95 lines
3.2 KiB
PHP
95 lines
3.2 KiB
PHP
<?php
|
|
/**
|
|
* Author: cfn <cfn@leapy.cn>
|
|
*/
|
|
|
|
namespace App\Aspect;
|
|
|
|
use App\Annotation\Auth;
|
|
use App\Model\AccountLog;
|
|
use Hyperf\Context\ApplicationContext;
|
|
use Hyperf\Di\Annotation\Aspect;
|
|
use Hyperf\Di\Annotation\Inject;
|
|
use Hyperf\Di\Aop\AbstractAspect;
|
|
use Hyperf\Di\Aop\ProceedingJoinPoint;
|
|
use Hyperf\Di\Exception\AnnotationException;
|
|
use Hyperf\HttpServer\Contract\RequestInterface;
|
|
use Hyperf\HttpServer\Contract\ResponseInterface;
|
|
use Psr\SimpleCache\CacheInterface;
|
|
|
|
#[Aspect]
|
|
class AuthAspect extends AbstractAspect
|
|
{
|
|
#[Inject]
|
|
protected RequestInterface $request;
|
|
#[Inject]
|
|
protected ResponseInterface $response;
|
|
#[Inject]
|
|
protected CacheInterface $cache;
|
|
|
|
public array $annotations = [
|
|
Auth::class
|
|
];
|
|
|
|
|
|
/**
|
|
* Author: cfn <cfn@leapy.cn>
|
|
* @param ProceedingJoinPoint $proceedingJoinPoint
|
|
* @return mixed|\Psr\Http\Message\ResponseInterface
|
|
* @throws AnnotationException|\Hyperf\Di\Exception\Exception
|
|
*/
|
|
public function process(ProceedingJoinPoint $proceedingJoinPoint)
|
|
{
|
|
// 切面切入后,执行对应的方法会由此来负责
|
|
$authorization = $this->getAuthorizationAnnotation($proceedingJoinPoint);
|
|
$isLogin = $this->request->getAttribute("isLogin",false);
|
|
if ($authorization->needLogin && !$isLogin) {
|
|
return $this->response->json(['code' => 3,'msg' => '登录已过期']);
|
|
}
|
|
$admin = $this->request->getAttribute("account");
|
|
if ($authorization->needLogin && $authorization->needAuth) {
|
|
if (!$isLogin || empty($admin) || !$this->checkPermission($authorization->auth, $this->request->getMethod(), $admin)) {
|
|
return $this->response->json(['code' => 2,'msg' => '权限不足']);
|
|
}
|
|
}
|
|
$response = $proceedingJoinPoint->process();
|
|
// 记录日志
|
|
if ($isLogin && !empty($admin) && $authorization->needLog && $authorization->auth != "*") {
|
|
AccountLog::recordLog($this->request, $admin, $authorization->auth, $response);
|
|
}
|
|
return $response;
|
|
}
|
|
|
|
/**
|
|
* desc: 获取注解类
|
|
* @param ProceedingJoinPoint $proceedingJoinPoint
|
|
* @return Auth
|
|
* @throws AnnotationException
|
|
*/
|
|
protected function getAuthorizationAnnotation(ProceedingJoinPoint $proceedingJoinPoint): Auth {
|
|
$annotation = $proceedingJoinPoint->getAnnotationMetadata()->method[Auth::class] ?? null;
|
|
if (!$annotation instanceof Auth) {
|
|
throw new AnnotationException("Annotation Auth couldn't be collected successfully.");
|
|
}
|
|
return $annotation;
|
|
}
|
|
|
|
/**
|
|
* desc: 校验操作权限
|
|
* Author: cfn <cfn@leapy.cn>
|
|
* @param string $auth
|
|
* @param string $method
|
|
* @param array $account
|
|
* @return bool
|
|
*/
|
|
protected function checkPermission(string $auth, string $method, array $account): bool {
|
|
if ($auth == "*" || $account['master_flag']) return true;
|
|
$auths = $this->cache->get("AUTH:".$account['account_id']);
|
|
if (!$auths) return false;
|
|
$auths = json_decode($auths, true);
|
|
if (!empty($auths)) {
|
|
return in_array(strtolower($method.':'.$auth), $auths);
|
|
}
|
|
return false;
|
|
}
|
|
} |