111 lines
3.7 KiB
PHP
111 lines
3.7 KiB
PHP
<?php
|
|
|
|
namespace App\Kernel\Aspect;
|
|
|
|
use App\Kernel\Annotation\PreAuthorization;
|
|
use App\Model\Account;
|
|
use Hyperf\Di\Annotation\Aspect;
|
|
use Hyperf\Di\Aop\AbstractAspect;
|
|
use Hyperf\Di\Aop\ProceedingJoinPoint;
|
|
use Hyperf\Di\Exception\AnnotationException;
|
|
use Hyperf\HttpServer\Contract\RequestInterface;
|
|
use Hyperf\HttpServer\Contract\ResponseInterface;
|
|
|
|
/**
|
|
* @Aspect
|
|
*/
|
|
#[Aspect]
|
|
class PreAuthorizationAspect extends AbstractAspect
|
|
{
|
|
protected RequestInterface $request;
|
|
protected ResponseInterface $response;
|
|
|
|
public array $annotations = [
|
|
PreAuthorization::class
|
|
];
|
|
|
|
/**
|
|
* @param RequestInterface $request
|
|
* @param ResponseInterface $response
|
|
*/
|
|
public function __construct(RequestInterface $request, ResponseInterface $response)
|
|
{
|
|
$this->request = $request;
|
|
$this->response = $response;
|
|
}
|
|
|
|
/**
|
|
* @param ProceedingJoinPoint $proceedingJoinPoint
|
|
* @return mixed|\Psr\Http\Message\ResponseInterface
|
|
* @throws AnnotationException
|
|
* @throws \Hyperf\Di\Exception\Exception
|
|
*/
|
|
public function process(ProceedingJoinPoint $proceedingJoinPoint)
|
|
{
|
|
// 切面切入后,执行对应的方法会由此来负责
|
|
$authorization = $this->getAuthorizationAnnotation($proceedingJoinPoint);
|
|
$isLogin = $this->request->getAttribute("isLogin", false);
|
|
if ($authorization->needLogin && !$isLogin) {
|
|
return $this->response->json(['code' => 1, 'msg' => '登录已过期']);
|
|
}
|
|
$admin = $this->request->getAttribute("account");
|
|
if ($authorization->needLogin && $authorization->needAuth) {
|
|
if (!$isLogin || empty($admin) || !$this->checkPermission($authorization->auth, $this->request->getMethod(), $admin)) {
|
|
return $this->response->json(['code' => 2, 'msg' => '权限不足']);
|
|
}
|
|
// 再次校验接口权限
|
|
if ("*" != $authorization->role && !$this->checkRole($authorization->role, $admin)) {
|
|
return $this->response->json(['code' => 2, 'msg' => '权限不足-1']);
|
|
}
|
|
}
|
|
$response = $proceedingJoinPoint->process();
|
|
// // 记录日志
|
|
// if (config("app.log") && $isLogin && !empty($admin) && $authorization->needLog && $authorization->auth != "*") {
|
|
// AccountLog::record($this->request, $admin, $authorization->auth, $response);
|
|
// }
|
|
return $response;
|
|
}
|
|
|
|
/**
|
|
* desc: 获取注解类
|
|
* @param ProceedingJoinPoint $proceedingJoinPoint
|
|
* @return PreAuthorization
|
|
* @throws AnnotationException
|
|
*/
|
|
protected function getAuthorizationAnnotation(ProceedingJoinPoint $proceedingJoinPoint): PreAuthorization
|
|
{
|
|
$annotation = $proceedingJoinPoint->getAnnotationMetadata()->method[PreAuthorization::class] ?? null;
|
|
if (!$annotation instanceof PreAuthorization) {
|
|
throw new AnnotationException("Annotation PreAuthorization couldn't be collected successfully.");
|
|
}
|
|
return $annotation;
|
|
}
|
|
|
|
/**
|
|
* desc: 校验操作权限
|
|
* @param string $auth
|
|
* @param string $method
|
|
* @param array $account
|
|
* @return bool
|
|
*/
|
|
protected function checkPermission(string $auth, string $method, array $account): bool
|
|
{
|
|
return Account::checkAuth($account, $method, $auth);
|
|
}
|
|
|
|
/**
|
|
* @param string $role
|
|
* @param array $admin
|
|
* @return bool
|
|
*/
|
|
private function checkRole(string $role, array $admin): bool
|
|
{
|
|
$keys = [];
|
|
$roles = ['ADMIN' => 0, 'ORG' => 1];
|
|
foreach (explode(",", $role) as $key) {
|
|
$keys[] = $roles[$key];
|
|
}
|
|
return in_array($admin['account_type'], $keys);
|
|
}
|
|
}
|