oauth access tokens

src/PdAuth/Middleware/Authenticate.php

@@ -0,0 +1,87 @@
+<?php
+
+namespace PdAuth\Middleware;
+
+use Closure;
+use Illuminate\Contracts\Auth\Factory as Auth;
+use Illuminate\Support\Str;
+
+class Authenticate
+{
+
+    const CookieName = 'token';
+
+    /**
+     * The authentication guard factory instance.
+     *
+     * @var \Illuminate\Contracts\Auth\Factory
+     */
+    protected $auth;
+
+    /**
+     * Create a new middleware instance.
+     *
+     * @param  \Illuminate\Contracts\Auth\Factory $auth
+     * @return void
+     */
+    public function __construct(Auth $auth)
+    {
+        $this->auth = $auth;
+    }
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @param  \Closure $next
+     * @param  string|null $guard
+     * @return mixed
+     */
+    public function handle($request, Closure $next, $guard = null)
+    {
+        //oauth 回调
+        $code = $request->input('pd_code');
+        if ($code) {
+            $token = app('pd.auth')->getAccessToken($code);
+            if (isset($token['access_token'])) {
+                setcookie(self::CookieName, $token['access_token'], strtotime($token['expire_at']));
+
+                $qs = $request->getQueryString();
+                $params = explode('&', $qs);
+                $qs = '?';
+                foreach ($params as $k => $v) {
+                    if (Str::startsWith($v, 'pd_code=')) {
+                        continue;
+                    }
+                    $qs .= $v . '&';
+                }
+                abort(302, '', [
+                    'Location' => $request->getSchemeAndHttpHost() . $request->getBaseUrl() . $request->getPathInfo() . $qs,
+                ]);
+            }
+        }
+
+        //登录状态检测
+        if ($this->auth->guard($guard)->guest()) {
+            return redirect(app('pd.auth')->connect($request->getUri()));
+        }
+
+        //权限检测
+        $path = $request->path();
+        $privileges = config('pdauth.roles_privileges');
+        $user = $request->user();
+        $match = [];
+        foreach ($user['roles'] as $role) {
+            if (array_key_exists($role['role']['role'], $privileges)) {
+                $match = $privileges[$role['role']['role']];
+            }
+        }
+
+        if (in_array($path, $match)) {
+            return $next($request);
+        }
+
+        abort(403, '无权访问，请联系管理员授权');
+        return $next($request);
+    }
+}

src/PdAuth/OAuth.php

@@ -2,7 +2,7 @@
 
 namespace PdAuth;
 
-class Client
+class OAuth
 {
 
     protected $host;
@@ -27,16 +27,35 @@ class Client
         return $this->host . "/connect?appid={$this->id}&redirect=$redirect";
     }
 
+    public function getAccessToken($code)
+    {
+        $resp = $this->get("$this->host/api/access_token?id={$this->id}&secret={$this->secret}&code={$code}");
+        if ($resp['code'] == 0) {
+            return $resp['data'];
+        }
+        return null;
+    }
+
     /**
      * 根据用户token获取用户信息
      * @param $username
      * @param $token
      * @return array|null
      */
-    public function getUserInfo($username, $token)
+    public function getUserInfo($token)
     {
         $token = urlencode($token);
-        $resp = $this->get("$this->host/api/{$username}/info?access_token=$token");
+        $resp = $this->get("$this->host/api/user_info?access_token=$token");
+        if ($resp['code'] == 0) {
+            return $resp['data'];
+        }
+        return null;
+    }
+
+    public function getGroups($token)
+    {
+        $token = urlencode($token);
+        $resp = $this->get("$this->host/api/{$this->id}/groups?access_token=$token");
         if ($resp['code'] == 0) {
             return $resp['data'];
         }

src/PdAuth/PdAuthServiceProvider.php

@@ -2,16 +2,49 @@
 
 namespace PdAuth;
 
+use Illuminate\Contracts\Encryption\DecryptException;
+use Illuminate\Http\Request;
 use Illuminate\Support\ServiceProvider;
+use PdAuth\Middleware\Authenticate;
 
 class PdAuthServiceProvider extends ServiceProvider
 {
 
+    /**
+     * Boot the authentication services for the application.
+     *
+     * @return void
+     */
+    public function boot()
+    {
+        // Here you may define how you wish users to be authenticated for your Lumen
+        // application. The callback which receives the incoming request instance
+        // should return either a User instance or null. You're free to obtain
+        // the User instance via an API token or any other method necessary.
+
+        $this->app['auth']->viaRequest('api', function (Request $request) {
+
+            $token = $request->cookie(Authenticate::CookieName);
+
+            if ($token) {
+                try {
+                    $user = app('pd.auth')->getUserInfo($token);
+                    if ($user) {
+                        return $user;
+                    }
+                } catch (DecryptException $ex) {
+                    return null;
+                }
+            }
+            return null;
+        });
+    }
+
     public function register()
     {
         $this->app->singleton('pd.auth', function () {
             $this->app->configure('pdauth');
-            return new Client(config('pdauth'));
+            return new OAuth(config('pdauth'));
         });
     }