xiaokang/lotteryLaravel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 添加 Laravel Sanctum 支持,增强管理员 API 鉴权,更新相关中间件与路由配置

Browse Source
This commit is contained in:
kang
2026-05-09 11:11:46 +08:00
parent e478597d13
commit 8a70c029f6
20 changed files with 717 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
app/Http/Controllers/Api/V1/Admin/Auth/CaptchaController.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Auth;
use App\Services\AdminCaptchaService;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
/**
* GET /api/v1/admin/auth/captcha
*
* 返回一次性验证码 Key SVGBase64 便于前台直接赋值给 img.src
*/
final class CaptchaController
{
public function __invoke(AdminCaptchaService $captcha): JsonResponse
{
$payload = $captcha->create();
return ApiResponse::success([
'captcha_key' => $payload['captcha_key'],
'image_base64' => $payload['image_base64'],
]);
}
}

88
app/Http/Controllers/Api/V1/Admin/Auth/LoginController.php Normal file
View File

@@ -0,0 +1,88 @@
<?php
namespace App\Http\Controllers\Api\V1\Admin\Auth;
use App\Lottery\ErrorCode;
use App\Models\AdminUser;
use App\Services\AdminCaptchaService;
use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
/**
* POST /api/v1/admin/auth/login
*
* Body: account登录账号 username 对应ASCII 仅存小写比对、password、captcha_key、captcha_code。
*/
final class LoginController
{
public function __invoke(Request $request, AdminCaptchaService $captcha): JsonResponse
{
$locale = $request->lotteryLocale();
/** @var array{account:string,password:string,captcha_key:string,captcha_code:string} $data */
$data = validator($request->all(), [
'account' => ['required', 'string', 'min:2', 'max:64', 'regex:/^[a-zA-Z0-9._-]+$/u'],
'password' => ['required', 'string', 'max:256'],
'captcha_key' => ['required', 'string', 'uuid'],
'captcha_code' => ['required', 'string', 'max:32'],
], [], [
'account' => 'account',
'password' => 'password',
'captcha_key' => 'captcha_key',
'captcha_code' => 'captcha_code',
])->validate();
if (! $captcha->verify($data['captcha_key'], $data['captcha_code'])) {
return ApiResponse::error(
trans('admin.invalid_captcha', [], $locale),
ErrorCode::AdminCaptchaInvalid->value,
null,
422,
);
}
$normalizedAccount = Str::lower(trim($data['account']));
/** @var AdminUser|null $admin */
$admin = AdminUser::query()->where('username', $normalizedAccount)->first();
$passwordOk = $admin !== null && Hash::check($data['password'], $admin->password);
if (! $passwordOk) {
/** 统一措辞,弱化枚举用户 */
return ApiResponse::error(
trans('admin.invalid_credentials', [], $locale),
ErrorCode::AdminCredentialsInvalid->value,
null,
401,
);
}
if ((int) $admin->status !== 0) {
return ApiResponse::error(
trans('admin.account_disabled', [], $locale),
ErrorCode::AdminAccountDisabled->value,
null,
403,
);
}
$plainToken = $admin->createToken('admin-api')->plainTextToken;
$admin->forceFill(['last_login_at' => now()])->save();
return ApiResponse::success([
'token' => $plainToken,
'token_type' => 'Bearer',
'admin' => [
'id' => $admin->id,
'username' => $admin->username,
'nickname' => $admin->name,
'email' => $admin->email,
],
]);
}
}

2
app/Http/Controllers/Api/V1/Admin/PingController.php
View File

@@ -7,7 +7,7 @@ use App\Support\ApiResponse;
use Illuminate\Http\JsonResponse;
/**
* 无需登录(当前 admin 中间件为直通):确认 `/api/v1/admin` 前缀可达。
* Bearer Token 必填({@see EnsureAdminApi} + Sanctum确认 `/api/v1/admin` 鉴权链路可达。
* 路由GET /api/v1/admin/ping
*/
class PingController extends Controller