fix: switch asset token from file cache to database for reliability + always redirect on token invalid
This commit is contained in:
@@ -9,9 +9,28 @@ use think\facade\Db;
|
||||
|
||||
class AssetAppController extends BaseApiController
|
||||
{
|
||||
// 免登录验证的接口(使用独立 asset_token 体系,在方法内自行校验)
|
||||
// 所有接口都免框架登录验证(使用独立 asset_token 体系,在方法内自行校验)
|
||||
public array $notNeedLogin = ['login', 'getResourceList', 'changePassword'];
|
||||
|
||||
/** token 有效期:7 天 */
|
||||
const TOKEN_EXPIRE = 86400 * 7;
|
||||
|
||||
/**
|
||||
* @notes 通过 token 获取当前用户(数据库校验)
|
||||
*/
|
||||
private function getAssetUser(): ?AssetUser
|
||||
{
|
||||
$token = $this->request->header('token');
|
||||
if (empty($token)) {
|
||||
return null;
|
||||
}
|
||||
$user = AssetUser::where('token', $token)
|
||||
->where('token_expire_time', '>', time())
|
||||
->where('status', 1)
|
||||
->find();
|
||||
return $user ?: null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @notes 小程序端登录
|
||||
*/
|
||||
@@ -37,9 +56,11 @@ class AssetAppController extends BaseApiController
|
||||
return $this->fail('密码错误');
|
||||
}
|
||||
|
||||
// 简单生成 token (实际项目中建议用 JWT 或 Redis 存储 token)
|
||||
$token = md5($user->id . time() . 'secret');
|
||||
cache('asset_token_' . $token, $user->id, 86400 * 7);
|
||||
// 生成 token 并持久化到数据库
|
||||
$token = md5($user->id . time() . uniqid('asset', true));
|
||||
$user->token = $token;
|
||||
$user->token_expire_time = time() + self::TOKEN_EXPIRE;
|
||||
$user->save();
|
||||
|
||||
return $this->success('登录成功', [
|
||||
'token' => $token,
|
||||
@@ -55,22 +76,16 @@ class AssetAppController extends BaseApiController
|
||||
*/
|
||||
public function getResourceList()
|
||||
{
|
||||
$token = $this->request->header('token');
|
||||
if (empty($token)) {
|
||||
return $this->fail('请先登录', [], -1);
|
||||
$user = $this->getAssetUser();
|
||||
if (!$user) {
|
||||
return $this->fail('登录已过期,请重新登录', [], -1);
|
||||
}
|
||||
|
||||
$userId = cache('asset_token_' . $token);
|
||||
if (!$userId) {
|
||||
return $this->fail('登录已过期', [], -1);
|
||||
}
|
||||
|
||||
$type = $this->request->get('type', 1); // 1:图片 2:视频 3:语音
|
||||
$type = $this->request->get('type', 1);
|
||||
$pageNo = $this->request->get('page_no', 1);
|
||||
$pageSize = $this->request->get('page_size', 20);
|
||||
|
||||
// 获取用户关联的资源 ID 列表
|
||||
$resourceIds = AssetUserResource::where('user_id', $userId)->column('resource_id');
|
||||
$resourceIds = AssetUserResource::where('user_id', $user->id)->column('resource_id');
|
||||
|
||||
if (empty($resourceIds)) {
|
||||
return $this->data([
|
||||
@@ -101,22 +116,22 @@ class AssetAppController extends BaseApiController
|
||||
*/
|
||||
public function changePassword()
|
||||
{
|
||||
$token = $this->request->header('token');
|
||||
if (empty($token)) {
|
||||
return $this->fail('请先登录', [], -1);
|
||||
}
|
||||
|
||||
$userId = cache('asset_token_' . $token);
|
||||
if (!$userId) {
|
||||
return $this->fail('登录已过期', [], -1);
|
||||
$user = $this->getAssetUser();
|
||||
if (!$user) {
|
||||
return $this->fail('登录已过期,请重新登录', [], -1);
|
||||
}
|
||||
|
||||
$oldPassword = $this->request->post('old_password');
|
||||
$password = $this->request->post('password');
|
||||
|
||||
$user = AssetUser::find($userId);
|
||||
if (!$user) {
|
||||
return $this->fail('用户不存在', [], -1);
|
||||
if (empty($oldPassword)) {
|
||||
return $this->fail('请输入原密码');
|
||||
}
|
||||
if (empty($password)) {
|
||||
return $this->fail('请输入新密码');
|
||||
}
|
||||
if (strlen($password) < 6) {
|
||||
return $this->fail('新密码至少6位');
|
||||
}
|
||||
|
||||
if (!password_verify($oldPassword, $user->password)) {
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
-- 为 asset_user 表添加 token 持久化字段(替代 file cache,避免 GC 清理导致 token 丢失)
|
||||
ALTER TABLE `zyt_asset_user` ADD COLUMN `token` varchar(64) DEFAULT '' COMMENT '登录token' AFTER `status`;
|
||||
ALTER TABLE `zyt_asset_user` ADD COLUMN `token_expire_time` int(11) DEFAULT '0' COMMENT 'token过期时间戳' AFTER `token`;
|
||||
ALTER TABLE `zyt_asset_user` ADD INDEX `idx_token` (`token`);
|
||||
Reference in New Issue
Block a user