199 lines
7.4 KiB
PHP
199 lines
7.4 KiB
PHP
<?php
|
|
|
|
namespace App\Services\Integration;
|
|
|
|
use App\Models\AdminSite;
|
|
use App\Models\AdminRole;
|
|
use App\Models\AdminUser;
|
|
use App\Support\AdminPermissionInheritance;
|
|
use Illuminate\Support\Str;
|
|
use Illuminate\Validation\ValidationException;
|
|
use Illuminate\Support\Facades\DB;
|
|
|
|
final class IntegrationSiteService
|
|
{
|
|
/** @var list<string> */
|
|
private const SITE_ADMIN_PERMISSION_SLUGS = [
|
|
'prd.agent.manage',
|
|
'prd.agent.profile.manage',
|
|
'prd.agent.user.manage',
|
|
'prd.agent.role.manage',
|
|
'prd.users.manage',
|
|
'prd.tickets.view',
|
|
'prd.report.view',
|
|
'prd.settlement.agent.view',
|
|
'prd.settlement.agent.manage',
|
|
];
|
|
|
|
public function __construct(
|
|
private readonly PartnerSiteConfigResolver $configResolver,
|
|
) {}
|
|
|
|
/**
|
|
* @param array<string, mixed> $data
|
|
* @return array{site: AdminSite, secrets: array{sso_jwt_secret: string, wallet_api_key: string}, admin_user: AdminUser}
|
|
*/
|
|
public function create(array $data): array
|
|
{
|
|
$secrets = $this->generateSecrets();
|
|
|
|
['site' => $site, 'admin_user' => $adminUser] = DB::transaction(function () use ($data, $secrets): array {
|
|
/** @var array{username: string, nickname: string, password: string, email?: string|null} $adminAccount */
|
|
$adminAccount = $data['admin_account'];
|
|
|
|
$site = AdminSite::query()->create([
|
|
'code' => (string) $data['code'],
|
|
'name' => (string) $data['name'],
|
|
'currency_code' => (string) ($data['currency_code'] ?? 'NPR'),
|
|
'status' => (int) ($data['status'] ?? 1),
|
|
'is_default' => false,
|
|
'wallet_api_url' => $this->nullableTrim($data['wallet_api_url'] ?? null),
|
|
'wallet_debit_path' => (string) ($data['wallet_debit_path'] ?? '/wallet/debit-for-lottery'),
|
|
'wallet_credit_path' => (string) ($data['wallet_credit_path'] ?? '/wallet/credit-from-lottery'),
|
|
'wallet_balance_path' => (string) ($data['wallet_balance_path'] ?? '/wallet/balance'),
|
|
'wallet_timeout_seconds' => max(1, (int) ($data['wallet_timeout_seconds'] ?? 10)),
|
|
'iframe_allowed_origins' => $data['iframe_allowed_origins'] ?? null,
|
|
'lottery_h5_base_url' => $this->nullableTrim($data['lottery_h5_base_url'] ?? null),
|
|
'notes' => $this->nullableTrim($data['notes'] ?? null),
|
|
'sso_jwt_secret_encrypted' => encrypt($secrets['sso_jwt_secret']),
|
|
'wallet_api_key_encrypted' => encrypt($secrets['wallet_api_key']),
|
|
]);
|
|
|
|
$role = $this->createSiteAdminRole($site);
|
|
$adminUser = $this->createSiteAdminUser($site, $role, $adminAccount);
|
|
|
|
return [
|
|
'site' => $site,
|
|
'admin_user' => $adminUser,
|
|
];
|
|
});
|
|
|
|
$this->configResolver->forgetCache((string) $site->code);
|
|
|
|
return [
|
|
'site' => $site->fresh(),
|
|
'secrets' => $secrets,
|
|
'admin_user' => $adminUser->fresh(),
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @param array<string, mixed> $data
|
|
*/
|
|
public function update(AdminSite $site, array $data): AdminSite
|
|
{
|
|
$site->fill([
|
|
'name' => (string) $data['name'],
|
|
'currency_code' => (string) ($data['currency_code'] ?? $site->currency_code),
|
|
'status' => (int) ($data['status'] ?? $site->status),
|
|
'wallet_api_url' => array_key_exists('wallet_api_url', $data)
|
|
? $this->nullableTrim($data['wallet_api_url'])
|
|
: $site->wallet_api_url,
|
|
'wallet_debit_path' => (string) ($data['wallet_debit_path'] ?? $site->wallet_debit_path),
|
|
'wallet_credit_path' => (string) ($data['wallet_credit_path'] ?? $site->wallet_credit_path),
|
|
'wallet_balance_path' => (string) ($data['wallet_balance_path'] ?? $site->wallet_balance_path),
|
|
'wallet_timeout_seconds' => max(1, (int) ($data['wallet_timeout_seconds'] ?? $site->wallet_timeout_seconds)),
|
|
'iframe_allowed_origins' => $data['iframe_allowed_origins'] ?? $site->iframe_allowed_origins,
|
|
'lottery_h5_base_url' => array_key_exists('lottery_h5_base_url', $data)
|
|
? $this->nullableTrim($data['lottery_h5_base_url'])
|
|
: $site->lottery_h5_base_url,
|
|
'notes' => array_key_exists('notes', $data)
|
|
? $this->nullableTrim($data['notes'])
|
|
: $site->notes,
|
|
]);
|
|
$site->save();
|
|
|
|
$this->configResolver->forgetCache((string) $site->code);
|
|
|
|
return $site->fresh();
|
|
}
|
|
|
|
/**
|
|
* @return array{site: AdminSite, secrets: array{sso_jwt_secret: string, wallet_api_key: string}}
|
|
*/
|
|
public function rotateSecrets(AdminSite $site): array
|
|
{
|
|
$secrets = $this->generateSecrets();
|
|
|
|
$site->forceFill([
|
|
'sso_jwt_secret_encrypted' => encrypt($secrets['sso_jwt_secret']),
|
|
'wallet_api_key_encrypted' => encrypt($secrets['wallet_api_key']),
|
|
])->save();
|
|
|
|
$this->configResolver->forgetCache((string) $site->code);
|
|
|
|
return ['site' => $site->fresh(), 'secrets' => $secrets];
|
|
}
|
|
|
|
/**
|
|
* @return array{sso_jwt_secret: string, wallet_api_key: string}
|
|
*/
|
|
private function generateSecrets(): array
|
|
{
|
|
return [
|
|
'sso_jwt_secret' => Str::random(48),
|
|
'wallet_api_key' => Str::random(40),
|
|
];
|
|
}
|
|
|
|
private function nullableTrim(mixed $value): ?string
|
|
{
|
|
if (! is_string($value)) {
|
|
return null;
|
|
}
|
|
|
|
$trimmed = trim($value);
|
|
|
|
return $trimmed === '' ? null : $trimmed;
|
|
}
|
|
|
|
private function createSiteAdminRole(AdminSite $site): AdminRole
|
|
{
|
|
$slug = sprintf('site_admin_%s', (string) $site->code);
|
|
$role = AdminRole::query()->create([
|
|
'slug' => $slug,
|
|
'name' => sprintf('%s 站点后台管理员', (string) $site->name),
|
|
'description' => sprintf('自动创建:站点 %s (%s) 后台管理账号专用角色', (string) $site->name, (string) $site->code),
|
|
'status' => 1,
|
|
'is_system' => true,
|
|
'sort_order' => 900,
|
|
'scope_type' => AdminRole::SCOPE_SYSTEM,
|
|
]);
|
|
|
|
$role->syncLegacyPermissionSlugs(
|
|
AdminPermissionInheritance::expand(self::SITE_ADMIN_PERMISSION_SLUGS),
|
|
);
|
|
|
|
return $role;
|
|
}
|
|
|
|
/**
|
|
* @param array{username: string, nickname: string, password: string, email?: string|null} $adminAccount
|
|
*/
|
|
private function createSiteAdminUser(AdminSite $site, AdminRole $role, array $adminAccount): AdminUser
|
|
{
|
|
$username = trim((string) ($adminAccount['username'] ?? ''));
|
|
$nickname = trim((string) ($adminAccount['nickname'] ?? ''));
|
|
$password = (string) ($adminAccount['password'] ?? '');
|
|
$email = $this->nullableTrim($adminAccount['email'] ?? null);
|
|
|
|
if ($username === '' || $nickname === '' || $password === '') {
|
|
throw ValidationException::withMessages([
|
|
'admin_account' => ['站点后台管理账号信息不完整。'],
|
|
]);
|
|
}
|
|
|
|
$user = AdminUser::query()->create([
|
|
'username' => $username,
|
|
'name' => $nickname,
|
|
'email' => $email,
|
|
'password' => $password,
|
|
'status' => 0,
|
|
]);
|
|
|
|
$user->syncSystemRoleSlugsForSite((int) $site->id, [(string) $role->slug]);
|
|
|
|
return $user;
|
|
}
|
|
}
|