完善商品/用户请求合规检测

app/Http/Controllers/Admin/ShopController.php

@@ -7,6 +7,7 @@ use App\Http\Requests\Admin\ShopStoreRequest;
 use App\Http\Requests\Admin\ShopUpdateRequest;
 use App\Models\Goods;
 use App\Models\Level;
+use Arr;
 use Exception;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\RedirectResponse;
@@ -48,10 +49,13 @@ class ShopController extends Controller
     public function store(ShopStoreRequest $request): RedirectResponse
     {
         try {
-            $data = $request->except('_token', 'logo', 'traffic', 'traffic_unit');
-            $data['traffic'] = $request->input('traffic') * $request->input('traffic_unit') ?? 1;
-            $data['is_hot'] = $request->input('is_hot') ? 1 : 0;
-            $data['status'] = $request->input('status') ? 1 : 0;
+            $data = $request->validated();
+            if (array_key_exists('traffic_unit', $data)) {
+                $data['traffic'] *= $data['traffic_unit'];
+                Arr::forget($data, 'traffic_unit');
+            }
+            $data['is_hot'] = array_key_exists('is_hot', $data) ? 1 : 0;
+            $data['status'] = array_key_exists('status', $data) ? 1 : 0;
 
             // 商品LOGO
             if ($request->hasFile('logo')) {
@@ -100,7 +104,8 @@ class ShopController extends Controller
     // 编辑商品
     public function update(ShopUpdateRequest $request, Goods $good)
     {
-        $data = $request->except('_token', '_method', 'logo');
+        $data = $request->validated();
+
         // 商品LOGO
         if ($request->hasFile('logo')) {
             $path = $this->fileUpload($request->file('logo'));
@@ -112,9 +117,8 @@ class ShopController extends Controller
         }
 
         try {
-            $data['is_hot'] = $request->input('is_hot') ? 1 : 0;
-            $data['status'] = $request->input('status') ? 1 : 0;
-
+            $data['is_hot'] = array_key_exists('is_hot', $data) ? 1 : 0;
+            $data['status'] = array_key_exists('status', $data) ? 1 : 0;
             if ($good->update($data)) {
                 return Redirect::back()->with('successMsg', '编辑成功');
             }

app/Http/Controllers/Admin/UserController.php

@@ -13,6 +13,7 @@ use App\Models\Order;
 use App\Models\User;
 use App\Models\UserGroup;
 use App\Models\UserHourlyDataFlow;
+use Arr;
 use Auth;
 use Exception;
 use Illuminate\Http\JsonResponse;
@@ -137,11 +138,13 @@ class UserController extends Controller
     public function store(UserStoreRequest $request): JsonResponse
     {
         try {
-            $data = $request->except('_token', 'uuid', 'roles');
+            $data = $request->validated();
+            Arr::forget($data, 'roles');
             $data['password'] = $data['password'] ?? Str::random();
             $data['port'] = $data['port'] ?? Helpers::getPort();
             $data['passwd'] = $data['passwd'] ?? Str::random();
-            $data['vmess_id'] = $request->input('uuid') ?? Str::uuid();
+            $data['vmess_id'] = $data['uuid'] ?? Str::uuid();
+            Arr::forget($data, 'uuid');
             $data['transfer_enable'] *= GB;
             $data['expired_at'] = $data['expired_at'] ?? date('Y-m-d', strtotime('+365 days'));
             $data['remark'] = str_replace(['atob', 'eval'], '', $data['remark']);
@@ -149,9 +152,9 @@ class UserController extends Controller
             $data['reset_time'] = $data['reset_time'] > date('Y-m-d') ? $data['reset_time'] : null;
             $user = User::create($data);
 
-            $roles = $request->input('roles') ?? [];
-            if ($roles && (Auth::getUser()->hasPermissionTo('give roles') || (in_array('Super Admin', $roles, true) && Auth::getUser()->hasRole('Super Admin'))
-                    || Auth::getUser()->hasRole('Super Admin'))) {
+            $roles = $request->input('roles');
+            if ($roles && (Auth::getUser()->hasPermissionTo('give roles') || (in_array('Super Admin', $roles, true)
+                        && Auth::getUser()->hasRole('Super Admin')) || Auth::getUser()->hasRole('Super Admin'))) {
                 $user->assignRole($roles);
             }
 
@@ -191,19 +194,21 @@ class UserController extends Controller
     public function update(UserUpdateRequest $request, User $user)
     {
         try {
-            $data = $request->except('_token', 'password', 'uuid', 'password', 'roles');
+            $data = $request->validated();
+            Arr::forget($data, 'roles');
             $data['passwd'] = $request->input('passwd') ?? Str::random();
-            $data['vmess_id'] = $request->input('uuid') ?? Str::uuid();
+            $data['vmess_id'] = $data['uuid'] ?? Str::uuid();
+            Arr::forget($data, 'uuid');
             $data['transfer_enable'] *= GB;
             $data['enable'] = $data['status'] < 0 ? 0 : $data['enable'];
             $data['expired_at'] = $data['expired_at'] ?? date('Y-m-d', strtotime('+365 days'));
             $data['remark'] = str_replace(['atob', 'eval'], '', $data['remark']);
 
             // 只有超级管理员才能赋予超级管理员
-            $roles = $request->input('roles') ?? [];
+            $roles = $request->input('roles');
 
-            if ($roles && (Auth::getUser()->hasPermissionTo('give roles') || (in_array('Super Admin', $roles, true) && Auth::getUser()->hasRole('Super Admin')) ||
-                    Auth::getUser()->hasRole('Super Admin'))) {
+            if ($roles && (Auth::getUser()->hasPermissionTo('give roles') || (in_array('Super Admin', $roles, true)
+                        && Auth::getUser()->hasRole('Super Admin')) || Auth::getUser()->hasRole('Super Admin'))) {
                 $user->syncRoles($roles);
             }
 
@@ -260,8 +265,6 @@ class UserController extends Controller
     // 批量生成账号
     public function batchAddUsers()
     {
-        $preset = ['transfer_enable' => 1024 * GB, 'expired_at' => date('Y-m-d', strtotime('+365 days'))];
-
         try {
             for ($i = 0; $i < (int) request('amount', 1); $i++) {
                 $user = Helpers::addUser(Str::random(8).'@auto.generate', Str::random(), 1024 * GB, 365);

app/Http/Controllers/UserController.php

@@ -331,9 +331,7 @@ class UserController extends Controller
         $ticket = Ticket::uid()->with('user')->whereId($id)->firstOrFail();
 
         if ($request->isMethod('POST')) {
-            $content = clean($request->input('content'));
-            $content = str_replace(['atob', 'eval'], '', $content);
-            $content = substr($content, 0, 300);
+            $content = substr(str_replace(['atob', 'eval'], '', clean($request->input('content'))), 0, 300);
 
             if (empty($content)) {
                 return Response::json(['status' => 'fail', 'message' => '回复内容不能为空']);
@@ -567,7 +565,6 @@ class UserController extends Controller
         return Response::json(['status' => 'fail', 'message' => '身份切换失败']);
     }
 
-    // Todo 卡券余额合并至CouponService
     public function charge(Request $request): ?JsonResponse
     {
         $validator = Validator::make($request->all(), [

app/Http/Requests/Admin/ShopStoreRequest.php

@@ -9,13 +9,24 @@ class ShopStoreRequest extends FormRequest
     public function rules(): array
     {
         return [
-            'name' => 'required',
-            'traffic' => 'required|integer|min:1|max:10240000|nullable',
+            'type' => 'required|numeric|between:1,2',
+            'name' => 'required|string',
             'price' => 'required|numeric|min:0',
-            'type' => 'required',
-            'renew' => 'required_unless:type,2|min:0',
-            'days' => 'required|integer',
+            'level' => 'required|numeric|exists:level,level',
+            'renew' => 'required_unless:type,2|numeric|min:0|nullable',
+            'period' => 'required_unless:type,2|numeric|min:0|nullable',
+            'traffic' => 'required|numeric|min:1|max:10240000',
+            'traffic_unit' => 'numeric|nullable',
+            'invite_num' => 'numeric',
+            'limit_num' => 'numeric',
+            'days' => 'required|numeric',
+            'is_hot' => 'nullable|string',
+            'status' => 'nullable|string',
+            'sort' => 'numeric',
+            'color' => 'nullable|string',
             'logo' => 'nullable|image',
+            'description' => 'nullable|string',
+            'info' => 'nullable|string',
         ];
     }
 }

app/Http/Requests/Admin/ShopUpdateRequest.php

@@ -9,10 +9,20 @@ class ShopUpdateRequest extends FormRequest
     public function rules(): array
     {
         return [
-            'name' => 'required',
+            'name' => 'required|string',
             'price' => 'required|numeric|min:0',
-            'renew' => 'required_unless:type,2|min:0',
+            'level' => 'required|numeric|exists:level,level',
+            'renew' => 'required_unless:type,2|numeric|min:0|nullable',
+            'period' => 'required_unless:type,2|numeric|min:0|nullable',
+            'invite_num' => 'numeric',
+            'limit_num' => 'numeric',
+            'is_hot' => 'nullable|string',
+            'status' => 'nullable|string',
+            'sort' => 'numeric',
+            'color' => 'nullable|string',
             'logo' => 'nullable|image',
+            'description' => 'nullable|string',
+            'info' => 'nullable|string',
         ];
     }
 }

app/Http/Requests/Admin/UserStoreRequest.php

@@ -11,6 +11,26 @@ class UserStoreRequest extends FormRequest
         return [
             'username' => 'required',
             'email' => 'required|unique:user,email,'.$this->user,
+            'password' => 'nullable|string|nullable',
+            'port' => 'nullable|numeric',
+            'passwd' => 'nullable|string',
+            'uuid' => 'nullable|uuid',
+            'transfer_enable' => 'required|numeric|min:0',
+            'enable' => 'required|boolean',
+            'method' => 'required|string|exists:ss_config,name',
+            'protocol' => 'required|string|exists:ss_config,name',
+            'obfs' => 'required|string|exists:ss_config,name',
+            'speed_limit' => 'required|numeric|min:0',
+            'wechat' => 'nullable|string',
+            'qq' => 'nullable|string',
+            'expired_at' => 'nullable|date_format:Y-m-d',
+            'remark' => 'nullable|string',
+            'level' => 'required|exists:level,level',
+            'user_group_id' => 'nullable|exists:user_group,id',
+            'roles' => 'nullable|exists:roles,name',
+            'reset_time' => 'nullable|date_format:Y-m-d',
+            'invite_num' => 'required|numeric|min:0',
+            'status' => 'required|numeric|between:-1,1',
         ];
     }
 }

app/Http/Requests/Admin/UserUpdateRequest.php

@@ -11,22 +11,26 @@ class UserUpdateRequest extends FormRequest
         return [
             'username' => 'required',
             'email' => 'required|unique:user,email,'.$this->user->id,
+            'password' => 'nullable|string',
             'port' => 'required|numeric|exclude_if:port,0|gt:0|unique:user,port,'.$this->user->id,
             'passwd' => 'required|string',
             'uuid' => 'required|uuid',
-            'transfer_enable' => 'required|numeric',
+            'transfer_enable' => 'required|numeric|min:0',
             'enable' => 'required|boolean',
-            'method' => 'required|string',
-            'protocol' => 'required|string',
-            'obfs' => 'required|string',
-            'speed_limit' => 'required|numeric',
+            'method' => 'required|string|exists:ss_config,name',
+            'protocol' => 'required|string|exists:ss_config,name',
+            'obfs' => 'required|string|exists:ss_config,name',
+            'speed_limit' => 'required|numeric|min:0',
+            'wechat' => 'nullable|string',
+            'qq' => 'nullable|string',
             'expired_at' => 'required|date_format:Y-m-d',
             'remark' => 'nullable|string',
-            'level' => 'required|numeric',
-            'group_id' => 'numeric',
+            'level' => 'required|exists:level,level',
+            'user_group_id' => 'nullable|exists:user_group,id',
+            'roles' => 'nullable|exists:roles,name',
             'reset_time' => 'nullable|date_format:Y-m-d',
-            'invite_num' => 'numeric',
-            'status' => 'required|integer|between:-1,1',
+            'invite_num' => 'required|numeric|min:0',
+            'status' => 'required|numeric|between:-1,1',
         ];
     }
 }