Merge branch 'master' of gitee.com:apiadmin/ApiAdmin

zhaoxiang · zhaoxiang · commit 8380caa03fae · 2021-10-28T14:20:15.000+08:00
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Zhao
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/LICENSE.txt b/LICENSE.txt
diff --git a/app/controller/admin/Base.php b/app/controller/admin/Base.php
@@ -57,7 +57,7 @@ public function buildSuccess(array $data = [], string $msg = '操作成功', int
      * @author zhaoxiang <zhaoxiang051405@gmail.com>
      */
     public function updateUserInfo(array $data, bool $isDetail = false): void {
-        $apiAuth = $this->request->header('apiAuth');
+        $apiAuth = $this->request->header('Api-Auth');
         if ($isDetail) {
             AdminUserData::update($data, ['uid' => $this->userInfo['id']]);
             $this->userInfo['userData'] = (new AdminUserData())->where('uid', $this->userInfo['id'])->find();
diff --git a/app/controller/admin/InterfaceList.php b/app/controller/admin/InterfaceList.php
@@ -150,10 +150,10 @@ public function del(): Response {
                 $rule->app_api = implode(',', $appApiArr);
 
                 $appApiShowArrOld = json_decode($rule->app_api_show, true);
-                $appApiShowArr = $appApiShowArrOld[$oldInfo->groupHash];
+                $appApiShowArr = $appApiShowArrOld[$oldInfo->group_hash];
                 $appApiShowIndex = array_search($hash, $appApiShowArr);
                 array_splice($appApiShowArr, $appApiShowIndex, 1);
-                $appApiShowArrOld[$oldInfo->groupHash] = $appApiShowArr;
+                $appApiShowArrOld[$oldInfo->group_hash] = $appApiShowArr;
                 $rule->app_api_show = json_encode($appApiShowArrOld);
 
                 $rule->save();
diff --git a/app/middleware/AdminPermission.php b/app/middleware/AdminPermission.php
@@ -23,8 +23,8 @@ class AdminPermission {
      */
     public function handle($request, \Closure $next): Response {
         $userInfo = $request->API_ADMIN_USER_INFO;
-
-        if (!$this->checkAuth($userInfo['id'], $request->pathinfo())) {
+        // rule里包含了rule(路由规则), ruoter(完整路由)
+        if (!$this->checkAuth($userInfo['id'], $request->rule()->getRule())) {
             return json([
                 'code' => ReturnCode::INVALID,
                 'msg'  => '非常抱歉，您没有权限这么做！',
diff --git a/app/middleware/ApiAuth.php b/app/middleware/ApiAuth.php
@@ -23,7 +23,16 @@ class ApiAuth {
      */
     public function handle($request, \Closure $next) {
         $header = config('apiadmin.CROSS_DOMAIN');
-        $apiHash = substr($request->pathinfo(), 4);
+
+        $pathParam = [];
+        $pathArr = explode('/', $request->pathinfo());
+        $pathArrLen = count($pathArr);
+        for ($index = 0; $index < $pathArrLen; $index += 2) {
+            if ($index + 1 < $pathArrLen) {
+                $pathParam[$pathArr[$index]] = $pathArr[$index + 1];
+            }
+        }
+        $apiHash = $pathParam['api'];
 
         if ($apiHash) {
             $cached = Cache::has('ApiInfo:' . $apiHash);
@@ -53,12 +62,13 @@ public function handle($request, \Closure $next) {
 
             $accessToken = $request->header('Access-Token', '');
             if (!$accessToken) {
-                if ($apiInfo['method'] == 2) {
-                    $accessToken = $request->get('Access-Token', '');
-                }
-                if ($apiInfo['method'] == 1) {
-                    $accessToken = $request->post('Access-Token', '');
-                }
+                $accessToken = $request->post('Access-Token', '');
+            }
+            if (!$accessToken) {
+                $accessToken = $request->get('Access-Token', '');
+            }
+            if (!$accessToken && !empty($pathParam['Access-Token'])) {
+                $accessToken = $pathParam['Access-Token'];
             }
             if (!$accessToken) {
                 return json([
