AuthController.php 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318
  1. <?php
  2. namespace App\Http\Controllers\Passport;
  3. use App\Http\Controllers\Controller;
  4. use App\Http\Requests\Passport\AuthRegister;
  5. use App\Http\Requests\Passport\AuthForget;
  6. use App\Http\Requests\Passport\AuthLogin;
  7. use App\Jobs\SendEmailJob;
  8. use Illuminate\Http\Request;
  9. use Illuminate\Support\Facades\Cache;
  10. use App\Models\Plan;
  11. use App\Models\User;
  12. use App\Models\InviteCode;
  13. use App\Utils\Helper;
  14. use App\Utils\Dict;
  15. use App\Utils\CacheKey;
  16. use ReCaptcha\ReCaptcha;
  17. class AuthController extends Controller
  18. {
  19. public function loginWithMailLink(Request $request)
  20. {
  21. if (!(int)config('v2board.login_with_mail_link_enable')) {
  22. abort(404);
  23. }
  24. $params = $request->validate([
  25. 'email' => 'required|email',
  26. 'redirect' => 'nullable'
  27. ]);
  28. if (Cache::get(CacheKey::get('LAST_SEND_LOGIN_WITH_MAIL_LINK_TIMESTAMP', $params['email']))) {
  29. abort(500, __('Sending frequently, please try again later'));
  30. }
  31. $user = User::where('email', $params['email'])->first();
  32. if (!$user) {
  33. return response([
  34. 'data' => true
  35. ]);
  36. }
  37. $code = Helper::guid();
  38. $key = CacheKey::get('TEMP_TOKEN', $code);
  39. Cache::put($key, $user->id, 300);
  40. Cache::put(CacheKey::get('LAST_SEND_LOGIN_WITH_MAIL_LINK_TIMESTAMP', $params['email']), time(), 60);
  41. $redirect = '/#/login?verify=' . $code . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');
  42. if (config('v2board.app_url')) {
  43. $link = config('v2board.app_url') . $redirect;
  44. } else {
  45. $link = url($redirect);
  46. }
  47. SendEmailJob::dispatch([
  48. 'email' => $user->email,
  49. 'subject' => __('Login to :name', [
  50. 'name' => config('v2board.app_name', 'V2Board')
  51. ]),
  52. 'template_name' => 'login',
  53. 'template_value' => [
  54. 'name' => config('v2board.app_name', 'V2Board'),
  55. 'link' => $link,
  56. 'url' => config('v2board.app_url')
  57. ]
  58. ]);
  59. return response([
  60. 'data' => $link
  61. ]);
  62. }
  63. public function register(AuthRegister $request)
  64. {
  65. if ((int)config('v2board.register_limit_by_ip_enable', 0)) {
  66. $registerCountByIP = Cache::get(CacheKey::get('REGISTER_IP_RATE_LIMIT', $request->ip())) ?? 0;
  67. if ((int)$registerCountByIP >= (int)config('v2board.register_limit_count', 3)) {
  68. abort(500, __('Register frequently, please try again after 1 hour'));
  69. }
  70. }
  71. if ((int)config('v2board.recaptcha_enable', 0)) {
  72. $recaptcha = new ReCaptcha(config('v2board.recaptcha_key'));
  73. $recaptchaResp = $recaptcha->verify($request->input('recaptcha_data'));
  74. if (!$recaptchaResp->isSuccess()) {
  75. abort(500, __('Invalid code is incorrect'));
  76. }
  77. }
  78. if ((int)config('v2board.email_whitelist_enable', 0)) {
  79. if (!Helper::emailSuffixVerify(
  80. $request->input('email'),
  81. config('v2board.email_whitelist_suffix', Dict::EMAIL_WHITELIST_SUFFIX_DEFAULT))
  82. ) {
  83. abort(500, __('Email suffix is not in the Whitelist'));
  84. }
  85. }
  86. if ((int)config('v2board.email_gmail_limit_enable', 0)) {
  87. $prefix = explode('@', $request->input('email'))[0];
  88. if (strpos($prefix, '.') !== false || strpos($prefix, '+') !== false) {
  89. abort(500, __('Gmail alias is not supported'));
  90. }
  91. }
  92. if ((int)config('v2board.stop_register', 0)) {
  93. abort(500, __('Registration has closed'));
  94. }
  95. if ((int)config('v2board.invite_force', 0)) {
  96. if (empty($request->input('invite_code'))) {
  97. abort(500, __('You must use the invitation code to register'));
  98. }
  99. }
  100. if ((int)config('v2board.email_verify', 0)) {
  101. if (empty($request->input('email_code'))) {
  102. abort(500, __('Email verification code cannot be empty'));
  103. }
  104. if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {
  105. abort(500, __('Incorrect email verification code'));
  106. }
  107. }
  108. $email = $request->input('email');
  109. $password = $request->input('password');
  110. $exist = User::where('email', $email)->first();
  111. if ($exist) {
  112. abort(500, __('Email already exists'));
  113. }
  114. $user = new User();
  115. $user->email = $email;
  116. $user->password = password_hash($password, PASSWORD_DEFAULT);
  117. $user->uuid = Helper::guid(true);
  118. $user->token = Helper::guid();
  119. if ($request->input('invite_code')) {
  120. $inviteCode = InviteCode::where('code', $request->input('invite_code'))
  121. ->where('status', 0)
  122. ->first();
  123. if (!$inviteCode) {
  124. if ((int)config('v2board.invite_force', 0)) {
  125. abort(500, __('Invalid invitation code'));
  126. }
  127. } else {
  128. $user->invite_user_id = $inviteCode->user_id ? $inviteCode->user_id : null;
  129. if (!(int)config('v2board.invite_never_expire', 0)) {
  130. $inviteCode->status = 1;
  131. $inviteCode->save();
  132. }
  133. }
  134. }
  135. // try out
  136. if ((int)config('v2board.try_out_plan_id', 0)) {
  137. $plan = Plan::find(config('v2board.try_out_plan_id'));
  138. if ($plan) {
  139. $user->transfer_enable = $plan->transfer_enable * 1073741824;
  140. $user->plan_id = $plan->id;
  141. $user->group_id = $plan->group_id;
  142. $user->expired_at = time() + (config('v2board.try_out_hour', 1) * 3600);
  143. }
  144. }
  145. if (!$user->save()) {
  146. abort(500, __('Register failed'));
  147. }
  148. if ((int)config('v2board.email_verify', 0)) {
  149. Cache::forget(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email')));
  150. }
  151. $data = [
  152. 'token' => $user->token,
  153. 'auth_data' => base64_encode("{$user->email}:{$user->password}")
  154. ];
  155. $user->last_login_at = time();
  156. $user->save();
  157. if ((int)config('v2board.register_limit_by_ip_enable', 0)) {
  158. Cache::put(
  159. CacheKey::get('REGISTER_IP_RATE_LIMIT', $request->ip()),
  160. (int)$registerCountByIP + 1,
  161. (int)config('v2board.register_limit_expire', 60) * 60
  162. );
  163. }
  164. return response()->json([
  165. 'data' => $data
  166. ]);
  167. }
  168. public function login(AuthLogin $request)
  169. {
  170. $email = $request->input('email');
  171. $password = $request->input('password');
  172. $user = User::where('email', $email)->first();
  173. if (!$user) {
  174. abort(500, __('Incorrect email or password'));
  175. }
  176. if (!Helper::multiPasswordVerify(
  177. $user->password_algo,
  178. $user->password_salt,
  179. $password,
  180. $user->password)
  181. ) {
  182. abort(500, __('Incorrect email or password'));
  183. }
  184. if ($user->banned) {
  185. abort(500, __('Your account has been suspended'));
  186. }
  187. $data = [
  188. 'token' => $user->token,
  189. 'auth_data' => base64_encode("{$user->email}:{$user->password}")
  190. ];
  191. if ($user->is_admin) $data['is_admin'] = true;
  192. return response([
  193. 'data' => $data
  194. ]);
  195. }
  196. public function token2Login(Request $request)
  197. {
  198. if ($request->input('token')) {
  199. $redirect = '/#/login?verify=' . $request->input('token') . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');
  200. if (config('v2board.app_url')) {
  201. $location = config('v2board.app_url') . $redirect;
  202. } else {
  203. $location = url($redirect);
  204. }
  205. return redirect()->to($location)->send();
  206. }
  207. if ($request->input('verify')) {
  208. $key = CacheKey::get('TEMP_TOKEN', $request->input('verify'));
  209. $userId = Cache::get($key);
  210. if (!$userId) {
  211. abort(500, __('Token error'));
  212. }
  213. $user = User::find($userId);
  214. if (!$user) {
  215. abort(500, __('The user does not '));
  216. }
  217. if ($user->banned) {
  218. abort(500, __('Your account has been suspended'));
  219. }
  220. $data = [
  221. 'token' => $user->token,
  222. 'auth_data' => base64_encode("{$user->email}:{$user->password}")
  223. ];
  224. Cache::forget($key);
  225. return response([
  226. 'data' => $data
  227. ]);
  228. }
  229. }
  230. public function getTempToken(Request $request)
  231. {
  232. $user = User::where('token', $request->input('token'))->first();
  233. if (!$user) {
  234. abort(500, __('Token error'));
  235. }
  236. $code = Helper::guid();
  237. $key = CacheKey::get('TEMP_TOKEN', $code);
  238. Cache::put($key, $user->id, 60);
  239. return response([
  240. 'data' => $code
  241. ]);
  242. }
  243. public function getQuickLoginUrl(Request $request)
  244. {
  245. $authorization = $request->input('auth_data') ?? $request->header('authorization');
  246. if (!$authorization) abort(403, '未登录或登陆已过期');
  247. $authData = explode(':', base64_decode($authorization));
  248. if (!isset($authData[0]) || !isset($authData[1])) abort(403, __('Token error'));
  249. $user = User::where('email', $authData[0])
  250. ->where('password', $authData[1])
  251. ->first();
  252. if (!$user) {
  253. abort(500, __('Token error'));
  254. }
  255. $code = Helper::guid();
  256. $key = CacheKey::get('TEMP_TOKEN', $code);
  257. Cache::put($key, $user->id, 60);
  258. $redirect = '/#/login?verify=' . $code . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');
  259. if (config('v2board.app_url')) {
  260. $url = config('v2board.app_url') . $redirect;
  261. } else {
  262. $url = url($redirect);
  263. }
  264. return response([
  265. 'data' => $url
  266. ]);
  267. }
  268. public function forget(AuthForget $request)
  269. {
  270. if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {
  271. abort(500, __('Incorrect email verification code'));
  272. }
  273. $user = User::where('email', $request->input('email'))->first();
  274. if (!$user) {
  275. abort(500, __('This email is not registered in the system'));
  276. }
  277. $user->password = password_hash($request->input('password'), PASSWORD_DEFAULT);
  278. $user->password_algo = NULL;
  279. $user->password_salt = NULL;
  280. if (!$user->save()) {
  281. abort(500, __('Reset failed'));
  282. }
  283. Cache::forget(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email')));
  284. return response([
  285. 'data' => true
  286. ]);
  287. }
  288. }