ($player === null) {
$player = DicePlayer::where('username', $username)->find();
if (!$player) {
UserCache::deleteSessionByUsername($username);
throw new ApiException('请重新登录', ReturnCode::TOKEN_INVALID);
}
UserCache::setPlayerByUsername($username, $player->hidden(['password'])->toArray());
}
$request->player_id = (int) $player->id;
$request->player = $player;
return $handler($request);
}
}

23
server/app/api/service/LotteryService.php
View File

@@ -94,6 +94,29 @@ class LotteryService
(int) ($config->t4_wight ?? 0),
(int) ($config->t5_wight ?? 0),
];
return self::drawTierByWeightArray($tiers, $weights);
}
/**
* 根据玩家 t1_wightt5_wight 权重随机抽取中奖档位 T1-T5
* t1_wight=T1, t2_wight=T2, t3_wight=T3, t4_wight=T4, t5_wight=T5
*/
public static function drawTierByPlayerWeights(DicePlayer $player): string
{
$tiers = ['T1', 'T2', 'T3', 'T4', 'T5'];
$weights = [
(int) ($player->t1_wight ?? 0),
(int) ($player->t2_wight ?? 0),
(int) ($player->t3_wight ?? 0),
(int) ($player->t4_wight ?? 0),
(int) ($player->t5_wight ?? 0),
];
return self::drawTierByWeightArray($tiers, $weights);
}
/** 按档位权重数组抽取 T1-T5 */
private static function drawTierByWeightArray(array $tiers, array $weights): string
{
$total = array_sum($weights);
if ($total <= 0) {
return $tiers[array_rand($tiers)];

5
server/app/dice/model/player/DicePlayer.php
View File

@@ -49,6 +49,11 @@ class DicePlayer extends BaseModel
*/
protected $table = 'dice_player';
/** 创建时间字段dice_player 表为 created_at */
protected $createTime = 'created_at';
/** 更新时间字段dice_player 表为 updated_at */
protected $updateTime = 'updated_at';
/**
* 新增前:生成唯一 uid昵称 name 默认使用 uid
* 用 try-catch 避免表尚未含 uid 时 getAttr/getData 抛 InvalidArgumentException

166
server/app/dice/model/reward_config/DiceRewardConfig.php
View File

@@ -7,23 +7,36 @@
namespace app\dice\model\reward_config;
use plugin\saiadmin\basic\think\BaseModel;
use support\think\Cache;
/**
* 奖励配置模型
*
* dice_reward_config 奖励配置
* 奖励列表为全玩家通用,保存时刷新缓存,游戏时优先读缓存。
*
* @property $id ID
* @property $grid_number 色子点数
* @property $ui_text 前端显示文本
* @property $real_ev 真实资金结算
* @property $tier 所属档位
* @property $s_end_index 顺时针结束索引
* @property $n_end_index 逆时针结束索引
* @property $remark 备注
* @property $create_time 创建时间
* @property $update_time 修改时间
*/
class DiceRewardConfig extends BaseModel
{
/** 缓存键:彩金池奖励列表实例(含列表与索引) */
private const CACHE_KEY_INSTANCE = 'dice:reward_config:instance';
/** 缓存过期时间(秒),保存时会主动刷新故设较长 */
private const CACHE_TTL = 86400 * 30;
/** 当前请求内已加载的实例,避免同请求多次读缓存 */
private static ?array $instance = null;
/**
* 数据表主键
* @var string
@@ -36,6 +49,159 @@ class DiceRewardConfig extends BaseModel
*/
protected $table = 'dice_reward_config';
/**
* 获取彩金池实例(含 list / 索引),无则从库加载并写入缓存;同请求内复用
* @return array{list: array, by_tier: array, by_s_end_index: array, by_n_end_index: array, min_real_ev: float}
*/
public static function getCachedInstance(): array
{
if (self::$instance !== null) {
return self::$instance;
}
$instance = Cache::get(self::CACHE_KEY_INSTANCE);
if ($instance !== null && is_array($instance)) {
self::$instance = $instance;
return $instance;
}
self::refreshCache();
$instance = Cache::get(self::CACHE_KEY_INSTANCE);
self::$instance = is_array($instance) ? $instance : self::buildEmptyInstance();
return self::$instance;
}
/**
* 获取缓存的奖励列表(无则从库加载并写入缓存)
* @return array<int, array>
*/
public static function getCachedList(): array
{
$inst = self::getCachedInstance();
return $inst['list'] ?? [];
}
/**
* 重新从数据库加载并写入缓存(保存时调用),构建列表与索引
*/
public static function refreshCache(): void
{
$list = (new self())->order('id', 'asc')->select()->toArray();
$byTier = [];
$bySEndIndex = [];
$byNEndIndex = [];
foreach ($list as $row) {
$tier = isset($row['tier']) ? (string) $row['tier'] : '';
if ($tier !== '') {
if (!isset($byTier[$tier])) {
$byTier[$tier] = [];
}
$byTier[$tier][] = $row;
}
$sEnd = isset($row['s_end_index']) ? (int) $row['s_end_index'] : 0;
if ($sEnd !== 0) {
if (!isset($bySEndIndex[$sEnd])) {
$bySEndIndex[$sEnd] = [];
}
$bySEndIndex[$sEnd][] = $row;
}
$nEnd = isset($row['n_end_index']) ? (int) $row['n_end_index'] : 0;
if ($nEnd !== 0) {
if (!isset($byNEndIndex[$nEnd])) {
$byNEndIndex[$nEnd] = [];
}
$byNEndIndex[$nEnd][] = $row;
}
}
$minRealEv = empty($list) ? 0.0 : (float) min(array_column($list, 'real_ev'));
self::$instance = [
'list' => $list,
'by_tier' => $byTier,
'by_s_end_index' => $bySEndIndex,
'by_n_end_index' => $byNEndIndex,
'min_real_ev' => $minRealEv,
];
Cache::set(self::CACHE_KEY_INSTANCE, self::$instance, self::CACHE_TTL);
}
/** 空实例结构 */
private static function buildEmptyInstance(): array
{
return [
'list' => [],
'by_tier' => [],
'by_s_end_index' => [],
'by_n_end_index' => [],
'min_real_ev' => 0.0,
];
}
/**
* 从缓存取最小 real_ev
*/
public static function getCachedMinRealEv(): float
{
$inst = self::getCachedInstance();
return (float) ($inst['min_real_ev'] ?? 0.0);
}
/**
* 从缓存按档位取奖励列表
* @return array<int, array>
*/
public static function getCachedByTier(string $tier): array
{
$inst = self::getCachedInstance();
$byTier = $inst['by_tier'] ?? [];
return $byTier[$tier] ?? [];
}
/**
* 从缓存按顺时针结束索引取列表s_end_index = id 的配置)
* @return array<int, array>
*/
public static function getCachedBySEndIndex(int $id): array
{
$inst = self::getCachedInstance();
$by = $inst['by_s_end_index'] ?? [];
return $by[$id] ?? [];
}
/**
* 从缓存按逆时针结束索引取列表n_end_index = id 的配置)
* @return array<int, array>
*/
public static function getCachedByNEndIndex(int $id): array
{
$inst = self::getCachedInstance();
$by = $inst['by_n_end_index'] ?? [];
return $by[$id] ?? [];
}
/**
* 清除当前请求内实例(如测试或需强制下次读缓存时调用)
*/
public static function clearRequestInstance(): void
{
self::$instance = null;
}
/** 保存后刷新缓存 */
public static function onAfterInsert($model): void
{
self::refreshCache();
}
/** 更新后刷新缓存 */
public static function onAfterUpdate($model): void
{
self::refreshCache();
}
/** 删除后刷新缓存 */
public static function onAfterDelete($model): void
{
self::refreshCache();
}
/** 色子点数下限 */
public function searchGridNumberMinAttr($query, $value)
{

9
server/config/api.php
View File

@@ -3,6 +3,12 @@
* API 鉴权与用户相关配置
*/
return [
// 登录成功返回的连接地址前缀,如 https://127.0.0.1:6777
'login_url_base' => env('API_LOGIN_URL_BASE', 'https://127.0.0.1:6777'),
// 按 username 存储的登录会话 Redis key 前缀,用于 token 中间件校验
'session_username_prefix' => env('API_SESSION_USERNAME_PREFIX', 'api:user:session:'),
// 登录会话过期时间(秒),默认 7 天
'session_expire' => (int) env('API_SESSION_EXPIRE', 604800),
// auth-token 签名密钥(与客户端约定,用于 /api/authToken 的 signature 校验,必填)
'auth_token_secret' => env('API_AUTH_TOKEN_SECRET', ''),
// auth-token 时间戳允许误差(秒),防重放,默认 300 秒
@@ -21,4 +27,7 @@ return [
'user_cache_prefix' => env('API_USER_CACHE_PREFIX', 'api:user:'),
// 用户信息加密密钥(用于 Redis 中 value 的加密),建议 32 位
'user_encrypt_key' => env('API_USER_ENCRYPT_KEY', 'dafuweng_api_user_cache_key_32'),
// 玩家信息按 username 缓存Token 中间件用0 表示不缓存
'player_cache_ttl' => (int) env('API_PLAYER_CACHE_TTL', 300),
'player_cache_prefix' => env('API_PLAYER_CACHE_PREFIX', 'api:player:'),
];

3
server/config/app.php
View File

@@ -15,7 +15,8 @@
use support\Request;
return [
'debug' => true,
// 生产环境务必设为 false减少 I/O 与堆栈输出,提升接口响应
'debug' => env('APP_DEBUG', false),
'error_reporting' => E_ALL,
'default_timezone' => 'Asia/Shanghai',
'request_class' => Request::class,

8
server/config/database.php
View File

@@ -18,10 +18,10 @@ return [
PDO::ATTR_EMULATE_PREPARES => false, // Must be false for Swoole and Swow drivers.
],
'pool' => [
'max_connections' => 5,
'min_connections' => 1,
'wait_timeout' => 3,
'idle_timeout' => 60,
'max_connections' => (int) env('DB_POOL_MAX', 20),
'min_connections' => (int) env('DB_POOL_MIN', 2),
'wait_timeout' => (float) env('DB_POOL_WAIT_TIMEOUT', 1.0),
'idle_timeout' => (int) env('DB_POOL_IDLE_TIMEOUT', 60),
'heartbeat_interval' => 50,
],
],

2
server/config/log.php
View File

@@ -20,7 +20,7 @@ return [
'constructor' => [
runtime_path() . '/logs/webman.log',
7, //$maxFiles
Monolog\Logger::DEBUG,
env('LOG_LEVEL', Monolog\Logger::INFO),
],
'formatter' => [
'class' => Monolog\Formatter\LineFormatter::class,

6
server/config/redis.php
View File

@@ -7,9 +7,9 @@ return [
'port' => env('REDIS_PORT', 6379),
'database' => env('REDIS_DB', 0),
'pool' => [
'max_connections' => 5,
'min_connections' => 1,
'wait_timeout' => 3,
'max_connections' => (int) env('REDIS_POOL_MAX', 20),
'min_connections' => (int) env('REDIS_POOL_MIN', 2),
'wait_timeout' => (float) env('REDIS_POOL_WAIT_TIMEOUT', 1.0),
'idle_timeout' => 60,
'heartbeat_interval' => 50,
],

18
server/config/route.php
View File

@@ -13,19 +13,14 @@
*/
use Webman\Route;
use app\api\middleware\CheckAuthTokenMiddleware;
use app\api\middleware\CheckUserTokenMiddleware;
use app\api\middleware\TokenMiddleware;
// 仅需 auth-token 的路由组authToken 接口在中间件内白名单跳过)
// 登录接口:无需 token提交 JSON 获取带 token 的连接地址
Route::group('/api', function () {
Route::any('/authToken', [app\api\controller\AuthTokenController::class, 'index']);
Route::any('/user/login', [app\api\controller\UserController::class, 'login']);
Route::any('/user/register', [app\api\controller\UserController::class, 'register']);
})->middleware([
CheckAuthTokenMiddleware::class,
]);
Route::any('/user/Login', [app\api\controller\UserController::class, 'Login']);
})->middleware([]);
// 需 auth-token + user-token 的路由组
// 其余接口:仅经 token 中间件鉴权header: tokenbase64(username.-.time)
Route::group('/api', function () {
Route::any('/user/logout', [app\api\controller\UserController::class, 'logout']);
Route::any('/user/info', [app\api\controller\UserController::class, 'info']);
@@ -36,6 +31,5 @@ Route::group('/api', function () {
Route::any('/game/lotteryPool', [app\api\controller\GameController::class, 'lotteryPool']);
Route::any('/game/playStart', [app\api\controller\GameController::class, 'playStart']);
})->middleware([
CheckAuthTokenMiddleware::class,
CheckUserTokenMiddleware::class,
TokenMiddleware::class,
]);

12
server/config/think-cache.php
View File

@@ -24,13 +24,13 @@ return [
'tag_expire' => 86400 * 30,
// 缓存标签前缀
'tag_prefix' => 'tag:',
// 连接池配置
// 连接池配置(与 redis.php 对齐,生产可调大以减少等待)
'pool' => [
'max_connections' => 5, // 最大连接数
'min_connections' => 1, // 最小连接数
'wait_timeout' => 3, // 从连接池获取连接等待超时时间
'idle_timeout' => 60, // 连接最大空闲时间,超过该时间会被回收
'heartbeat_interval' => 50, // 心跳检测间隔需要小于60秒
'max_connections' => (int) env('REDIS_POOL_MAX', 20),
'min_connections' => (int) env('REDIS_POOL_MIN', 2),
'wait_timeout' => (float) env('REDIS_POOL_WAIT_TIMEOUT', 1.0),
'idle_timeout' => 60,
'heartbeat_interval' => 50,
],
],
// 文件缓存

15
server/config/think-orm.php
View File

@@ -18,8 +18,7 @@ return [
'hostport' => env('DB_PORT', 3306),
// 数据库连接参数
'params' => [
// 连接超时3秒
\PDO::ATTR_TIMEOUT => 3,
\PDO::ATTR_TIMEOUT => (int) env('DB_CONNECT_TIMEOUT', 2),
],
// 数据库编码默认采用utf8
'charset' => 'utf8',
@@ -29,13 +28,13 @@ return [
'break_reconnect' => true,
// 自定义分页类
'bootstrap' => '',
// 连接池配置
// 连接池配置(与 database.php 对齐)
'pool' => [
'max_connections' => 5, // 最大连接数
'min_connections' => 1, // 最小连接数
'wait_timeout' => 3, // 从连接池获取连接等待超时时间
'idle_timeout' => 60, // 连接最大空闲时间,超过该时间会被回收
'heartbeat_interval' => 50, // 心跳检测间隔需要小于60秒
'max_connections' => (int) env('DB_POOL_MAX', 20),
'min_connections' => (int) env('DB_POOL_MIN', 2),
'wait_timeout' => (float) env('DB_POOL_WAIT_TIMEOUT', 1.0),
'idle_timeout' => (int) env('DB_POOL_IDLE_TIMEOUT', 60),
'heartbeat_interval' => 50,
],
],
],

46
server/plugin/saiadmin/app/controller/SystemController.php
View File

@@ -33,24 +33,39 @@ class SystemController extends BaseController
*/
public function userInfo(): Response
{
$info['user'] = $this->adminInfo;
$adminInfo = $this->adminInfo;
if ($adminInfo === null || !is_array($adminInfo) || !isset($adminInfo['id'])) {
$token = getCurrentInfo();
if (!is_array($token) || empty($token['id'])) {
return $this->fail('登录已过期或用户信息无效,请重新登录', 401);
}
$adminInfo = UserInfoCache::getUserInfo($token['id']);
if (empty($adminInfo) || !isset($adminInfo['id'])) {
$adminInfo = UserInfoCache::setUserInfo($token['id']);
}
if (empty($adminInfo) || !isset($adminInfo['id'])) {
return $this->fail('登录已过期或用户信息无效,请重新登录', 401);
}
$this->adminInfo = $adminInfo;
}
$info = [];
$info['id'] = $this->adminInfo['id'];
$info['username'] = $this->adminInfo['username'];
$info['dashboard'] = $this->adminInfo['dashboard'];
$info['avatar'] = $this->adminInfo['avatar'];
$info['email'] = $this->adminInfo['email'];
$info['phone'] = $this->adminInfo['phone'];
$info['gender'] = $this->adminInfo['gender'];
$info['signed'] = $this->adminInfo['signed'];
$info['realname'] = $this->adminInfo['realname'];
$info['department'] = $this->adminInfo['deptList'];
if ($this->adminInfo['id'] === 1) {
$info['id'] = $adminInfo['id'];
$info['username'] = $adminInfo['username'] ?? '';
$info['dashboard'] = $adminInfo['dashboard'] ?? '';
$info['avatar'] = $adminInfo['avatar'] ?? '';
$info['email'] = $adminInfo['email'] ?? '';
$info['phone'] = $adminInfo['phone'] ?? '';
$info['gender'] = $adminInfo['gender'] ?? '';
$info['signed'] = $adminInfo['signed'] ?? '';
$info['realname'] = $adminInfo['realname'] ?? '';
$info['department'] = $adminInfo['deptList'] ?? [];
if (isset($adminInfo['id']) && $adminInfo['id'] == 1) {
$info['buttons'] = ['*'];
$info['roles'] = ['super_admin'];
} else {
$info['buttons'] = UserAuthCache::getUserAuth($this->adminInfo['id']);
$info['roles'] = Arr::getArrayColumn($this->adminInfo['roleList'], 'code');
$info['buttons'] = UserAuthCache::getUserAuth($adminInfo['id']);
$info['roles'] = Arr::getArrayColumn($adminInfo['roleList'] ?? [], 'code');
}
return $this->success($info);
}
@@ -70,6 +85,9 @@ class SystemController extends BaseController
*/
public function menu(): Response
{
if (!$this->ensureAdminInfo()) {
return $this->fail('登录已过期或用户信息无效,请重新登录', 401);
}
$data = UserMenuCache::getUserMenu($this->adminInfo['id']);
return $this->success($data);
}

26
server/plugin/saiadmin/app/exception/Handler.php
View File

@@ -39,30 +39,4 @@ class Handler extends ExceptionHandler
}
$this->logger->error($logs);
}
public function render(Request $request, Throwable $exception): Response
{
$debug = config('app.debug', true);
$code = $exception->getCode();
$json = [
'code' => $code ? $code : 500,
'message' => $code !== 500 ? $exception->getMessage() : 'Server internal error',
'type' => 'failed'
];
if ($debug) {
$json['request_url'] = $request->method() . ' ' . $request->uri();
$json['timestamp'] = date('Y-m-d H:i:s');
$json['client_ip'] = $request->getRealIp();
$json['request_param'] = $request->all();
$json['exception_handle'] = get_class($exception);
$json['exception_info'] = [
'code' => $exception->getCode(),
'message' => $exception->getMessage(),
'file' => $exception->getFile(),
'line' => $exception->getLine(),
'trace' => explode("\n", $exception->getTraceAsString())
];
}
return new Response(200, ['Content-Type' => 'application/json;charset=utf-8'], json_encode($json));
}
}

7
server/plugin/saiadmin/app/middleware/CheckLogin.php
View File

@@ -32,8 +32,11 @@ class CheckLogin implements MiddlewareInterface
if ($token['plat'] !== 'saiadmin') {
throw new ApiException('登录凭证校验失败');
}
$request->setHeader('check_login', true);
$request->setHeader('check_admin', $token);
// 一次合并设置,避免 setHeader 覆盖导致只保留最后一个
$request->setHeader(array_merge($request->header() ?: [], [
'check_login' => true,
'check_admin' => $token,
]));
}
return $handler($request);
}

41
server/plugin/saiadmin/basic/BaseController.php
View File

@@ -45,19 +45,48 @@ class BaseController extends OpenController
*/
protected function init(): void
{
// 登录模式赋值
$isLogin = request()->header('check_login', false);
if ($isLogin) {
$result = request()->header('check_admin');
// 登录模式赋值:优先从中间件注入的 header 取,否则从 JWT 当前用户取
$result = request()->header('check_admin');
if (!is_array($result) || empty($result['id'])) {
$result = getCurrentInfo();
}
if (is_array($result) && !empty($result['id'])) {
$this->adminId = $result['id'];
$this->adminName = $result['username'];
$this->adminName = $result['username'] ?? '';
$this->adminInfo = UserInfoCache::getUserInfo($result['id']);
if (empty($this->adminInfo) || !isset($this->adminInfo['id'])) {
$this->adminInfo = UserInfoCache::setUserInfo($result['id']);
}
// 用户数据传递给逻辑层
$this->logic && $this->logic->init($this->adminInfo);
if ($this->logic && !empty($this->adminInfo)) {
$this->logic->init($this->adminInfo);
}
}
}
/**
* 确保当前请求已加载管理员信息(用于 init 未正确注入时的回退)
* @return bool 是否已有有效的 adminInfo
*/
protected function ensureAdminInfo(): bool
{
if ($this->adminInfo !== null && is_array($this->adminInfo) && isset($this->adminInfo['id'])) {
return true;
}
$token = getCurrentInfo();
if (!is_array($token) || empty($token['id'])) {
return false;
}
$this->adminId = $token['id'];
$this->adminName = $token['username'] ?? '';
$this->adminInfo = UserInfoCache::getUserInfo($token['id']);
if (empty($this->adminInfo) || !isset($this->adminInfo['id'])) {
$this->adminInfo = UserInfoCache::setUserInfo($token['id']);
}
return is_array($this->adminInfo) && isset($this->adminInfo['id']);
}
/**
* 验证器调用
*/

48
server/plugin/saiadmin/basic/think/BaseModel.php
View File

@@ -35,6 +35,12 @@ class BaseModel extends Model implements ModelInterface
*/
protected $updateTime = 'update_time';
/**
* 自动写入时间戳(创建时写 create_time更新时写 update_time
* @var bool
*/
protected $autoWriteTimestamp = true;
/**
* 隐藏字段
* @var array
@@ -94,24 +100,54 @@ class BaseModel extends Model implements ModelInterface
}
/**
* 新增前事件
* 新增前事件:自动写入 create_time有后台登录信息时写入 created_by
* @param Model $model
* @return void
*/
public static function onBeforeInsert($model): void
{
$info = getCurrentInfo();
$info && $model->setAttr('created_by', $info['id']);
try {
$createTime = $model->createTime ?? 'create_time';
if ($createTime && !$model->getData($createTime)) {
$model->set($createTime, date('Y-m-d H:i:s'));
}
} catch (\Throwable $e) {
}
try {
if (function_exists('getCurrentInfo')) {
$info = getCurrentInfo();
if (!empty($info['id'])) {
$model->setAttr('created_by', $info['id']);
}
}
} catch (\Throwable $e) {
}
}
/**
* 写入前事件
* 写入前事件:更新时自动写入 update_time有后台登录信息时写入 updated_by
* @param Model $model
* @return void
*/
public static function onBeforeWrite($model): void
{
$info = getCurrentInfo();
$info && $model->setAttr('updated_by', $info['id']);
try {
if ($model->isExists()) {
$updateTime = $model->updateTime ?? 'update_time';
if ($updateTime) {
$model->set($updateTime, date('Y-m-d H:i:s'));
}
}
} catch (\Throwable $e) {
}
try {
if (function_exists('getCurrentInfo')) {
$info = getCurrentInfo();
if (!empty($info['id'])) {
$model->setAttr('updated_by', $info['id']);
}
}
} catch (\Throwable $e) {
}
}
}

3
server/plugin/saiadmin/config/middleware.php
View File

@@ -4,8 +4,9 @@ use plugin\saiadmin\app\middleware\SystemLog;
use plugin\saiadmin\app\middleware\CheckLogin;
use plugin\saiadmin\app\middleware\CheckAuth;
// 仅对 /core 后台路由生效,避免 /api 请求经过登录/权限/操作日志中间件,提升接口响应
return [
'' => [
'core' => [
CheckLogin::class,
CheckAuth::class,
SystemLog::class,

8
server/support/Request.php
View File

@@ -20,11 +20,11 @@ namespace support;
*/
class Request extends \Webman\Http\Request
{
/** 由 CheckUserTokenMiddleware 注入:当前用户 ID */
public ?int $user_id = null;
/** 由 TokenMiddleware 注入:当前玩家 IDDicePlayer.id */
public ?int $player_id = null;
/** 由 CheckUserTokenMiddleware 注入:当前 user-token 原始字符串 */
public ?string $userToken = null;
/** 由 TokenMiddleware 注入:当前玩家模型实例 */
public $player = null;
/**
* 获取参数增强方法