From a95524e8877a69391905b9390778ad0b44d569f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=80=99=E5=AD=A6=E6=9D=B0?= Date: Thu, 24 Jan 2019 13:40:23 +0800 Subject: [PATCH] config change --- config/auth.php | 1 - src/Auth.php | 23 +++++---- src/Controller.php | 24 ++++++++++ src/Middleware/Authenticate.php | 70 ++++----------------------- src/PdAuthServiceProvider.php | 84 +++++++++++++++++++-------------- 5 files changed, 94 insertions(+), 108 deletions(-) create mode 100644 src/Controller.php diff --git a/config/auth.php b/config/auth.php index 9541773..8c3119c 100644 --- a/config/auth.php +++ b/config/auth.php @@ -12,7 +12,6 @@ return [ 'apps' => [ 'erp' => [ 'id' => '100009', - 'alias' => 'erp', 'secret' => env('AUTH_ERP_SECRET','123456'), ], ], diff --git a/src/Auth.php b/src/Auth.php index a58b00b..dbe6799 100644 --- a/src/Auth.php +++ b/src/Auth.php @@ -54,17 +54,20 @@ class Auth ], ]); } + $this->choose(); } - public function choose($id, $referer = null) + public function choose($name = null) { - foreach ($this->config['apps'] as $app) { - if (!$id && $referer != null) { - $arr = parse_url($referer); - } elseif ($id && $app['id'] == $id) { - $this->id = $app['id']; - $this->secret = $app['secret']; - } + if (!$name) { + $name = env('APP_NAME'); + } + switch ($name) { + case 'erp': + case 'erp_api': + $this->id = $this->config['apps']['erp']['id']; + $this->secret = $this->config['apps']['erp']['secret']; + break; } return $this; } @@ -88,7 +91,7 @@ class Auth */ public function getAccessToken($code) { - $token = $this->rpc->call('oauth.get_access_token', [$this->id, $this->secret, $code]); + $token = $this->rpc->call('oauth.access_token', [$this->id, $this->secret, $code]); return $token; } @@ -100,7 +103,7 @@ class Auth */ public function getUserInfo($token) { - $info = $this->rpc->call('user.info', [$token]); + $info = $this->rpc->call('oauth.user_info', [$this->id, $this->secret, $token]); return $info; } diff --git a/src/Controller.php b/src/Controller.php new file mode 100644 index 0000000..ba8aaaa --- /dev/null +++ b/src/Controller.php @@ -0,0 +1,24 @@ +guard = $guard; + app('auth')->shouldUse($guard); + $this->middleware(Authenticate::class); +// $this->middleware(CheckRole::class); + + $this->user = app('request')->user($guard); + } +} diff --git a/src/Middleware/Authenticate.php b/src/Middleware/Authenticate.php index d19b1d6..07e43b9 100644 --- a/src/Middleware/Authenticate.php +++ b/src/Middleware/Authenticate.php @@ -39,77 +39,23 @@ class Authenticate */ public function handle($request, Closure $next, $guard = null) { - //oauth 回调 - $code = $request->input('pd_code'); - if ($code) { - $token = app('pd.auth')->getAccessToken($code); - if (isset($token['access_token'])) { - setcookie(self::CookieName, $token['access_token'], strtotime($token['expired_at']), '/'); - - $qs = $request->getQueryString(); - $params = explode('&', $qs); - $qs = '?'; - foreach ($params as $k => $v) { - if (Str::startsWith($v, 'pd_code=')) { - continue; - } - $qs .= $v . '&'; - } - - if (!$request->isXmlHttpRequest()) { - abort(302, '', [ - 'Location' => $request->getSchemeAndHttpHost() . $request->getBaseUrl() . $request->getPathInfo() . $qs, - ]); - } - } - } - //登录状态检测 if ($this->auth->guard($guard)->guest()) { $redirect = $request->input('redirect', $request->getUri()); - if ($request->isXmlHttpRequest()) { +// if ($request->isXmlHttpRequest()) { return response()->json([ - 'code' => 401, - 'msg' => 'need login', + 'code' => config('pdauth.code.unauthorized', 401), + 'msg' => 'Unauthorized', 'data' => [ 'url' => app('pd.auth')->connect($redirect), ], ]); - } else { - return redirect(app('pd.auth')->connect($redirect)); - } - } - - //权限检测 -// $path = $request->path(); -// $privileges = config('pdauth.roles_privileges'); -// $user = $request->user(); -// $match = []; -// foreach ($user['roles'] as $role) { -// if (array_key_exists($role, $privileges)) { -// //如果设置了 * ,则跳过权限检测 -// if (is_string($privileges[$role]) && $privileges[$role] == '*') { -// return $next($request); -// } -// if (!is_array($privileges[$role])) { -// throw new \Exception('pdauth 配置错误!'); -// } -// $match = array_merge($match, $privileges[$role]); +// } else { +// // +// exit('jump'); +//// return redirect(app('pd.auth')->connect($redirect)); // } -// } - -// if (in_array($path, $match)) { -// return $next($request); -// } - -// if ($request->isXmlHttpRequest()) { -// return response()->json([ -// 'code' => 403, -// 'msg' => '无权访问,请联系管理员授权', -// 'data' => null, -// ]); -// } -// api_abort(403, '无权访问,请联系管理员授权'); + } return $next($request); } diff --git a/src/PdAuthServiceProvider.php b/src/PdAuthServiceProvider.php index aa824d9..7487034 100644 --- a/src/PdAuthServiceProvider.php +++ b/src/PdAuthServiceProvider.php @@ -6,6 +6,7 @@ use Illuminate\Contracts\Encryption\DecryptException; use Illuminate\Http\Request; use Illuminate\Support\ServiceProvider; use PdAuth\Middleware\Authenticate; +use Symfony\Component\HttpFoundation\Cookie; class PdAuthServiceProvider extends ServiceProvider { @@ -21,50 +22,45 @@ class PdAuthServiceProvider extends ServiceProvider // application. The callback which receives the incoming request instance // should return either a User instance or null. You're free to obtain // the User instance via an API token or any other method necessary. - $this->app['auth']->viaRequest('auth', function (Request $request) { - - $token = $request->header('Authorization', $request->cookie(Authenticate::CookieName)); - - if ($token) { - try { - $user = app('pd.auth')->getUserInfo($token); - if ($user) { - return $user; - } - } catch (DecryptException $ex) { - return null; - } - } - return null; - }); - $config = $this->app['config']['auth']; - if (!isset($config['guards']['auth'])) { - config(['auth.guards.auth' => ['driver' => 'auth']]); - $this->app['auth']->shouldUse('auth'); + foreach ($this->app['config']['pdauth']['apps'] as $key => $app) { + $this->app['auth']->viaRequest($key, function (Request $request) use ($key) { + + $token = $request->header('Authorization', $request->cookie(Authenticate::CookieName)); + + if ($token) { + try { + $user = app('pd.auth')->choose($key)->getUserInfo($token); + if ($user) { + return $user; + } + } catch (DecryptException $ex) { + return null; + } + } + return null; + }); + + if (!isset($config['guards']['auth'])) { + config(['auth.guards.' . $key => ['driver' => $key]]); + $this->app['auth']->shouldUse('auth'); + } } - //添加获取token的路由 - $this->app['router']->get('auth/token.json', function (Request $request) { - $code = $request->input('pd_code'); - $id = $request->input('app_id'); - $token = app('pd.auth')->choose($id)->getAccessToken($code); - return response()->json([ - 'code' => 0, - 'message' => '', - 'data' => $token, - ]); - }); +// $config = $this->app['config']['auth']; +// +// if (!isset($config['guards']['auth'])) { +// config(['auth.guards.auth' => ['driver' => 'auth']]); +// $this->app['auth']->shouldUse('auth'); +// } - $this->app['router']->get('auth/logout', function (Request $request) { - app('pd.auth')->logout(); - }); + $this->setupRouter(); } protected function setupConfig() { - $source = realpath(__DIR__ . '/../../config/auth.php'); + $source = realpath(__DIR__ . '/../config/auth.php'); if ($this->app instanceof LaravelApplication && $this->app->runningInConsole()) { $this->publishes([$source => config_path('pdauth.php')], 'pdauth'); @@ -75,6 +71,24 @@ class PdAuthServiceProvider extends ServiceProvider $this->mergeConfigFrom($source, 'pdauth'); } + protected function setupRouter(){ + //添加获取token的路由 + $this->app['router']->get('auth/token.json', function (Request $request) { + $code = $request->input('pd_code'); + $token = app('pd.auth')->getAccessToken($code); + $cookie = new Cookie(Authenticate::CookieName, $token['access_token'], strtotime($token['expired_at'])); + return response()->json([ + 'code' => 0, + 'message' => '', + 'data' => $token, + ])->withCookie($cookie); + }); + + $this->app['router']->get('auth/logout', function (Request $request) { + app('pd.auth')->logout(); + }); + } + public function register() { $this->setupConfig();