feat: 实现token认证机制

This commit is contained in:
augushong
2025-03-11 10:30:09 +08:00
parent e33863af46
commit dadce88936
2 changed files with 21 additions and 5 deletions

View File

@@ -5,6 +5,7 @@ namespace base\admin\controller;
use app\admin\model\SystemAdmin;
use app\common\controller\AdminController;
use think\captcha\facade\Captcha;
use think\facade\Cache;
use think\facade\Env;
use think\facade\Event;
use think\facade\Session;
@@ -80,9 +81,11 @@ class LoginBase extends AdminController
unset($admin['password']);
$admin['expire_time'] = $post['keep_login'] == 1 ? true : time() + 7200;
session('admin', $admin);
$token = md5(uniqid());
Cache::set($token, $admin, $post['keep_login'] == 1 ? time() + 86400 * 7 : time() + 7200);
Session::delete('back-url');
$this->success('登录成功', '', $back_url);
$this->success('登录成功', ['token' => $token], $back_url);
}
$this->assign('captcha', $captcha);
$this->assign('demo', $this->isDemo);

View File

@@ -6,6 +6,7 @@ use app\admin\model\SystemAdmin;
use app\BaseController;
use app\common\constants\AdminConstant;
use app\common\service\AuthService;
use think\facade\Cache;
use think\facade\Config;
use think\facade\Env;
use think\facade\View;
@@ -462,8 +463,22 @@ class AdminControllerBase extends BaseController
protected function checkAuth($currentNode = null, $haltRequest = true)
{
$adminConfig = config('admin');
$adminId = session('admin.id');
$expireTime = session('admin.expire_time');
$header_authorization = $this->request->header('Authorization');
if (!empty($header_authorization)) {
$token = explode(' ', $header_authorization)[1];
$admin = Cache::get($token);
} else {
$admin = session('admin');
}
$back_url = $this->request->url();
if (empty($admin)) {
$this->error('请先登录后台', [], __url('admin/login/index', ['back_url' => $back_url]));
}
$adminId = $admin['id'];
$expireTime = $admin['expire_time'];
/** @var AuthService $authService */
$authService = app(AuthService::class, ['adminId' => $adminId]);
@@ -474,8 +489,6 @@ class AdminControllerBase extends BaseController
$currentController = parse_name(app()->request->controller());
$back_url = $this->request->url();
// 验证登录
if (
!in_array($currentController, $adminConfig['no_login_controller']) &&