waibao
/
NN2025112501


			
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182
							<?php


namespace App\Http\Middleware;

use App\Helpers\Jwt;
use App\Services\ConfigService;
use App\Services\RedisService;
use Closure;
use Illuminate\Auth\Middleware\Authenticate as Middleware;

class WebLogin extends Middleware
{
    /**
     * 执行句柄
     * @param \Illuminate\Http\Request $request
     * @param Closure $next
     * @param mixed ...$guards
     * @return mixed
     * @throws \Illuminate\Auth\AuthenticationException
     * @since 2020/8/31
     * @author wesmiler
     */
    public function handle($request, Closure $next, ...$guards)
    {
        $action = app('request')->route()->getAction();
        $controller = class_basename($action['controller']);
        list($controller, $action) = explode('@', $controller);
        $noLoginActs = ['LoginController','UploadController','IndexController'];
        $token = $request->headers->get('Authorization');
        if (strpos($token, 'Bearer ') !== false) {
            $token = str_replace("Bearer ", null, $token);
            $token = trim($token);
            if($token){
                // JWT解密token
                $jwt = new Jwt('jwt_lgx_app');
                $userId = $jwt->verifyToken($token);
            }else{
                return response()->json(message(1035, false, [], 403))->setEncodingOptions(256);
            }

        } else {
            $userId = 0;
        }

        // 接口验证
        $url = $request->get('s');
        $url = empty($url)? $request->path() : $url;
        $params = $request->except('s');
        $sign = $request->header('sign');
        if(empty($sign)){
            $sign = isset($params['sign'])? $params['sign'] : '';
        }

        if($action != 'setAvatar'){
            $system = isset($params['system']) ? $params['system'] : '';
            $system = $system && !is_array($system)? json_decode($system,true) : $system;
            $ctime = isset($system['sys_time'])? $system['sys_time'] : 0;
            $uuid = isset($system['uuid'])? $system['uuid'] : 0;
            $url = '/'.ltrim($url,'/');
            $checkSign = getSign("{$url}&{$uuid}&{$ctime}");
            if ($ctime < time() - 30 && !in_array($controller, $noLoginActs)) {
                return response()->json(message(1012, false, null))->setEncodingOptions(256);
            }

            if ((empty($sign) || $sign != $checkSign) && !in_array($controller, $noLoginActs)) {
                return response()->json(message(1005, false, null))->setEncodingOptions(256);
            }
        }

        // 接口加密验证
        $userInfo = RedisService::get("auths:info:{$userId}");
        if (($userId<=0 || empty($userInfo))&& !in_array($controller, $noLoginActs)) {
            // 在这里可以定制你想要的返回格式, 亦或者是 JSON 编码格式
            return response()->json(message(1035, false, [], 403))->setEncodingOptions(256);
        }

        $request->headers->set('token_uid' , $userId);
        //如果已登录则执行正常的请求
        return $next($request);
    }
}