需要修改两个地方,第一个是总控制里面的续token延时,第二个是操作日志记录
一、总控续token延时方法
在根目录下app文件夹下controller文件夹下Base.php中修改isLoginAuth方法,具体代码如下:
<?php
/**
* 总控制
* User: 龙哥 三年风水
* Date: 2024/10/27/0027
* Time: 22:16
*/
namespace app\controller;
use app\BaseController;
use app\model\permission\Menu;
use app\model\permission\Role;
use Encipher\Encrypt;
use app\model\common\Token;
use Error\BaseError;
use Redis\Redis;
class Base extends BaseController
{
protected $userId = 0;//用户编号,整个系统内部使用
protected $avatar = '';//登录用户的头像
protected $username = '';//登录用户的登录名称
protected $realname = '';//登录用户的真实名称
protected $email = '';//登录用户邮箱
protected $ip = '';//登录用户授权组
protected $departmentId = 0;//登录用户部门编号
protected $gradeId = 0;//登录用户级别编号
protected $isUnserialize = true;//Redis里面有按钮权限
protected $token = '';//当前用户唯一编码
protected $roleId = '';//登录用户的权限编号
protected $key = '';//登录用户权限组标识
protected $butts = [];//操作权限,整个系统内部使用
protected $rules = [];//登录用户的权限组,内部使用
protected $randomNumber = '';//随机数编号
protected $loginIp = '';//登录IP
protected $browserId = '';//浏览器编号
//初始化方法
public function initialize(){
parent::initialize(); // TODO: Change the autogenerated stub
$this->isLoginAuth();//判断是否登录
}
//token验证
private function isLoginAuth(){
$headInfo = $this->request->header();
if(!isset($headInfo['authorization']))throw new BaseError('非法操作!');
if(empty($headInfo['authorization']))throw new BaseError('操作异常!');
if(!empty($this->loginIp)){
if($this->loginIp != $headInfo['x-real-ip'])throw new BaseError('危险操作!');
}
$tokenValue = explode('|', Encrypt::decryptRsa($headInfo['authorization']));//解密 --转换token
if(count($tokenValue) != 2)throw new BaseError('登录认证权限错误',50034,200);
$token = sha1(sha1($tokenValue[0]).strtotime($tokenValue[1]));
$res = Token::setToken($token, $headInfo['authorization'], $headInfo['x-real-ip']);
if($res['status'] === false)throw new BaseError($res['info'],50034,200);//赋值错误信息
$this->userId = $res['data']['admin_id'];
$this->avatar = $res['data']['avatar'];
$this->username = $res['data']['username'];
$this->realname = $res['data']['realname'];
$this->email = $res['data']['email'];
$this->ip = $res['data']['ip'];
$this->departmentId = $res['data']['department_id'];
$this->gradeId = $res['data']['grade_id'];
$this->roleId = $res['data']['role_id'];
$this->token = $token;
$this->randomNumber = $res['data']['random_number'];
$this->loginIp = $res['data']['login_ip'];
$this->browserId = $res['data']['browser_id'];
}
}
二、修改token数据管理
在根目录下app文件夹下model文件夹下common文件夹下Token.php中修改setToken方法,具体代码如下:
//修改token整个状态
public static function setToken($token, $attack, $clientIp){
$data['admin_id'] = 0;
$data['username'] = '';
$data['avatar'] = '';
$data['realname'] = '';
$data['email'] = '';
$data['ip'] = '';
$data['department_id'] = 0;
$data['grade_id'] = 0;
$data['role_id'] = 0;
$data['random_number'] = '';
$data['browser_id'] = '';
$data['login_ip'] = '';
$redisToken = Redis::select(config('cache.stores.redis.token_db'))->get('token_'.$token);
if(empty($redisToken))return array('status' => false, 'info' => 'token已经过期咯,请重新登录!', 'data' => $data);
//获取系统配置的过期时间
$systemParam = SystemModel::dataFind(['id' => 1],'platform_token_expira');
//验证是否跨站攻击
$attackToken = Redis::select(config('cache.stores.redis.token_db'))->get('token_' . $redisToken);
if(!empty($attackToken)){
if ($attackToken === $attack){
//如果传过来加密后的token与Redis里面记录的一样,就禁止访问、延长过期时间并加入黑名单
Redis::select(config('cache.stores.redis.token_db'))->expire('token_'.$token, $systemParam['platform_token_expira']);
//加入黑名单
//Redis::select(config('cache.stores.redis.default_db'))->sadd('black-list', $clientIp);
//return array('status' => false, 'info' => '跨站攻击', 'data' => $data);
}
}
Redis::select(config('cache.stores.redis.token_db'))->expire('token_'.$token, $systemParam['platform_token_expira']);
Redis::select(config('cache.stores.redis.token_db'))->setex('token_' . $redisToken, $systemParam['platform_token_expira'], $attack);
$resAdminFind = Admin::dataFind(['id' => $redisToken], 'username,avatar,realname,email,ip,department_id,grade_id,role_id,status',true);
if ($resAdminFind['status'] !== 1) return array('status' => false, 'info' => '该用户已被禁用', 'data' => $data);
$resTokenFind = self::dataFind(['token' => $token],'random_number,browser_id,login_ip',true);
$data['admin_id'] = $redisToken;
$data['username'] = $resAdminFind['username'];
$data['avatar'] = $resAdminFind['avatar'];
$data['realname'] = $resAdminFind['realname'];
$data['email'] = $resAdminFind['email'];
$data['ip'] = $resAdminFind['ip'];
$data['department_id'] = $resAdminFind['department_id'];
$data['grade_id'] = $resAdminFind['grade_id'];
$data['role_id'] = $resAdminFind['role_id'];
$data['random_number'] = $resTokenFind['random_number'];
$data['browser_id'] = $resTokenFind['browser_id'];
$data['login_ip'] = $resTokenFind['login_ip'];
return array('status' => true, 'info' => '', 'data' => $data);
}
三、管理员日志操作方法
在根目录下app文件夹下controller文件夹下Base.php中修改setToken方法,具体代码如下:
/**
* 操作日志记录
* User: 龙哥·三年风水
* Date: 2024/12/12
* Time: 17:11
* @ param $tokenType 操作类型
* @ param $menuName 权限名称
*/
protected function setToken($tokenType,$menuName){
$data['token_type'] = $tokenType;
$data['menu_name'] = $menuName;
$data['admin_id'] = $this->userId;
$data['random_number'] = $this->randomNumber;
$data['browser_id'] = $this->browserId;
$data['login_ip'] = $this->loginIp;
$data['create_time'] = date('Y-m-d',time());
$data['login_time'] = date('Y-m-d H:i:s',time());
$data['expire_time'] = time();
$data['token'] = $this->token;
Token::save($data,[]);
}