diff --git a/.env b/.env deleted file mode 100644 index ad59e47f..00000000 --- a/.env +++ /dev/null @@ -1,5 +0,0 @@ - -[JWT] -TTL=3600 -REFRESH_TTL=20160 -SECRET=b43e6276644ed60e65c50d1b324ba10b diff --git a/.example.env b/.example.env index 9f004047..93e5c287 100644 --- a/.example.env +++ b/.example.env @@ -36,12 +36,14 @@ WHITE_LIST[] = receive_sync/product # 不需记录日志的接口 [ADMIN_API] IGNORE_LOGGING_LIST[] = v1/OperateLog/index -MAX_IMAGE_SIZE = 5mb # 图片上传最大限制 -MAX_VIDEO_SIZE = 150mb # 视频上传最大限制 -MAX_ATTACHMENT_SIZE = 100mb # 附件上传最大限制 +MAX_IMAGE_SIZE = 5mb; # 图片上传最大限制 +MAX_VIDEO_SIZE = 150mb; # 视频上传最大限制 +MAX_ATTACHMENT_SIZE = 100mb; # 附件上传最大限制 # 开放API [OPENAPI] +ACCESS_TOKEN_LIFETIME = 3600; # 访问令牌有效期 +REFRESH_TOKEN_LIFETIME = 1209600; # 刷新令牌有效期 RESOURCE_IMAGES_DOMAIN = http://local.orico.com; # 图片资源服务器地址 RESOURCE_VIDEOS_DOMAIN = http://local.orico.com; # 视频资源服务器地址 diff --git a/.gitignore b/.gitignore index e4ce095a..8a6bec25 100644 --- a/.gitignore +++ b/.gitignore @@ -3,8 +3,10 @@ composer.phar composer.lock .DS_Store Thumbs.db +.env .env.dev .env.local +.env.prod /.idea /.vscode diff --git a/app/common/model/SysRoleAuthorityBaseModel.php b/app/common/model/SysRoleAuthorityBaseModel.php index b7cf723b..25da7cc3 100644 --- a/app/common/model/SysRoleAuthorityBaseModel.php +++ b/app/common/model/SysRoleAuthorityBaseModel.php @@ -18,6 +18,6 @@ class SysRoleAuthorityBaseModel extends Model protected $schema = [ 'role_id' => 'int', 'menu_id' => 'int', - 'permission' => 'int', + 'permission' => 'string', ]; } diff --git a/app/index/view/mobile/product/subcategory.html b/app/index/view/mobile/product/subcategory.html index 2a520cf1..56572128 100644 --- a/app/index/view/mobile/product/subcategory.html +++ b/app/index/view/mobile/product/subcategory.html @@ -19,6 +19,7 @@
{notempty name="categorys_data"}
+ {if condition="in_array('products', array_keys($categorys_data[0]))"} + {/if}
{/notempty}
diff --git a/app/openapi/controller/v1/Authorize.php b/app/openapi/controller/v1/Authorize.php index 13bd8c02..03833c3b 100644 --- a/app/openapi/controller/v1/Authorize.php +++ b/app/openapi/controller/v1/Authorize.php @@ -25,7 +25,10 @@ class Authorize $server = request()->server(); $request = new Request([], $post, [], [], [], $server); $storage = new OAuthStorage; - $oauth = new OAuth2($storage); + $oauth = new OAuth2($storage, [ + 'access_token_lifetime' => intval(env('OPENAPI.ACCESS_TOKEN_LIFETIME', 3600)), + 'refresh_token_lifetime' => intval(env('OPENAPI.REFRESH_TOKEN_LIFETIME', 1209600)), + ]); $token = $oauth->grantAccessToken($request); return success('success', json_decode($token->getContent(), true)); } catch (OAuth2ServerException $e) { diff --git a/app/openapi/middleware/Auth.php b/app/openapi/middleware/Auth.php index 5df2c101..07a652ee 100644 --- a/app/openapi/middleware/Auth.php +++ b/app/openapi/middleware/Auth.php @@ -19,7 +19,10 @@ class Auth public function handle($request, \Closure $next) { try { - $oauth = new OAuth2(new OAuthStorage); + $oauth = new OAuth2(new OAuthStorage, [ + 'access_token_lifetime' => intval(env('OPENAPI.ACCESS_TOKEN_LIFETIME', 3600)), + 'refresh_token_lifetime' => intval(env('OPENAPI.REFRESH_TOKEN_LIFETIME', 1209600)), + ]); $token = $oauth->getBearerToken(); $oauth->verifyAccessToken($token); } catch (OAuth2ServerException $e) { diff --git a/app/openapi/model/OAuthClientModel.php b/app/openapi/model/OAuthClientModel.php index dc126189..7a00c1ef 100644 --- a/app/openapi/model/OAuthClientModel.php +++ b/app/openapi/model/OAuthClientModel.php @@ -20,6 +20,8 @@ class OAuthClientModel extends Model 'client_secret' => 'string', 'redirect_uri' => 'string', 'enabled' => 'int', + 'expired_at' => 'datetime', + 'remark' => 'string', 'created_at' => 'datetime', 'updated_at' => 'datetime', 'deleted_at' => 'datetime' diff --git a/extend/oauth/OAuthStorage.php b/extend/oauth/OAuthStorage.php index ade0f5d7..a303fb33 100644 --- a/extend/oauth/OAuthStorage.php +++ b/extend/oauth/OAuthStorage.php @@ -78,15 +78,18 @@ class OAuthStorage implements IOAuth2GrantCode, IOAuth2RefreshTokens, IOAuth2Gra public function getClient($client_id): IOAuth2Client { // 实现获取客户端的逻辑 - $ret = OAuthClientModel::clientId($client_id)->find(); - if (is_null($ret)) { + $client = OAuthClientModel::clientId($client_id)->find(); + if (is_null($client)) { throw new \Exception('客户端不存在'); } - if ($ret->enabled != 1) { + if ($client->enabled != 1) { throw new \Exception('客户端已禁用'); } + if (strtotime($client->expired_at) < time()) { + throw new \Exception('client_id 授权已过期'); + } - return new OAuth2Client($ret->client_id, $ret->client_secret, [$ret->redirect_uri]); + return new OAuth2Client($client->client_id, $client->client_secret, [$client->redirect_uri]); } public function checkClientCredentials(IOAuth2Client $client, $client_secret = null): bool @@ -96,6 +99,9 @@ class OAuthStorage implements IOAuth2GrantCode, IOAuth2RefreshTokens, IOAuth2Gra if (is_null($client)) { return false; } + if (strtotime($client->expired_at) < time()) { + throw new \Exception('client_id 授权已过期'); + } return $client->client_secret == hash('sha1', $client->client_id . $client_secret . $this->salt); }