Controller.php 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
  1. <?php
  2. // +----------------------------------------------------------------------
  3. // | 萤火商城系统 [ 致力于通过产品和服务,帮助商家高效化开拓市场 ]
  4. // +----------------------------------------------------------------------
  5. // | Copyright (c) 2017~2024 https://www.yiovo.com All rights reserved.
  6. // +----------------------------------------------------------------------
  7. // | Licensed 这不是一个自由软件,不允许对程序代码以任何形式任何目的的再发行
  8. // +----------------------------------------------------------------------
  9. // | Author: 萤火科技 <admin@yiovo.com>
  10. // +----------------------------------------------------------------------
  11. declare (strict_types=1);
  12. namespace app\admin\controller;
  13. use cores\BaseController;
  14. use app\admin\service\admin\User as AdminUserService;
  15. use cores\exception\BaseException;
  16. /**
  17. * 超管后台控制器基类
  18. * Class Controller
  19. * @package app\admin\controller
  20. */
  21. class Controller extends BaseController
  22. {
  23. // 商家登录信息
  24. protected $admin;
  25. // 当前控制器名称
  26. protected string $controller = '';
  27. // 当前方法名称
  28. protected string $action = '';
  29. // 当前路由uri
  30. protected string $routeUri = '';
  31. // 当前路由:分组名称
  32. protected string $group = '';
  33. // 登录验证白名单
  34. protected array $allowAllAction = [
  35. // 登录页面
  36. 'passport/login',
  37. ];
  38. /**
  39. * 强制验证当前访问的控制器方法method
  40. * 例: [ 'login' => 'POST' ]
  41. * @var array
  42. */
  43. protected array $methodRules = [];
  44. /**
  45. * 后台初始化
  46. * @return void
  47. * @throws BaseException
  48. */
  49. public function initialize()
  50. {
  51. // 设置管理员登录信息
  52. $this->setAdminInfo();
  53. // 当前路由信息
  54. $this->getRouteinfo();
  55. // 验证登录
  56. $this->checkLogin();
  57. // 强制验证当前访问的控制器方法method
  58. $this->checkMethodRules();
  59. }
  60. /**
  61. * 设置管理员登录信息
  62. */
  63. private function setAdminInfo()
  64. {
  65. $this->admin = AdminUserService::getLoginInfo();
  66. }
  67. /**
  68. * 解析当前路由参数 (分组名称、控制器名称、方法名)
  69. */
  70. protected function getRouteinfo()
  71. {
  72. // 控制器名称
  73. $this->controller = uncamelize($this->request->controller());
  74. // 方法名称
  75. $this->action = $this->request->action();
  76. // 控制器分组 (用于定义所属模块)
  77. $groupstr = strstr($this->controller, '.', true);
  78. $this->group = $groupstr !== false ? $groupstr : $this->controller;
  79. // 当前uri
  80. $this->routeUri = "{$this->controller}/$this->action";
  81. }
  82. /**
  83. * 验证登录状态
  84. * @return void
  85. * @throws BaseException
  86. */
  87. private function checkLogin(): void
  88. {
  89. // 验证当前请求是否在白名单
  90. if (in_array($this->routeUri, $this->allowAllAction)) {
  91. return;
  92. }
  93. // 验证登录状态
  94. if (empty($this->admin) || (int)$this->admin['is_login'] !== 1) {
  95. throwError('请先登录后再访问', config('status.not_logged'));
  96. }
  97. }
  98. /**
  99. * 强制验证当前访问的控制器方法method
  100. * @throws BaseException
  101. */
  102. private function checkMethodRules(): void
  103. {
  104. if (!isset($this->methodRules[$this->action])) {
  105. return;
  106. }
  107. $methodRule = $this->methodRules[$this->action];
  108. $currentMethod = $this->request->method();
  109. if (empty($methodRule)) {
  110. return;
  111. }
  112. if (is_array($methodRule) && in_array($currentMethod, $methodRule)) {
  113. return;
  114. }
  115. if (is_string($methodRule) && $methodRule == $currentMethod) {
  116. return;
  117. }
  118. throwError('illegal request method');
  119. }
  120. }