From 1a7303cedf5ce201e068539e33ff5eafeaa03196 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BF=97=E5=BC=BA?= <357099073@qq.com> Date: Mon, 26 Jan 2026 14:48:27 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0jwt=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 24 ++++++++ app/admin/BaseController.php | 34 ++++++++++- app/admin/controller/MenuController.php | 81 ++++++++++++++++++++++++- app/admin/middleware/CustomCors.php | 4 ++ app/admin/route/app.php | 1 + app/service/JwtService.php | 2 +- 6 files changed, 142 insertions(+), 4 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a547bf3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,24 @@ +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +pnpm-debug.log* +lerna-debug.log* + +node_modules +dist +dist-ssr +*.local + +# Editor directories and files +.vscode/* +!.vscode/extensions.json +.idea +.DS_Store +*.suo +*.ntvs* +*.njsproj +*.sln +*.sw? diff --git a/app/admin/BaseController.php b/app/admin/BaseController.php index 5a43f7f..59faa7a 100644 --- a/app/admin/BaseController.php +++ b/app/admin/BaseController.php @@ -7,9 +7,9 @@ use think\App; use think\exception\ValidateException; use think\Validate; use think\facade\Request; +use think\facade\Session; use think\facade\Cache; use app\admin\controller\OperationLog\OperationLogger; -use app\service\JwtService; /** * 控制器基础类 @@ -159,7 +159,37 @@ abstract class BaseController */ protected function getAdminUserInfo(): array { - return JwtService::getUserFromHeader($this->request->header('Authorization', '')); + $userId = $this->request->header('Authorization', ''); + + if (!preg_match('/Bearer\s+(.+)/i', $userId, $matches)) { + return ['id' => 0, 'account' => '', 'name' => '']; + } + + $tokenData = $this->verifyTokenFromHeader($matches[1]); + + if (!$tokenData || !isset($tokenData['user'])) { + return ['id' => 0, 'account' => '', 'name' => '']; + } + + return (array)$tokenData['user']; + } + + private function verifyTokenFromHeader($token): ?array + { + $authHeader = $this->request->header('Authorization', ''); + if (!preg_match('/Bearer\s+(.+)/i', $authHeader, $matches)) { + return null; + } + + try { + $decoded = \Firebase\JWT\JWT::decode( + $matches[1], + new \Firebase\JWT\Key(\app\service\JwtService::getSecret(), 'HS256') + ); + return (array)$decoded; + } catch (\Exception $e) { + return null; + } } } diff --git a/app/admin/controller/MenuController.php b/app/admin/controller/MenuController.php index ac503be..6006f08 100644 --- a/app/admin/controller/MenuController.php +++ b/app/admin/controller/MenuController.php @@ -17,7 +17,86 @@ use app\model\AdminUserGroup; class MenuController extends BaseController { /** - * 获取用户菜单接口 + * 获取当前登录用户的菜单接口 + * @return \think\response\Json + */ + public function getMyMenus() + { + try { + $userInfo = $this->getAdminUserInfo(); + + if (!$userInfo || !isset($userInfo['id']) || $userInfo['id'] == 0) { + return json([ + 'code' => 401, + 'msg' => '用户ID不存在,请重新登录', + 'data' => null + ]); + } + + $user = AdminUser::where('id', $userInfo['id'])->find(); + + if (!$user) { + return json([ + 'code' => 404, + 'msg' => '用户不存在', + 'data' => null + ]); + } + + // 获取用户组权限信息 + $userGroup = AdminUserGroup::where('id', $user['group_id']) + ->find(); + + if (!$userGroup) { + return json([ + 'code' => 404, + 'msg' => '用户组不存在', + 'data' => null + ]); + } + + // 解析权限数组 + $menuIds = []; + if (!empty($userGroup['rights'])) { + $menuIds = is_array($userGroup['rights']) ? $userGroup['rights'] : json_decode($userGroup['rights'], true); + } + + // 如果权限为空,返回空数组 + if (empty($menuIds)) { + return json([ + 'code' => 200, + 'msg' => 'success', + 'data' => [] + ]); + } + + // 获取有权限的菜单 + $menus = SystemMenu::where('delete_time', null) + ->where('status', 1) + ->whereIn('id', $menuIds) + ->field('id,pid,title,path,component_path,icon,sort') + ->order('sort', 'asc') + ->select(); + + // 将菜单转换为树形结构 + $treeMenus = $this->buildMenuTree($menus->toArray()); + + return json([ + 'code' => 200, + 'msg' => 'success', + 'data' => $treeMenus + ]); + } catch (DbException $e) { + return json([ + 'code' => 500, + 'msg' => 'fail:' . $e->getMessage(), + 'data' => $e->getTraceAsString() + ]); + } + } + + /** + * 获取用户菜单接口(需要传入用户ID) * @return \think\response\Json */ public function getMenus(int $id) diff --git a/app/admin/middleware/CustomCors.php b/app/admin/middleware/CustomCors.php index e30dc4b..ac49a85 100644 --- a/app/admin/middleware/CustomCors.php +++ b/app/admin/middleware/CustomCors.php @@ -27,6 +27,10 @@ class CustomCors 'https://www.yunzer.cn', 'http://yunzer.cn', 'https://yunzer.cn', + 'http://back.yunzer.cn', + 'https://back.yunzer.cn', + 'http://backend.yunzer.cn', + 'https://backend.yunzer.cn', ]; // 检查是否为允许的域名 diff --git a/app/admin/route/app.php b/app/admin/route/app.php index 5bd41d1..31feb04 100644 --- a/app/admin/route/app.php +++ b/app/admin/route/app.php @@ -16,6 +16,7 @@ Route::get('user/info', 'app\\admin\\controller\\LoginController@userInfo'); // 菜单路由 Route::get('allmenu', 'app\\admin\\controller\\MenuController@getAllMenus'); +Route::get('menu/my', 'app\\admin\\controller\\MenuController@getMyMenus'); Route::get('menu/:id', 'app\\admin\\controller\\MenuController@getMenus'); Route::post('createMenu', 'app\\admin\\controller\\MenuController@createMenu'); Route::put('updateMenu/:id', 'app\\admin\\controller\\MenuController@updateMenu'); diff --git a/app/service/JwtService.php b/app/service/JwtService.php index 0c0e2e6..3fb1f8c 100644 --- a/app/service/JwtService.php +++ b/app/service/JwtService.php @@ -9,7 +9,7 @@ use Firebase\JWT\Key; class JwtService { - private static string $secret = 'meitian@#!'; + private static string $secret = '8s9G7k2P8m5Q9r4T7y8U9i0O8p7L6k5J8H9G7F'; private static int $expire = 86400; public static function generateToken(array $userInfo): string