Merge branch 'master' of https://gitea.f2b211.com/jsasg/orico-official-website

2025-07-16 09:51:31 +08:00
parent 791380e53c 1c3aa90c3a
commit b2014b104f
9 changed files with 30 additions and 15 deletions
--- a/.env
+++ b/.env
@@ -1,5 +0,0 @@
-
-[JWT]
-TTL=3600
-REFRESH_TTL=20160
-SECRET=b43e6276644ed60e65c50d1b324ba10b
--- a/.example.env
+++ b/.example.env
@@ -36,12 +36,14 @@ WHITE_LIST[] = receive_sync/product
 # 不需记录日志的接口
 [ADMIN_API]
 IGNORE_LOGGING_LIST[] = v1/OperateLog/index
-MAX_IMAGE_SIZE = 5mb # 图片上传最大限制
-MAX_VIDEO_SIZE = 150mb # 视频上传最大限制
-MAX_ATTACHMENT_SIZE = 100mb # 附件上传最大限制
+MAX_IMAGE_SIZE = 5mb; # 图片上传最大限制
+MAX_VIDEO_SIZE = 150mb; # 视频上传最大限制
+MAX_ATTACHMENT_SIZE = 100mb; # 附件上传最大限制

 # 开放API
 [OPENAPI]
+ACCESS_TOKEN_LIFETIME = 3600; # 访问令牌有效期
+REFRESH_TOKEN_LIFETIME = 1209600; # 刷新令牌有效期
 RESOURCE_IMAGES_DOMAIN = http://local.orico.com; # 图片资源服务器地址
 RESOURCE_VIDEOS_DOMAIN = http://local.orico.com; # 视频资源服务器地址

--- a/.gitignore
+++ b/.gitignore
@@ -3,8 +3,10 @@ composer.phar
 composer.lock
 .DS_Store
 Thumbs.db
+.env
 .env.dev
 .env.local
+.env.prod

 /.idea
 /.vscode
--- a/app/common/model/SysRoleAuthorityBaseModel.php
+++ b/app/common/model/SysRoleAuthorityBaseModel.php
@@ -18,6 +18,6 @@ class SysRoleAuthorityBaseModel extends Model
    protected $schema = [
        'role_id' => 'int',
        'menu_id' => 'int',
-        'permission' => 'int',
+        'permission' => 'string',
    ];
 }
--- a/app/index/view/mobile/product/subcategory.html
+++ b/app/index/view/mobile/product/subcategory.html
@@ -19,6 +19,7 @@
        <div class="m_Container">
            {notempty name="categorys_data"}
            <div class="product_list">
+                {if condition="in_array('products', array_keys($categorys_data[0]))"}
                <ul>
                    {assign name="products" value=":\think\helper\Arr::flatMap(fn($pro) => $pro['products'], $categorys_data)" /}
                    {volist name="products" id="pr"}
@@ -55,6 +56,7 @@
                    </li>
                    {/volist}
                </ul>
+                {/if}
            </div>
            {/notempty}
        </div>
--- a/app/openapi/controller/v1/Authorize.php
+++ b/app/openapi/controller/v1/Authorize.php
@@ -25,7 +25,10 @@ class Authorize
            $server  = request()->server();
            $request = new Request([], $post, [], [], [], $server);
            $storage = new OAuthStorage;
-            $oauth   = new OAuth2($storage);
+            $oauth   = new OAuth2($storage, [
+                'access_token_lifetime'  => intval(env('OPENAPI.ACCESS_TOKEN_LIFETIME', 3600)),
+                'refresh_token_lifetime' => intval(env('OPENAPI.REFRESH_TOKEN_LIFETIME', 1209600)),
+            ]);
            $token   = $oauth->grantAccessToken($request);
            return success('success', json_decode($token->getContent(), true));
        } catch (OAuth2ServerException $e) {
--- a/app/openapi/middleware/Auth.php
+++ b/app/openapi/middleware/Auth.php
@@ -19,7 +19,10 @@ class Auth
    public function handle($request, \Closure $next)
    {
        try {
-            $oauth = new OAuth2(new OAuthStorage);
+            $oauth = new OAuth2(new OAuthStorage, [
+                'access_token_lifetime'  => intval(env('OPENAPI.ACCESS_TOKEN_LIFETIME', 3600)),
+                'refresh_token_lifetime' => intval(env('OPENAPI.REFRESH_TOKEN_LIFETIME', 1209600)),
+            ]);
            $token = $oauth->getBearerToken();
            $oauth->verifyAccessToken($token);
        } catch (OAuth2ServerException $e) {
--- a/app/openapi/model/OAuthClientModel.php
+++ b/app/openapi/model/OAuthClientModel.php
@@ -20,6 +20,8 @@ class OAuthClientModel extends Model
        'client_secret' => 'string',
        'redirect_uri'  => 'string',
        'enabled'       => 'int',
+        'expired_at'    => 'datetime',
+        'remark'        => 'string',
        'created_at'    => 'datetime',
        'updated_at'    => 'datetime',
        'deleted_at'    => 'datetime'
--- a/extend/oauth/OAuthStorage.php
+++ b/extend/oauth/OAuthStorage.php
@@ -78,15 +78,18 @@ class OAuthStorage implements IOAuth2GrantCode, IOAuth2RefreshTokens, IOAuth2Gra
    public function getClient($client_id): IOAuth2Client
    {
        // 实现获取客户端的逻辑
-        $ret = OAuthClientModel::clientId($client_id)->find();
-        if (is_null($ret)) {
+        $client = OAuthClientModel::clientId($client_id)->find();
+        if (is_null($client)) {
            throw new \Exception('客户端不存在');
        }
-        if ($ret->enabled != 1) {
+        if ($client->enabled != 1) {
            throw new \Exception('客户端已禁用');
        }
+        if (strtotime($client->expired_at) < time()) {
+            throw new \Exception('client_id 授权已过期');
+        }

-        return new OAuth2Client($ret->client_id, $ret->client_secret, [$ret->redirect_uri]);
+        return new OAuth2Client($client->client_id, $client->client_secret, [$client->redirect_uri]);
    }

    public function checkClientCredentials(IOAuth2Client $client, $client_secret = null): bool
@@ -96,6 +99,9 @@ class OAuthStorage implements IOAuth2GrantCode, IOAuth2RefreshTokens, IOAuth2Gra
        if (is_null($client)) {
            return false;
        }
+        if (strtotime($client->expired_at) < time()) {
+            throw new \Exception('client_id 授权已过期');
+        }

        return $client->client_secret == hash('sha1', $client->client_id . $client_secret . $this->salt);
    }