初始化项目

2026-02-08 22:38:13 +08:00
commit 334d2c6312
201 changed files with 32724 additions and 0 deletions
--- a/app/Http/Middleware/AuthCheckMiddleware.php
+++ b/app/Http/Middleware/AuthCheckMiddleware.php
@@ -0,0 +1,120 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Symfony\Component\HttpFoundation\Response;
+
+class AuthCheckMiddleware
+{
+    /**
+     * 处理传入请求
+     *
+     * @param Request $request
+     * @param Closure $next
+     * @param string|null $guard 认证守卫名称（默认为 api）
+     * @param string|null $permission 需要检查的权限编码（可选）
+     * @return Response
+     */
+    public function handle(Request $request, Closure $next, ?string $guard = 'api', ?string $permission = null): Response
+    {
+        // 检查是否已认证
+        if (!Auth::guard($guard)->check()) {
+            return response()->json([
+                'code' => 401,
+                'message' => '未登录或token已过期',
+                'data' => null,
+            ], 401);
+        }
+
+        // 获取当前用户
+        $user = Auth::guard($guard)->user();
+
+        // 检查用户状态
+        if (isset($user->status) && $user->status !== 1) {
+            return response()->json([
+                'code' => 403,
+                'message' => '账号已被禁用',
+                'data' => null,
+            ], 403);
+        }
+
+        // 如果需要检查权限
+        if ($permission !== null) {
+            if (!$this->checkPermission($user, $permission, $guard)) {
+                return response()->json([
+                    'code' => 403,
+                    'message' => '无权限访问',
+                    'data' => null,
+                ], 403);
+            }
+        }
+
+        // 将用户信息添加到请求中
+        $request->merge(['auth_user' => $user]);
+
+        // 更新用户最后活跃时间
+        if (method_exists($user, 'updateLastActiveAt')) {
+            $user->updateLastActiveAt();
+        }
+
+        return $next($request);
+    }
+
+    /**
+     * 检查用户权限
+     *
+     * @param mixed $user
+     * @param string $permission 权限编码
+     * @param string $guard 认证守卫
+     * @return bool
+     */
+    protected function checkPermission($user, string $permission, string $guard): bool
+    {
+        // 如果用户有所有权限标识
+        if (method_exists($user, 'hasAllPermissions') && $user->hasAllPermissions()) {
+            return true;
+        }
+
+        // 检查用户是否有指定权限
+        if (method_exists($user, 'hasPermission')) {
+            return $user->hasPermission($permission);
+        }
+
+        return false;
+    }
+
+    /**
+     * 检查多个权限（满足任意一个即可）
+     *
+     * @param array $permissions 权限编码数组
+     * @return bool
+     */
+    protected function checkAnyPermission($user, array $permissions): bool
+    {
+        foreach ($permissions as $permission) {
+            if ($this->checkPermission($user, $permission, 'api')) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 检查多个权限（必须全部满足）
+     *
+     * @param array $permissions 权限编码数组
+     * @return bool
+     */
+    protected function checkAllPermissions($user, array $permissions): bool
+    {
+        foreach ($permissions as $permission) {
+            if (!$this->checkPermission($user, $permission, 'api')) {
+                return false;
+            }
+        }
+        return true;
+    }
+}