app/api/middleware/Auth.php

<?php

namespace app\api\middleware;

use ReflectionException;
use support\exception\BusinessException;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;
use support\Container;

class Auth implements MiddlewareInterface
{
    /**
     * @param Request $request
     * @param callable $handler
     * @return Response
     * @throws ReflectionException|BusinessException
     */
    public function process(Request $request, callable $next): Response
    {
        $headers = [
            'Access-Control-Allow-Credentials' => 'true',
            'Access-Control-Allow-Origin' => $request->header('origin', '*'),
            'Access-Control-Allow-Methods' => $request->header('access-control-request-method', '*'),
            'Access-Control-Allow-Headers' => $request->header('access-control-request-headers', '*'),
        ];
        if($request->method() == 'OPTIONS'){
            $response = response('',204,$headers);
            return $response;
        }
        $lang = $request->header('lang','zh-Hans');
        locale($lang);
        if ($request->controller) {
            $request->client = $request->header('client',"web");
            // if($request->client=='win' && $request->header('version') < 2.06){
            //     abort('旧版本不能再使用,请更新到最新版本', 603);
            // }
            
            //跨域请求检测
            //check_cors_request();

            // 检测IP是否允许
            //check_ip_allowed();
            $request->start_time = microtime();
            $controller = Container::get($request->controller);
            // 检测是否需要验证登录
            if (!\support\Jwt::match($controller->noNeedLogin)) {
                //检测是否登录
                try {
                    if (!\support\Jwt::isLogin()) {
                        return new Response(401,$headers,json_encode([
                            "code"=>401,
                            "data"=>[],
                            "msg"=>__('Please login first')
                        ]));
                    }
                } catch (\Exception $e) {
                    return new Response(401,$headers,json_encode([
                        "code"=>401,
                        "data"=>[],
                        "msg"=>__('Please login first')
                    ]));
                }
                $user = \support\Jwt\JwtToken::getUser();
                if(!$user['status']){
                    return new Response(403,$headers,json_encode([
                        "code"=>403,
                        "data"=>[],
                        "msg"=>__('Account is locked')
                    ]));
                }


                // $key = "debounce_" . $request->path() . "_" . ($user->id ?? 'guest');
                // $ttl = 1; // 防抖时间（秒）
                // $redishandler = new \Redis;
                // $redishandler->connect(
                //     \support\Env::get('host'), 
                //     (int) \support\Env::get('port'), 
                //     (int) \support\Env::get('timeout'));
                // $redishandler->select(12);
                // if ($redishandler->setnx($key, 1)) {
                //     $redishandler->expire($key, $ttl);
                // }else{
                //     return new Response(429,[],__('Too frequent operation'));
                // }
                // 判断是否需要验证权限
                if (!\support\Jwt::match($controller->noNeedAuth)) {
                    // 判断控制器和方法判断是否有对应权限
                    $controllername = get_controller_name();
                    $actionname = strtolower(get_action_name());
                    $path = str_replace('.', '/', $controllername) . '/' . $actionname;
                    if (!\support\Jwt::check($path)) {
                        return new Response(405,$headers,json_encode([
                            "code"=>405,
                            "data"=>[],
                            "msg"=>__('have no permission')
                        ]));
                    }
                }
            }

            // if($request->client!='web'){
            //     $data = $request->post('data');
            //     if($data){
            //         $data = str_replace('%3D','=',$data);
            //         $data = str_replace(' ','+',$data);
            //         //var_dump($data);
            //         $data = \support\Encrypt::aesdecode($data);
            //         $data = json_decode($data,true);
            //         //var_dump($data);
            //         $request->withBody($data);
            //     }
            // }
            $config = Config('site');
            $config['debug'] = config('app.debug');
            $config['controller'] = $request->controller_name;
            $config['action'] = $request->action_name;
            $request->_view_vars = array_merge((array) $request->_view_vars,[
                'user'      =>  session('admin'),
                'config'    =>  $config
            ]);
            $IM = new \support\OpenImSdk\Client([
                'host' => 'http://127.0.0.1:10002', // OpenIM API地址
                'secret' => 'n1e5a6s6m7', // OpenIM密钥
            ]);
            $request->IM = $IM;
            $response = $next($request);
            //cp('auth');
            //\support\Log::alert('auth');
            $body = str_replace([
                '__SELF__'
            ],[
                request()->path()
            ],$response->rawBody());
            // if($request->app=="api" && $request->client!='web'){
            //     $body = \support\Encrypt::aesencode($body);
            // }
            $response->withHeaders($headers)->withBody($body)->getStatusCode();
            $time = microtime() - $request->start_time;
            //echo("响应时间:".$request->uri().':'.$time.PHP_EOL);
            //$response = $next($request);
            //\support\Log::error($response->rawBody());
            return $response;
        }
        return $next($request);
    }
}
init admin 2025-11-07 09:56:20 +08:00			`<?php`

			`namespace app\api\middleware;`

			`use ReflectionException;`
			`use support\exception\BusinessException;`
			`use Webman\Http\Request;`
			`use Webman\Http\Response;`
			`use Webman\MiddlewareInterface;`
			`use support\Container;`

			`class Auth implements MiddlewareInterface`
			`{`
			`/**`
			`* @param Request $request`
			`* @param callable $handler`
			`* @return Response`
			`* @throws ReflectionException\|BusinessException`
			`*/`
			`public function process(Request $request, callable $next): Response`
			`{`
9 2026-02-15 19:41:56 +08:00			`$headers = [`
			`'Access-Control-Allow-Credentials' => 'true',`
			`'Access-Control-Allow-Origin' => $request->header('origin', '*'),`
			`'Access-Control-Allow-Methods' => $request->header('access-control-request-method', '*'),`
			`'Access-Control-Allow-Headers' => $request->header('access-control-request-headers', '*'),`
			`];`
init admin 2025-11-07 09:56:20 +08:00			`if($request->method() == 'OPTIONS'){`
9 2026-02-15 19:41:56 +08:00			`$response = response('',204,$headers);`
init admin 2025-11-07 09:56:20 +08:00			`return $response;`
			`}`
18 2026-03-06 02:27:52 +08:00			`$lang = $request->header('lang','zh-Hans');`
init admin 2025-11-07 09:56:20 +08:00			`locale($lang);`
			`if ($request->controller) {`
			`$request->client = $request->header('client',"web");`
			`// if($request->client=='win' && $request->header('version') < 2.06){`
			`// abort('旧版本不能再使用,请更新到最新版本', 603);`
			`// }`

			`//跨域请求检测`
			`//check_cors_request();`

			`// 检测IP是否允许`
			`//check_ip_allowed();`
			`$request->start_time = microtime();`
			`$controller = Container::get($request->controller);`
			`// 检测是否需要验证登录`
			`if (!\support\Jwt::match($controller->noNeedLogin)) {`
			`//检测是否登录`
			`try {`
			`if (!\support\Jwt::isLogin()) {`
9 2026-02-15 19:41:56 +08:00			`return new Response(401,$headers,json_encode([`
init admin 2025-11-07 09:56:20 +08:00			`"code"=>401,`
			`"data"=>[],`
			`"msg"=>__('Please login first')`
9 2026-02-15 19:41:56 +08:00			`]));`
init admin 2025-11-07 09:56:20 +08:00			`}`
			`} catch (\Exception $e) {`
9 2026-02-15 19:41:56 +08:00			`return new Response(401,$headers,json_encode([`
init admin 2025-11-07 09:56:20 +08:00			`"code"=>401,`
			`"data"=>[],`
			`"msg"=>__('Please login first')`
9 2026-02-15 19:41:56 +08:00			`]));`
init admin 2025-11-07 09:56:20 +08:00			`}`
			`$user = \support\Jwt\JwtToken::getUser();`
			`if(!$user['status']){`
9 2026-02-15 19:41:56 +08:00			`return new Response(403,$headers,json_encode([`
init admin 2025-11-07 09:56:20 +08:00			`"code"=>403,`
			`"data"=>[],`
			`"msg"=>__('Account is locked')`
9 2026-02-15 19:41:56 +08:00			`]));`
init admin 2025-11-07 09:56:20 +08:00			`}`

9 2026-02-15 19:41:56 +08:00
init admin 2025-11-07 09:56:20 +08:00			`// $key = "debounce_" . $request->path() . "_" . ($user->id ?? 'guest');`
			`// $ttl = 1; // 防抖时间（秒）`
			`// $redishandler = new \Redis;`
			`// $redishandler->connect(`
			`// \support\Env::get('host'),`
			`// (int) \support\Env::get('port'),`
			`// (int) \support\Env::get('timeout'));`
			`// $redishandler->select(12);`
			`// if ($redishandler->setnx($key, 1)) {`
			`// $redishandler->expire($key, $ttl);`
			`// }else{`
			`// return new Response(429,[],__('Too frequent operation'));`
			`// }`
			`// 判断是否需要验证权限`
			`if (!\support\Jwt::match($controller->noNeedAuth)) {`
			`// 判断控制器和方法判断是否有对应权限`
			`$controllername = get_controller_name();`
			`$actionname = strtolower(get_action_name());`
			`$path = str_replace('.', '/', $controllername) . '/' . $actionname;`
			`if (!\support\Jwt::check($path)) {`
9 2026-02-15 19:41:56 +08:00			`return new Response(405,$headers,json_encode([`
init admin 2025-11-07 09:56:20 +08:00			`"code"=>405,`
			`"data"=>[],`
9 2026-02-15 19:41:56 +08:00			`"msg"=>__('have no permission')`
			`]));`
init admin 2025-11-07 09:56:20 +08:00			`}`
			`}`
			`}`

9 2026-02-15 19:41:56 +08:00			`// if($request->client!='web'){`
			`// $data = $request->post('data');`
			`// if($data){`
			`// $data = str_replace('%3D','=',$data);`
			`// $data = str_replace(' ','+',$data);`
			`// //var_dump($data);`
16 2026-03-01 21:05:19 +08:00			`// $data = \support\Encrypt::aesdecode($data);`
9 2026-02-15 19:41:56 +08:00			`// $data = json_decode($data,true);`
			`// //var_dump($data);`
			`// $request->withBody($data);`
			`// }`
			`// }`
init admin 2025-11-07 09:56:20 +08:00			`$config = Config('site');`
			`$config['debug'] = config('app.debug');`
			`$config['controller'] = $request->controller_name;`
			`$config['action'] = $request->action_name;`
			`$request->_view_vars = array_merge((array) $request->_view_vars,[`
			`'user' => session('admin'),`
			`'config' => $config`
			`]);`
3 2025-11-22 15:31:01 +08:00			`$IM = new \support\OpenImSdk\Client([`
			`'host' => 'http://127.0.0.1:10002', // OpenIM API地址`
6 2025-12-25 23:30:14 +08:00			`'secret' => 'n1e5a6s6m7', // OpenIM密钥`
3 2025-11-22 15:31:01 +08:00			`]);`
			`$request->IM = $IM;`
init admin 2025-11-07 09:56:20 +08:00			`$response = $next($request);`
			`//cp('auth');`
			`//\support\Log::alert('auth');`
			`$body = str_replace([`
			`'__SELF__'`
			`],[`
			`request()->path()`
			`],$response->rawBody());`
9 2026-02-15 19:41:56 +08:00			`// if($request->app=="api" && $request->client!='web'){`
16 2026-03-01 21:05:19 +08:00			`// $body = \support\Encrypt::aesencode($body);`
9 2026-02-15 19:41:56 +08:00			`// }`
			`$response->withHeaders($headers)->withBody($body)->getStatusCode();`
init admin 2025-11-07 09:56:20 +08:00			`$time = microtime() - $request->start_time;`
			`//echo("响应时间:".$request->uri().':'.$time.PHP_EOL);`
			`//$response = $next($request);`
			`//\support\Log::error($response->rawBody());`
			`return $response;`
			`}`
			`return $next($request);`
			`}`
			`}`