diff --git a/extend/base/admin/controller/LoginBase.php b/extend/base/admin/controller/LoginBase.php index bc212be..09daee1 100644 --- a/extend/base/admin/controller/LoginBase.php +++ b/extend/base/admin/controller/LoginBase.php @@ -5,6 +5,7 @@ namespace base\admin\controller; use app\admin\model\SystemAdmin; use app\common\controller\AdminController; use think\captcha\facade\Captcha; +use think\facade\Cache; use think\facade\Env; use think\facade\Event; use think\facade\Session; @@ -80,9 +81,11 @@ class LoginBase extends AdminController unset($admin['password']); $admin['expire_time'] = $post['keep_login'] == 1 ? true : time() + 7200; session('admin', $admin); + $token = md5(uniqid()); + Cache::set($token, $admin, $post['keep_login'] == 1 ? time() + 86400 * 7 : time() + 7200); Session::delete('back-url'); - $this->success('登录成功', '', $back_url); + $this->success('登录成功', ['token' => $token], $back_url); } $this->assign('captcha', $captcha); $this->assign('demo', $this->isDemo); diff --git a/extend/base/common/controller/AdminControllerBase.php b/extend/base/common/controller/AdminControllerBase.php index 72eefdb..4330891 100644 --- a/extend/base/common/controller/AdminControllerBase.php +++ b/extend/base/common/controller/AdminControllerBase.php @@ -6,6 +6,7 @@ use app\admin\model\SystemAdmin; use app\BaseController; use app\common\constants\AdminConstant; use app\common\service\AuthService; +use think\facade\Cache; use think\facade\Config; use think\facade\Env; use think\facade\View; @@ -462,8 +463,22 @@ class AdminControllerBase extends BaseController protected function checkAuth($currentNode = null, $haltRequest = true) { $adminConfig = config('admin'); - $adminId = session('admin.id'); - $expireTime = session('admin.expire_time'); + + $header_authorization = $this->request->header('Authorization'); + if (!empty($header_authorization)) { + $token = explode(' ', $header_authorization)[1]; + $admin = Cache::get($token); + } else { + $admin = session('admin'); + } + + $back_url = $this->request->url(); + if (empty($admin)) { + $this->error('请先登录后台', [], __url('admin/login/index', ['back_url' => $back_url])); + } + $adminId = $admin['id']; + $expireTime = $admin['expire_time']; + /** @var AuthService $authService */ $authService = app(AuthService::class, ['adminId' => $adminId]); @@ -474,8 +489,6 @@ class AdminControllerBase extends BaseController $currentController = parse_name(app()->request->controller()); - $back_url = $this->request->url(); - // 验证登录 if ( !in_array($currentController, $adminConfig['no_login_controller']) &&