项目初始化

2026-03-18 17:19:03 +08:00
commit ac6079b9ff
602 changed files with 58291 additions and 0 deletions
--- a/app/common/middleware/AdminLog.php
+++ b/app/common/middleware/AdminLog.php
@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace app\common\middleware;
+
+use Webman\MiddlewareInterface;
+use Webman\Http\Request;
+use Webman\Http\Response;
+use app\admin\model\AdminLog as AdminLogModel;
+
+/**
+ * 管理员操作日志中间件（Webman 迁移版）
+ * 仅对 /admin 路由的 POST、DELETE 请求记录日志
+ */
+class AdminLog implements MiddlewareInterface
+{
+    public function process(Request $request, callable $handler): Response
+    {
+        $response = $handler($request);
+
+        $path = trim($request->path(), '/');
+        if (str_starts_with($path, 'admin/') && config('buildadmin.auto_write_admin_log', true)) {
+            $method = $request->method();
+            if ($method === 'POST' || $method === 'DELETE') {
+                try {
+                    AdminLogModel::instance($request)->record();
+                } catch (\Throwable $e) {
+                    \support\Log::warning('[AdminLog] ' . $e->getMessage());
+                }
+            }
+        }
+
+        return $response;
+    }
+}
--- a/app/common/middleware/AllowCrossDomain.php
+++ b/app/common/middleware/AllowCrossDomain.php
@@ -0,0 +1,94 @@
+<?php
+
+declare(strict_types=1);
+
+namespace app\common\middleware;
+
+use Webman\MiddlewareInterface;
+use Webman\Http\Request;
+use Webman\Http\Response;
+
+/**
+ * 跨域请求支持（Webman 迁移版）
+ * 安全起见，只支持配置中的域名
+ */
+class AllowCrossDomain implements MiddlewareInterface
+{
+    protected array $header = [
+        'Access-Control-Allow-Credentials' => 'true',
+        'Access-Control-Max-Age'           => '1800',
+        'Access-Control-Allow-Methods'     => '*',
+        'Access-Control-Allow-Headers'     => '*',
+    ];
+
+    /**
+     * 返回 CORS 预检（OPTIONS）响应，供路由直接调用（Webman 未匹配路由时不走中间件）
+     */
+    public static function optionsResponse(Request $request): Response
+    {
+        $header = [
+            'Access-Control-Allow-Credentials' => 'true',
+            'Access-Control-Max-Age'            => '1800',
+            'Access-Control-Allow-Methods'      => 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
+            'Access-Control-Allow-Headers'      => 'Content-Type, Authorization, batoken, ba-user-token, think-lang',
+        ];
+        $origin = $request->header('origin');
+        if (is_array($origin)) {
+            $origin = $origin[0] ?? '';
+        }
+        $origin = is_string($origin) ? trim($origin) : '';
+        if ($origin !== '') {
+            $info = parse_url($origin);
+            $host = $info['host'] ?? '';
+            $corsDomain = array_map('trim', explode(',', config('buildadmin.cors_request_domain', '')));
+            $corsDomain[] = $request->host(true);
+            $allowed = in_array('*', $corsDomain)
+                || in_array($origin, $corsDomain)
+                || in_array($host, $corsDomain)
+                || ($host === 'localhost' || $host === '127.0.0.1');
+            if ($allowed) {
+                $header['Access-Control-Allow-Origin'] = $origin;
+            }
+        }
+        return response('', 204, $header);
+    }
+
+    public function process(Request $request, callable $handler): Response
+    {
+        $path = trim($request->path(), '/');
+        if (!str_starts_with($path, 'api/') && !str_starts_with($path, 'admin/')) {
+            return $handler($request);
+        }
+
+        $header = $this->header;
+
+        $origin = $request->header('origin');
+        if (is_array($origin)) {
+            $origin = $origin[0] ?? '';
+        }
+        $origin = is_string($origin) ? trim($origin) : '';
+
+        if ($origin !== '') {
+            $info = parse_url($origin);
+            $host = $info['host'] ?? '';
+            $corsDomain = array_map('trim', explode(',', config('buildadmin.cors_request_domain', '')));
+            $corsDomain[] = $request->host(true);
+
+            $allowed = in_array('*', $corsDomain)
+                || in_array($origin, $corsDomain)
+                || in_array($host, $corsDomain)
+                || ($host === 'localhost' || $host === '127.0.0.1');
+
+            if ($allowed) {
+                $header['Access-Control-Allow-Origin'] = $origin;
+            }
+        }
+
+        if ($request->method() === 'OPTIONS') {
+            return response('', 204, $header);
+        }
+
+        $response = $handler($request);
+        return $response->withHeaders($header);
+    }
+}
--- a/app/common/middleware/LoadLangPack.php
+++ b/app/common/middleware/LoadLangPack.php
@@ -0,0 +1,84 @@
+<?php
+
+declare(strict_types=1);
+
+namespace app\common\middleware;
+
+use Webman\MiddlewareInterface;
+use Webman\Http\Request;
+use Webman\Http\Response;
+
+/**
+ * 加载控制器语言包中间件（Webman 迁移版，等价 ThinkPHP LoadLangPack）
+ * 根据当前路由加载对应控制器的语言包到 Translator
+ */
+class LoadLangPack implements MiddlewareInterface
+{
+    public function process(Request $request, callable $handler): Response
+    {
+        $path = trim($request->path(), '/');
+        if (str_starts_with($path, 'api/') || str_starts_with($path, 'admin/')) {
+            $this->loadLang($request);
+        }
+        return $handler($request);
+    }
+
+    protected function loadLang(Request $request): void
+    {
+        // 优先从请求头 think-lang 获取前端选择的语言（与前端 axios 发送的 header 对应）
+        // 安装页等未发送 think-lang 时，回退到 Accept-Language 或配置默认值
+        $headerLang = $request->header('think-lang');
+        $allowLangList = config('lang.allow_lang_list', ['zh-cn', 'en']);
+        if ($headerLang && in_array(str_replace('_', '-', strtolower($headerLang)), $allowLangList)) {
+            $langSet = str_replace('_', '-', strtolower($headerLang));
+        } else {
+            $acceptLang = $request->header('accept-language', '');
+            if (preg_match('/^zh[-_]?cn|^zh/i', $acceptLang)) {
+                $langSet = 'zh-cn';
+            } elseif (preg_match('/^en/i', $acceptLang)) {
+                $langSet = 'en';
+            } else {
+                $langSet = config('lang.default_lang', config('translation.locale', 'zh-cn'));
+            }
+            $langSet = str_replace('_', '-', strtolower($langSet));
+        }
+
+        // 设置当前请求的翻译语言，使 __() 和 trans() 使用正确的语言
+        if (function_exists('locale')) {
+            locale($langSet);
+        }
+
+        $path = trim($request->path(), '/');
+        $parts = explode('/', $path);
+        $app = $parts[0] ?? 'api';
+
+        $appLangDir = base_path() . DIRECTORY_SEPARATOR . 'app' . DIRECTORY_SEPARATOR . $app . DIRECTORY_SEPARATOR . 'lang' . DIRECTORY_SEPARATOR;
+
+        if (!class_exists(\support\Translation::class)) {
+            return;
+        }
+
+        $translator = \support\Translation::instance();
+
+        // 1. 加载根级语言包（zh-cn.php / en.php），供 common 翻译使用
+        $rootLangFile = $appLangDir . $langSet . '.php';
+        if (is_file($rootLangFile)) {
+            $translator->addResource('phpfile', $rootLangFile, $langSet, 'messages');
+        }
+
+        // 2. 加载控制器专用语言包（如 zh-cn/auth/group.php），供 get_route_remark 等使用
+        //    同时加载到 messages 域，使 __() 能正确翻译控制器内的文案（如安装页错误提示）
+        $controllerPath = get_controller_path($request);
+        if ($controllerPath) {
+            $controllerPathForFile = str_replace('.', '/', $controllerPath);
+            $controllerPathForFile = implode('/', array_map(function ($p) {
+                return strtolower(preg_replace('/([a-z])([A-Z])/', '$1_$2', $p));
+            }, explode('/', $controllerPathForFile)));
+            $controllerLangFile = $appLangDir . $langSet . DIRECTORY_SEPARATOR . str_replace('/', DIRECTORY_SEPARATOR, $controllerPathForFile) . '.php';
+            if (is_file($controllerLangFile)) {
+                $translator->addResource('phpfile', $controllerLangFile, $langSet, $controllerPath);
+                $translator->addResource('phpfile', $controllerLangFile, $langSet, 'messages');
+            }
+        }
+    }
+}