微拆分 auth操作

app/Http/Controllers/AuthController.php

@@ -4,6 +4,7 @@ namespace App\Http\Controllers;
 
 use App\Components\Helpers;
 use App\Components\IP;
+use App\Http\Requests\Auth\RegisterRequest;
 use App\Mail\activeUser;
 use App\Mail\resetPassword;
 use App\Mail\sendVerifyCode;
@@ -36,67 +37,70 @@ use Validator;
 class AuthController extends Controller
 {
     // 登录
-    public function login(Request $request)
+    public function showLoginForm()
     {
-        if ($request->isMethod('POST')) {
-            $validator = Validator::make($request->all(), [
-                'email' => 'required|email',
-                'password' => 'required',
-            ], [
-                'email.required' => trans('auth.email_null'),
-                'password.required' => trans('auth.password_null'),
-            ]);
-
-            if ($validator->fails()) {
-                return Redirect::back()->withInput()->withErrors($validator->errors());
+        // 根据权限跳转
+        if (Auth::check()) {
+            if (Auth::getUser()->hasPermissionTo('admin.index') || Auth::getUser()->hasRole('Super Admin')) {
+                return Redirect::route('admin.index');
             }
 
-            // 是否校验验证码
-            $captcha = $this->check_captcha($request);
-            if ($captcha !== false) {
-                return $captcha;
-            }
+            return Redirect::route('home');
+        }
 
-            // 验证账号并创建会话
-            if (! Auth::attempt($validator->validated(), $request->input('remember'))) {
-                return Redirect::back()->withInput()->withErrors(trans('auth.login_error'));
-            }
-            $user = Auth::getUser();
+        return view('auth.login');
+    }
 
-            if (! $user) {
-                return Redirect::back()->withInput()->withErrors(trans('auth.login_error'));
-            }
+    public function login(Request $request)
+    {
+        $validator = Validator::make($request->all(), [
+            'email' => 'required|email',
+            'password' => 'required',
+        ], [
+            'email.required' => trans('auth.email_null'),
+            'password.required' => trans('auth.password_null'),
+        ]);
 
-            // 校验普通用户账号状态
-            if ($user->status < 0) {
-                Auth::logout(); // 强制销毁会话，因为Auth::attempt的时候会产生会话
+        if ($validator->fails()) {
+            return Redirect::back()->withInput()->withErrors($validator->errors());
+        }
 
-                return Redirect::back()->withInput()->withErrors(trans('auth.login_ban', ['email' => sysConfig('webmaster_email')]));
-            }
+        // 是否校验验证码
+        $captcha = $this->check_captcha($request);
+        if ($captcha !== false) {
+            return $captcha;
+        }
 
-            if ($user->status === 0 && sysConfig('is_activate_account')) {
-                Auth::logout(); // 强制销毁会话，因为Auth::attempt的时候会产生会话
+        // 验证账号并创建会话
+        if (! Auth::attempt($validator->validated(), $request->input('remember'))) {
+            return Redirect::back()->withInput()->withErrors(trans('auth.login_error'));
+        }
+        $user = Auth::getUser();
 
-                return Redirect::back()->withInput()->withErrors(trans('auth.active_tip').'<a href="'.route('active').'?email='.$user->email.'" target="_blank"><span style="color:#000">【'.trans('auth.active_account').'】</span></a>');
-            }
+        if (! $user) {
+            return Redirect::back()->withInput()->withErrors(trans('auth.login_error'));
+        }
 
-            // 写入登录日志
-            $this->addUserLoginLog($user->id, IP::getClientIp());
+        // 校验普通用户账号状态
+        if ($user->status < 0) {
+            Auth::logout(); // 强制销毁会话，因为Auth::attempt的时候会产生会话
 
-            // 更新登录信息
-            $user->update(['last_login' => time()]);
+            return Redirect::back()->withInput()->withErrors(trans('auth.login_ban', ['email' => sysConfig('webmaster_email')]));
         }
 
-        // 根据权限跳转
-        if (Auth::check()) {
-            if (Auth::getUser()->hasPermissionTo('admin.index') || Auth::getUser()->hasRole('Super Admin')) {
-                return Redirect::route('admin.index');
-            }
+        if ($user->status === 0 && sysConfig('is_activate_account')) {
+            Auth::logout(); // 强制销毁会话，因为Auth::attempt的时候会产生会话
 
-            return Redirect::route('home');
+            return Redirect::back()->withInput()->withErrors(trans('auth.active_tip').'<a href="'.route('active').'?email='.$user->email.'" target="_blank"><span style="color:#000">【'.trans('auth.active_account').'】</span></a>');
         }
 
-        return view('auth.login');
+        // 写入登录日志
+        $this->addUserLoginLog($user->id, IP::getClientIp());
+
+        // 更新登录信息
+        $user->update(['last_login' => time()]);
+
+        return redirect()->back();
     }
 
     // 校验验证码
@@ -178,173 +182,171 @@ class AuthController extends Controller
         return Redirect::route('login');
     }
 
+    public function showRegistrationForm()
+    {
+        Session::put('register_token', Str::random());
+
+        return view('auth.register', ['emailList' => (int) sysConfig('is_email_filtering') !== 2 ? false : EmailFilter::whereType(2)->get()]);
+    }
+
     // 注册
-    public function register(Request $request)
+    public function register(RegisterRequest $request)
     {
         $cacheKey = 'register_times_'.md5(IP::getClientIp()); // 注册限制缓存key
 
-        if ($request->isMethod('POST')) {
-            $validator = Validator::make($request->all(), [
-                'username' => 'required',
-                'email' => 'required|email|unique:user',
-                'password' => 'required|min:6',
-                'confirmPassword' => 'required|same:password',
-                'term' => 'accepted',
-            ], [
-                'username.required' => trans('auth.email_null'),
-                'email.required' => trans('auth.email_null'),
-                'email.email' => trans('auth.email_legitimate'),
-                'email.unique' => trans('auth.email_exist'),
-                'password.required' => trans('auth.password_null'),
-                'password.min' => trans('auth.password_limit'),
-                'confirmPassword.required' => trans('auth.confirm_password'),
-                'confirmPassword.same' => trans('auth.password_same'),
-                'term.accepted' => trans('auth.unaccepted'),
-            ]);
+        $validator = Validator::make($request->all(), [
+            'username' => 'required',
+            'email' => 'required|email|unique:user',
+            'password' => 'required|min:6|confirmed',
+            'password_confirmation' => 'required|same:password',
+            'term' => 'accepted',
+        ], [
+            'username.required' => trans('auth.email_null'),
+            'email.required' => trans('auth.email_null'),
+            'email.email' => trans('auth.email_legitimate'),
+            'email.unique' => trans('auth.email_exist'),
+            'password.required' => trans('auth.password_null'),
+            'password.min' => trans('auth.password_limit'),
+            'password_confirmation.required' => trans('auth.confirm_password'),
+            'password_confirmation.same' => trans('auth.password_same'),
+            'term.accepted' => trans('auth.unaccepted'),
+        ]);
 
-            if ($validator->fails()) {
-                return Redirect::back()->withInput()->withErrors($validator->errors());
-            }
+        if ($validator->fails()) {
+            return Redirect::back()->withInput()->withErrors($validator->errors());
+        }
+        $data = $request->validated();
+        $register_token = $request->input('register_token');
+        $code = $request->input('code');
+        $verify_code = $request->input('verify_code');
+        $aff = (int) $request->input('aff');
+
+        // 防止重复提交
+        if ($register_token !== Session::get('register_token')) {
+            return Redirect::back()->withInput()->withErrors(trans('auth.repeat_request'));
+        }
 
-            $username = $request->input('username');
-            $email = $request->input('email');
-            $password = $request->input('password');
-            $register_token = $request->input('register_token');
-            $code = $request->input('code');
-            $verify_code = $request->input('verify_code');
-            $aff = (int) $request->input('aff');
-
-            // 防止重复提交
-            if ($register_token !== Session::get('register_token')) {
-                return Redirect::back()->withInput()->withErrors(trans('auth.repeat_request'));
-            }
+        Session::forget('register_token');
 
-            Session::forget('register_token');
+        // 是否开启注册
+        if (! sysConfig('is_register')) {
+            return Redirect::back()->withErrors(trans('auth.register_close'));
+        }
 
-            // 是否开启注册
-            if (! sysConfig('is_register')) {
-                return Redirect::back()->withErrors(trans('auth.register_close'));
+        // 校验域名邮箱黑白名单
+        if (sysConfig('is_email_filtering')) {
+            $result = $this->emailChecker($data['email'], 1);
+            if ($result !== false) {
+                return $result;
             }
+        }
 
-            // 校验域名邮箱黑白名单
-            if (sysConfig('is_email_filtering')) {
-                $result = $this->emailChecker($email, 1);
-                if ($result !== false) {
-                    return $result;
+        // 如果需要邀请注册
+        if (sysConfig('is_invite_register')) {
+            // 校验邀请码合法性
+            if ($code) {
+                if (Invite::whereCode($code)->whereStatus(0)->doesntExist()) {
+                    return Redirect::back()->withInput($request->except('code'))->withErrors(trans('auth.code_error'));
                 }
+            } elseif ((int) sysConfig('is_invite_register') === 2) { // 必须使用邀请码
+                return Redirect::back()->withInput()->withErrors(trans('auth.code_null'));
             }
+        }
 
-            // 如果需要邀请注册
-            if (sysConfig('is_invite_register')) {
-                // 校验邀请码合法性
-                if ($code) {
-                    if (Invite::whereCode($code)->whereStatus(0)->doesntExist()) {
-                        return Redirect::back()->withInput($request->except('code'))->withErrors(trans('auth.code_error'));
-                    }
-                } elseif ((int) sysConfig('is_invite_register') === 2) { // 必须使用邀请码
-                    return Redirect::back()->withInput()->withErrors(trans('auth.code_null'));
-                }
+        // 注册前发送激活码
+        if ((int) sysConfig('is_activate_account') === 1) {
+            if (! $verify_code) {
+                return Redirect::back()->withInput($request->except('verify_code'))->withErrors(trans('auth.captcha_null'));
             }
 
-            // 注册前发送激活码
-            if ((int) sysConfig('is_activate_account') === 1) {
-                if (! $verify_code) {
-                    return Redirect::back()->withInput($request->except('verify_code'))->withErrors(trans('auth.captcha_null'));
-                }
+            $verifyCode = VerifyCode::whereAddress($data['email'])->whereCode($verify_code)->whereStatus(0)->first();
+            if (! $verifyCode) {
+                return Redirect::back()->withInput($request->except('verify_code'))->withErrors(trans('auth.captcha_overtime'));
+            }
 
-                $verifyCode = VerifyCode::whereAddress($email)->whereCode($verify_code)->whereStatus(0)->first();
-                if (! $verifyCode) {
-                    return Redirect::back()->withInput($request->except('verify_code'))->withErrors(trans('auth.captcha_overtime'));
-                }
+            $verifyCode->status = 1;
+            $verifyCode->save();
+        }
 
-                $verifyCode->status = 1;
-                $verifyCode->save();
-            }
+        // 是否校验验证码
+        $captcha = $this->check_captcha($request);
+        if ($captcha !== false) {
+            return $captcha;
+        }
 
-            // 是否校验验证码
-            $captcha = $this->check_captcha($request);
-            if ($captcha !== false) {
-                return $captcha;
+        // 24小时内同IP注册限制
+        if (sysConfig('register_ip_limit') && Cache::has($cacheKey)) {
+            $registerTimes = Cache::get($cacheKey);
+            if ($registerTimes >= sysConfig('register_ip_limit')) {
+                return Redirect::back()->withInput($request->except('code'))->withErrors(trans('auth.register_anti'));
             }
+        }
 
-            // 24小时内同IP注册限制
-            if (sysConfig('register_ip_limit') && Cache::has($cacheKey)) {
-                $registerTimes = Cache::get($cacheKey);
-                if ($registerTimes >= sysConfig('register_ip_limit')) {
-                    return Redirect::back()->withInput($request->except('code'))->withErrors(trans('auth.register_anti'));
-                }
-            }
+        // 获取可用端口
+        $port = Helpers::getPort();
+        if ($port > sysConfig('max_port')) {
+            return Redirect::back()->withInput()->withErrors(trans('auth.register_close'));
+        }
 
-            // 获取可用端口
-            $port = Helpers::getPort();
-            if ($port > sysConfig('max_port')) {
-                return Redirect::back()->withInput()->withErrors(trans('auth.register_close'));
-            }
+        // 获取aff
+        $affArr = $this->getAff($code, $aff);
+        $inviter_id = $affArr['inviter_id'];
 
-            // 获取aff
-            $affArr = $this->getAff($code, $aff);
-            $inviter_id = $affArr['inviter_id'];
+        $transfer_enable = MB * ((int) sysConfig('default_traffic') + ($inviter_id ? (int) sysConfig('referral_traffic') : 0));
 
-            $transfer_enable = MB * ((int) sysConfig('default_traffic') + ($inviter_id ? (int) sysConfig('referral_traffic') : 0));
+        // 创建新用户
+        $user = Helpers::addUser($data['email'], $data['password'], $transfer_enable, sysConfig('default_days'), $inviter_id, $data['username']);
 
-            // 创建新用户
-            $user = Helpers::addUser($email, $password, $transfer_enable, sysConfig('default_days'), $inviter_id, $username);
+        // 注册失败，抛出异常
+        if (! $user) {
+            return Redirect::back()->withInput()->withErrors(trans('auth.register_fail'));
+        }
 
-            // 注册失败，抛出异常
-            if (! $user) {
-                return Redirect::back()->withInput()->withErrors(trans('auth.register_fail'));
-            }
+        // 注册次数+1
+        if (Cache::has($cacheKey)) {
+            Cache::increment($cacheKey);
+        } else {
+            Cache::put($cacheKey, 1, Day); // 24小时
+        }
 
-            // 注册次数+1
-            if (Cache::has($cacheKey)) {
-                Cache::increment($cacheKey);
-            } else {
-                Cache::put($cacheKey, 1, Day); // 24小时
+        // 更新邀请码
+        if ($affArr['code_id'] && sysConfig('is_invite_register')) {
+            $invite = Invite::find($affArr['code_id']);
+            if ($invite) {
+                $invite->update(['invitee_id' => $user->id, 'status' => 1]);
             }
+        }
 
-            // 更新邀请码
-            if ($affArr['code_id'] && sysConfig('is_invite_register')) {
-                $invite = Invite::find($affArr['code_id']);
-                if ($invite) {
-                    $invite->update(['invitee_id' => $user->id, 'status' => 1]);
-                }
-            }
+        // 清除邀请人Cookie
+        Cookie::unqueue('register_aff');
 
-            // 清除邀请人Cookie
-            Cookie::unqueue('register_aff');
-
-            // 注册后发送激活码
-            if ((int) sysConfig('is_activate_account') === 2) {
-                // 生成激活账号的地址
-                $token = $this->addVerifyUrl($user->id, $email);
-                $activeUserUrl = route('activeAccount', $token);
-
-                $logId = Helpers::addNotificationLog('注册激活', '请求地址：'.$activeUserUrl, 1, $email);
-                Mail::to($email)->send(new activeUser($logId, $activeUserUrl));
-
-                Session::flash('successMsg', trans('auth.register_active_tip'));
-            } else {
-                // 则直接给推荐人加流量
-                if ($inviter_id) {
-                    $referralUser = User::find($inviter_id);
-                    if ($referralUser && $referralUser->expired_at >= date('Y-m-d')) {
-                        $referralUser->incrementData(sysConfig('referral_traffic') * MB);
-                    }
-                }
+        // 注册后发送激活码
+        if ((int) sysConfig('is_activate_account') === 2) {
+            // 生成激活账号的地址
+            $token = $this->addVerifyUrl($user->id, $user->email);
+            $activeUserUrl = route('activeAccount', $token);
+
+            $logId = Helpers::addNotificationLog('注册激活', '请求地址：'.$activeUserUrl, 1, $user->email);
+            Mail::to($user->email)->send(new activeUser($logId, $activeUserUrl));
 
-                if ((int) sysConfig('is_activate_account') === 1) {
-                    $user->update(['status' => 1]);
+            Session::flash('successMsg', trans('auth.register_active_tip'));
+        } else {
+            // 则直接给推荐人加流量
+            if ($inviter_id) {
+                $referralUser = User::find($inviter_id);
+                if ($referralUser && $referralUser->expired_at >= date('Y-m-d')) {
+                    $referralUser->incrementData(sysConfig('referral_traffic') * MB);
                 }
+            }
 
-                Session::flash('successMsg', trans('auth.register_success'));
+            if ((int) sysConfig('is_activate_account') === 1) {
+                $user->update(['status' => 1]);
             }
 
-            return Redirect::route('login')->withInput();
+            Session::flash('successMsg', trans('auth.register_success'));
         }
 
-        Session::put('register_token', Str::random());
-
-        return view('auth.register', ['emailList' => (int) sysConfig('is_email_filtering') !== 2 ? false : EmailFilter::whereType(2)->get()]);
+        return Redirect::route('login')->withInput();
     }
 
     //邮箱检查
@@ -495,14 +497,14 @@ class AuthController extends Controller
 
         if ($request->isMethod('POST')) {
             $validator = Validator::make($request->all(), [
-                'password' => 'required|min:6',
-                'confirmPassword' => 'required|same:password',
+                'password' => 'required|min:6|confirmed',
+                'password_confirmation' => 'required|same:password',
             ], [
                 'password.required' => trans('auth.password_null'),
                 'password.min' => trans('auth.password_limit'),
-                'confirmPassword.required' => trans('auth.password_null'),
-                'confirmPassword.min' => trans('auth.password_limit'),
-                'confirmPassword.same' => trans('auth.password_same'),
+                'password_confirmation.required' => trans('auth.password_null'),
+                'password_confirmation.min' => trans('auth.password_limit'),
+                'password_confirmation.same' => trans('auth.password_same'),
             ]);
 
             if ($validator->fails()) {
@@ -675,7 +677,7 @@ class AuthController extends Controller
     public function sendCode(Request $request)
     {
         $validator = Validator::make($request->all(), [
-            'email' => 'required|email|unique:user',
+            'email' => 'required|email|unique:user,email',
         ], [
             'email.required' => trans('auth.email_null'),
             'email.email' => trans('auth.email_legitimate'),
@@ -712,22 +714,13 @@ class AuthController extends Controller
         $logId = Helpers::addNotificationLog('发送注册验证码', '验证码：'.$code, 1, $email);
         Mail::to($email)->send(new sendVerifyCode($logId, $code));
 
-        $this->addVerifyCode($email, $code);
+        VerifyCode::create(['address' => $email, 'code' => $code]); // 生成注册验证码
 
         Cache::put('send_verify_code_'.md5($ip), $ip, Minute);
 
         return Response::json(['status' => 'success', 'message' => trans('auth.captcha_send')]);
     }
 
-    // 生成注册验证码
-    private function addVerifyCode(string $email, string $code): void
-    {
-        $verify = new VerifyCode();
-        $verify->address = $email;
-        $verify->code = $code;
-        $verify->save();
-    }
-
     // 公开的邀请码列表
     public function free()
     {

app/Http/Requests/Auth/RegisterRequest.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace App\Http\Requests\Auth;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class RegisterRequest extends FormRequest
+{
+    public function rules()
+    {
+        return [
+            'username' => 'required',
+            'email' => 'required|email|unique:user',
+            'password' => 'required|min:6|confirmed',
+            'password_confirmation' => 'required|same:password',
+            'term' => 'accepted',
+        ];
+    }
+
+    public function messages()
+    {
+        return [
+            'username.required' => trans('auth.email_null'),
+            'email.required' => trans('auth.email_null'),
+            'email.email' => trans('auth.email_legitimate'),
+            'email.unique' => trans('auth.email_exist'),
+            'password.required' => trans('auth.password_null'),
+            'password.min' => trans('auth.password_limit'),
+            'password_confirmation.required' => trans('auth.confirm_password'),
+            'password_confirmation.same' => trans('auth.password_same'),
+            'term.accepted' => trans('auth.unaccepted'),
+        ];
+    }
+}

app/Models/VerifyCode.php

@@ -10,6 +10,7 @@ use Illuminate\Database\Eloquent\Model;
 class VerifyCode extends Model
 {
     protected $table = 'verify_code';
+    protected $guarded = [];
 
     public function scopeRecentUnused($query)
     {

resources/views/auth/register.blade.php

@@ -54,8 +54,8 @@
                 <label class="floating-label" for="password">{{trans('auth.password')}}</label>
             </div>
             <div class="form-group form-material floating" data-plugin="formMaterial">
-                <input type="password" class="form-control" autocomplete="off" name="confirmPassword" required/>
-                <label class="floating-label" for="confirmPassword">{{trans('auth.confirm_password')}}</label>
+                <input type="password" class="form-control" autocomplete="off" name="password_confirmation" required/>
+                <label class="floating-label" for="password_confirmation">{{trans('auth.confirm_password')}}</label>
             </div>
             @if(sysConfig('is_invite_register'))
                 <div class="form-group form-material floating" data-plugin="formMaterial">

resources/views/auth/reset.blade.php

@@ -20,8 +20,8 @@
                 <label class="floating-label" for="password">{{trans('auth.new_password')}}</label>
             </div>
             <div class="form-group form-material floating" data-plugin="formMaterial">
-                <input class="form-control" type="password" autocomplete="off" name="confirmPassword" required/>
-                <label class="floating-label" for="confirmPassword">{{trans('auth.confirm_password')}}</label>
+                <input class="form-control" type="password" autocomplete="off" name="password_confirmation" required/>
+                <label class="floating-label" for="password_confirmation">{{trans('auth.confirm_password')}}</label>
             </div>
         @endif
         <a href="/login"

routes/web.php

@@ -13,9 +13,11 @@ Route::get('callback/checkout', 'Gateway\PayPal@getCheckout')->name('paypal.chec
 // 登录相关
 Route::middleware(['isForbidden', 'affiliate', 'isMaintenance'])->group(function () {
     Route::get('lang/{locale}', 'AuthController@switchLang')->name('lang'); // 语言切换
-    Route::match(['get', 'post'], 'login', 'AuthController@login')->middleware('isSecurity')->name('login'); // 登录
+    Route::get('login', 'AuthController@showLoginForm')->middleware('isSecurity')->name('login'); // 登录
+    Route::post('login', 'AuthController@login')->middleware('isSecurity'); // 登录
     Route::get('logout', 'AuthController@logout')->name('logout'); // 退出
-    Route::match(['get', 'post'], 'register', 'AuthController@register')->name('register'); // 注册
+    Route::get('register', 'AuthController@showRegistrationForm')->name('register'); // 注册
+    Route::post('register', 'AuthController@register'); // 注册
     Route::match(['get', 'post'], 'reset', 'AuthController@resetPassword')->name('resetPasswd'); // 重设密码
     Route::match(['get', 'post'], 'reset/{token}', 'AuthController@reset')->name('resettingPasswd'); // 重设密码
     Route::match(['get', 'post'], 'activeUser', 'AuthController@activeUser')->name('active'); // 激活账号