refactor: 修改验证码接口及登录接口

.env.local

@@ -10,3 +10,6 @@ DB_CHARSET = utf8mb4
 DB_PREFIX = ow_
 
 DEFAULT_LANG = zh-cn
+
+[JWT]
+SECRET=b43e6276644ed60e65c50d1b324ba10b

app/admin/controller/v1/Captcha.php

@@ -3,6 +3,7 @@ declare (strict_types = 0);
 
 namespace app\admin\controller\v1;
 
+use think\facade\Cache;
 use think\facade\Config;
 
 class Captcha
@@ -10,12 +11,22 @@ class Captcha
     /**
      * 获取验证码
      */
-    public function index(\think\Config $config, \think\Session $session)
+    public function index()
     {
-        // 输出验证码
-        $captcha = new \think\captcha\Captcha($config, $session);
-        $data = $captcha->create();
+        // 生成token
+        $token = md5(uniqid() . random_str(8, 'all'));
 
-        return success('获取验证码成功！', $data["img"]);
+        // 生成验证码
+        $captcha = \think\captcha\facade\Captcha::create();
+
+        // 缓存验证码
+        $hash = password_hash($captcha['code'], PASSWORD_BCRYPT, ['cost' => 10]);
+        Cache::store('redis')->set('captcha:token.' . $token, $hash, Config::get('captcha.expire'));
+
+        // 输出验证码
+        return success('获取验证码成功！', [
+            'token'   => $token,
+            'captcha' => $captcha["img"],
+        ]);
     }
 }

app/admin/controller/v1/Login.php

@@ -5,6 +5,7 @@ namespace app\admin\controller\v1;
 
 use app\admin\model\v1\UserModel;
 use app\admin\validate\v1\LoginValidate;
+use thans\jwt\facade\JWTAuth;
 use think\facade\Cache;
 
 class Login
@@ -18,6 +19,8 @@ class Login
         $post = request()->post([
             'username',
             'password',
+            'token',
+            'captcha'
         ]);
 
         // 验证参数
@@ -26,6 +29,18 @@ class Login
             return error($validate->getError());
         }
 
+        // 校验验证码
+        $code = Cache::get('captcha:token.' . $post['token']);
+        if (!$code) {
+            return error('验证码不存在或已过期！');
+        }
+        Cache::delete('captcha:token.' . $post['token']);
+
+        // 校验
+        if (!password_verify($post['captcha'], $code)) {
+            return error('验证码错误！');
+        }
+        
         // 验证用户
         $user = UserModel::usernameOrMobile($post['username'])->find();
         if (!$user) {
@@ -41,7 +56,15 @@ class Login
         if ($user['status'] == -1) {
             return error('用户已禁用，请联系管理员！');
         }
-        dump(session("ss"));
-        return $user;
+
+        // 生成 jwt token
+        $token = JWTAuth::builder(['uid' => $user['id']]);
+        
+        return success('登录成功！', [
+            'uid'      => $user['id'],
+            'nickname' => $user['nickname'],
+            'avatar'   => $user['avatar'],
+            'token'    => $token,
+        ]);
     }
 }

app/admin/validate/v1/LoginValidate.php

@@ -16,6 +16,8 @@ class LoginValidate extends Validate
     protected $rule = [
         'username' => 'require',
         'password' => 'require',
+        'token'    => 'require',
+        'captcha'  => 'require'
     ];
 
     /**
@@ -27,5 +29,7 @@ class LoginValidate extends Validate
     protected $message = [
         'username.require' => '用户名不能为空',
         'password.require' => '密码不能为空',
+        'token.require'    => '验证码token不能为空',
+        'captcha.require'  => '验证码不能为空'
     ];
 }

app/common.php

@@ -33,3 +33,39 @@ if (!function_exists('password_with_salt')) {
         return md5(hash('sha256', $password . $salt));
     }
 }
+
+// 生成随机字符串
+if (!function_exists('random_str')) {
+    /**
+     * 生成随机字符串
+     * @param $length integer 生成的长度
+     * @param $type string 要生成的字符串类型(number, string, all)
+     * @param $convert integer 大小写转换0为小写1为大写
+     * @return string
+     */
+    function random_str($length, $type = "string", $convert = "0")
+    {
+        $conf = [
+            'number' => '0123456789',
+            'string' => 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ',
+            'all' => 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789='
+        ];
+        $string = $conf[$type];
+        if (!$string) {
+            $string = $conf['string'];
+        }
+        $strlen = strlen($string) - 1;
+        $char = '';
+        for ($i = 0; $i < $length; $i++) {
+            $char .= $string[mt_rand(0, $strlen)];
+        }
+        if ($convert > 0) {
+            $res = strtoupper($char);
+        } elseif ($convert == 0) {
+            $res = $char;
+        } elseif ($convert < 0) {
+            $res = strtolower($char);
+        }
+        return $res;
+    }
+}

composer.json

@@ -27,7 +27,9 @@
         "topthink/think-multi-app": "^1.1",
         "topthink/think-migration": "^3.1",
         "topthink/think-view": "^2.0",
-        "topthink/think-captcha": "^3.0"
+        "topthink/think-captcha": "^3.0",
+        "thans/tp-jwt-auth": "^2.2",
+        "topthink/think-throttle": "*"
     },
     "require-dev": {
         "symfony/var-dumper": ">=4.2",

config/captcha.php

@@ -9,7 +9,7 @@ return [
     // 验证码字符集合
     'codeSet'  => '2345678abcdefhijkmnpqrstuvwxyzABCDEFGHJKLMNPQRTUVWXY',
     // 验证码过期时间
-    'expire'   => 1800,
+    'expire'   => 300,
     // 是否使用中文验证码
     'useZh'    => false,
     // 是否使用算术验证码

config/jwt.php

@@ -0,0 +1,21 @@
+<?php
+
+
+return [
+    'secret'      => env('JWT_SECRET'),
+    //Asymmetric key
+    'public_key'  => env('JWT_PUBLIC_KEY'),
+    'private_key' => env('JWT_PRIVATE_KEY'),
+    'password'    => env('JWT_PASSWORD'),
+    //JWT time to live
+    'ttl'         => env('JWT_TTL', 60),
+    //Refresh time to live
+    'refresh_ttl' => env('JWT_REFRESH_TTL', 20160),
+    //JWT hashing algorithm
+    'algo'        => env('JWT_ALGO', 'HS256'),
+    //token获取方式，数组靠前值优先
+    'token_mode'    => ['header', 'cookie', 'param'],
+    //黑名单后有效期
+    'blacklist_grace_period' => env('BLACKLIST_GRACE_PERIOD', 10),
+    'blacklist_storage' => thans\jwt\provider\storage\Tp6::class,
+];