AuthController.php 8.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257
  1. <?php
  2. namespace App\Http\Controllers\Passport;
  3. use App\Http\Controllers\Controller;
  4. use App\Http\Requests\Passport\AuthRegister;
  5. use App\Http\Requests\Passport\AuthForget;
  6. use App\Http\Requests\Passport\AuthLogin;
  7. use Illuminate\Http\Request;
  8. use Illuminate\Support\Facades\Cache;
  9. use App\Models\Plan;
  10. use App\Models\User;
  11. use App\Models\InviteCode;
  12. use App\Utils\Helper;
  13. use App\Utils\Dict;
  14. use App\Utils\CacheKey;
  15. use ReCaptcha\ReCaptcha;
  16. class AuthController extends Controller
  17. {
  18. public function register(AuthRegister $request)
  19. {
  20. if ((int)config('v2board.recaptcha_enable', 0)) {
  21. $recaptcha = new ReCaptcha(config('v2board.recaptcha_key'));
  22. $recaptchaResp = $recaptcha->verify($request->input('recaptcha_data'));
  23. if (!$recaptchaResp->isSuccess()) {
  24. abort(500, '验证码有误');
  25. }
  26. }
  27. if ((int)config('v2board.email_whitelist_enable', 0)) {
  28. if (!Helper::emailSuffixVerify(
  29. $request->input('email'),
  30. config('v2board.email_whitelist_suffix', Dict::EMAIL_WHITELIST_SUFFIX_DEFAULT))
  31. ) {
  32. abort(500, '邮箱后缀不处于白名单中');
  33. }
  34. }
  35. if ((int)config('v2board.email_gmail_limit_enable', 0)) {
  36. $prefix = explode('@', $request->input('email'))[0];
  37. if (strpos($prefix, '.') !== false || strpos($prefix, '+') !== false) {
  38. abort(500, '不支持Gmail别名邮箱');
  39. }
  40. }
  41. if ((int)config('v2board.stop_register', 0)) {
  42. abort(500, '本站已关闭注册');
  43. }
  44. if ((int)config('v2board.invite_force', 0)) {
  45. if (empty($request->input('invite_code'))) {
  46. abort(500, '必须使用邀请码才可以注册');
  47. }
  48. }
  49. if ((int)config('v2board.email_verify', 0)) {
  50. if (empty($request->input('email_code'))) {
  51. abort(500, '邮箱验证码不能为空');
  52. }
  53. if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {
  54. abort(500, '邮箱验证码有误');
  55. }
  56. }
  57. $email = $request->input('email');
  58. $password = $request->input('password');
  59. $exist = User::where('email', $email)->first();
  60. if ($exist) {
  61. abort(500, '邮箱已存在系统中');
  62. }
  63. $user = new User();
  64. $user->email = $email;
  65. $user->password = password_hash($password, PASSWORD_DEFAULT);
  66. $user->uuid = Helper::guid(true);
  67. $user->token = Helper::guid();
  68. if ($request->input('invite_code')) {
  69. $inviteCode = InviteCode::where('code', $request->input('invite_code'))
  70. ->where('status', 0)
  71. ->first();
  72. if (!$inviteCode) {
  73. if ((int)config('v2board.invite_force', 0)) {
  74. abort(500, '邀请码无效');
  75. }
  76. } else {
  77. $user->invite_user_id = $inviteCode->user_id ? $inviteCode->user_id : null;
  78. if (!(int)config('v2board.invite_never_expire', 0)) {
  79. $inviteCode->status = 1;
  80. $inviteCode->save();
  81. }
  82. }
  83. }
  84. // try out
  85. if ((int)config('v2board.try_out_plan_id', 0)) {
  86. $plan = Plan::find(config('v2board.try_out_plan_id'));
  87. if ($plan) {
  88. $user->transfer_enable = $plan->transfer_enable * 1073741824;
  89. $user->plan_id = $plan->id;
  90. $user->group_id = $plan->group_id;
  91. $user->expired_at = time() + (config('v2board.try_out_hour', 1) * 3600);
  92. }
  93. }
  94. if (!$user->save()) {
  95. abort(500, '注册失败');
  96. }
  97. if ((int)config('v2board.email_verify', 0)) {
  98. Cache::forget(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email')));
  99. }
  100. $request->session()->put('email', $user->email);
  101. $request->session()->put('id', $user->id);
  102. return response()->json([
  103. 'data' => true
  104. ]);
  105. }
  106. public function login(AuthLogin $request)
  107. {
  108. $email = $request->input('email');
  109. $password = $request->input('password');
  110. $user = User::where('email', $email)->first();
  111. if (!$user) {
  112. abort(500, '用户名或密码错误');
  113. }
  114. if (!Helper::multiPasswordVerify(
  115. $user->password_algo,
  116. $password,
  117. $user->password)
  118. ) {
  119. abort(500, '用户名或密码错误');
  120. }
  121. if ($user->banned) {
  122. abort(500, '该账户已被停止使用');
  123. }
  124. $data = [
  125. 'token' => $user->token
  126. ];
  127. $request->session()->put('email', $user->email);
  128. $request->session()->put('id', $user->id);
  129. if ($user->is_admin) {
  130. $request->session()->put('is_admin', true);
  131. $data['is_admin'] = true;
  132. }
  133. if ($user->is_staff) {
  134. $request->session()->put('is_staff', true);
  135. $data['is_staff'] = true;
  136. }
  137. return response([
  138. 'data' => $data
  139. ]);
  140. }
  141. public function token2Login(Request $request)
  142. {
  143. if ($request->input('token')) {
  144. $redirect = '/#/login?verify=' . $request->input('token') . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');
  145. if (config('v2board.app_url')) {
  146. $location = config('v2board.app_url') . $redirect;
  147. } else {
  148. $location = url($redirect);
  149. }
  150. return redirect()->to($location)->send();
  151. }
  152. if ($request->input('verify')) {
  153. $key = CacheKey::get('TEMP_TOKEN', $request->input('verify'));
  154. $userId = Cache::get($key);
  155. if (!$userId) {
  156. abort(500, '令牌有误');
  157. }
  158. $user = User::find($userId);
  159. if (!$user) {
  160. abort(500, '用户不存在');
  161. }
  162. if ($user->banned) {
  163. abort(500, '该账户已被停止使用');
  164. }
  165. $request->session()->put('email', $user->email);
  166. $request->session()->put('id', $user->id);
  167. if ($user->is_admin) {
  168. $request->session()->put('is_admin', true);
  169. }
  170. Cache::forget($key);
  171. return response([
  172. 'data' => true
  173. ]);
  174. }
  175. }
  176. public function getTempToken(Request $request)
  177. {
  178. $user = User::where('token', $request->input('token'))->first();
  179. if (!$user) {
  180. abort(500, '令牌有误');
  181. }
  182. $code = Helper::guid();
  183. $key = CacheKey::get('TEMP_TOKEN', $code);
  184. Cache::put($key, $user->id, 60);
  185. return response([
  186. 'data' => $code
  187. ]);
  188. }
  189. public function getQuickLoginUrl(Request $request)
  190. {
  191. $user = User::where('token', $request->input('token'))->first();
  192. if (!$user) {
  193. abort(500, '令牌有误');
  194. }
  195. $code = Helper::guid();
  196. $key = CacheKey::get('TEMP_TOKEN', $code);
  197. Cache::put($key, $user->id, 60);
  198. $redirect = '/#/login?verify=' . $code . '&redirect=' . ($request->input('redirect') ? $request->input('redirect') : 'dashboard');
  199. if (config('v2board.app_url')) {
  200. $url = config('v2board.app_url') . $redirect;
  201. } else {
  202. $url = url($redirect);
  203. }
  204. return response([
  205. 'data' => $url
  206. ]);
  207. }
  208. public function check(Request $request)
  209. {
  210. $data = [
  211. 'is_login' => $request->session()->get('id') ? true : false
  212. ];
  213. if ($request->session()->get('is_admin')) {
  214. $data['is_admin'] = true;
  215. }
  216. return response([
  217. 'data' => $data
  218. ]);
  219. }
  220. public function forget(AuthForget $request)
  221. {
  222. if (Cache::get(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email'))) !== $request->input('email_code')) {
  223. abort(500, '邮箱验证码有误');
  224. }
  225. $user = User::where('email', $request->input('email'))->first();
  226. if (!$user) {
  227. abort(500, '该邮箱不存在系统中');
  228. }
  229. $user->password = password_hash($request->input('password'), PASSWORD_DEFAULT);
  230. $user->password_algo = NULL;
  231. if (!$user->save()) {
  232. abort(500, '重置失败');
  233. }
  234. Cache::forget(CacheKey::get('EMAIL_VERIFY_CODE', $request->input('email')));
  235. return response([
  236. 'data' => true
  237. ]);
  238. }
  239. }