mojiahui/dafuweng-saiadmin6.x
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5cd8330c9eb066435e1cf62a20b72f5146526603
dafuweng-saiadmin6.x/server/app/api/middleware/AuthTokenMiddleware.php
zhenhui 1f25280dfd 1.所有接口需要根据agent_id绑定渠道 
2.移除所有记录页面的更新按钮,只能查看数据
3.将所有软删除修改为硬删除
2026-05-19 12:04:34 +08:00

71 lines
2.7 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
declare(strict_types=1);
namespace app\api\middleware;
use app\api\cache\AuthTokenCache;
use app\api\util\ReturnCode;
use plugin\saiadmin\app\model\system\SystemUser;
use plugin\saiadmin\exception\ApiException;
use Tinywan\Jwt\JwtToken;
use Tinywan\Jwt\Exception\JwtTokenException;
use Tinywan\Jwt\Exception\JwtTokenExpiredException;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;
/**
* 校验 auth-token 请求头JWT
* 用于 /api/v1/* 接口(除 /api/v1/authtoken 外)
* 请求头需携带 auth-token通过后注入 request->agent_id
*/
class AuthTokenMiddleware implements MiddlewareInterface
{
public function process(Request $request, callable $handler): Response
{
$token = $request->header('auth-token');
$token = $token !== null ? trim((string) $token) : '';
if ($token === '') {
throw new ApiException('Please provide auth-token', ReturnCode::UNAUTHORIZED);
}
try {
$decoded = JwtToken::verify(1, $token);
} catch (JwtTokenExpiredException $e) {
throw new ApiException('auth-token expired', ReturnCode::TOKEN_INVALID);
} catch (JwtTokenException $e) {
throw new ApiException('auth-token invalid', ReturnCode::TOKEN_INVALID);
} catch (\Throwable $e) {
throw new ApiException('auth-token format invalid', ReturnCode::TOKEN_INVALID);
}
$extend = $decoded['extend'] ?? [];
if ((string) ($extend['plat'] ?? '') !== 'api_auth_token') {
throw new ApiException('auth-token invalid', ReturnCode::TOKEN_INVALID);
}
$agentId = trim((string) ($extend['agent_id'] ?? ''));
if ($agentId === '') {
throw new ApiException('auth-token invalid', ReturnCode::TOKEN_INVALID);
}
// 单次 Redistoken → agent_id与 JWT 内 agent_id 一致即有效(减少一次按 agent 取当前 token 的往返)
$agentIdFromStore = AuthTokenCache::getAgentIdByToken($token);
if ($agentIdFromStore === null || $agentIdFromStore !== $agentId) {
throw new ApiException('auth-token invalid or expired', ReturnCode::TOKEN_INVALID);
}
$agent = SystemUser::where('agent_id', $agentId)->find();
if (!$agent || (int) ($agent->status ?? 0) !== 1) {
throw new ApiException('Invalid agent_id', ReturnCode::FORBIDDEN);
}
if (empty($agent->dept_id) || (int) $agent->dept_id <= 0) {
throw new ApiException('Agent channel is not configured', ReturnCode::FORBIDDEN);
}
$request->agent_id = $agentId;
$request->agent_admin_id = (int) $agent->id;
$request->agent_dept_id = (int) $agent->dept_id;
return $handler($request);
}
}
Reference in New Issue View Git Blame Copy Permalink