'退出成功', 'login' => '登录成功', 'error' => '账号或密码错误', 'param' => '参数错误', 'duplicate' => '用户账号已存在', 'create_suc' => '创建用户成功', 'empty' => '用户不存在', 'suc' => '操作成功', 'res' => '获取成功', 'ip_denied' => 'IP地址不在白名单中，禁止登录' ]; /** * 登录 */ public function login() { // 获取输入数据 $userName = trim(Request::post('user_name')); $password = trim(Request::post('password')); // 验证输入数据 $checkMessage = $this->validateInput([ 'user_name' => $userName, 'password' => $password, ], 'login'); if(!empty($checkMessage)) { return json_error([], $checkMessage); } // 查询用户 $user = UserModel::where('user_name', $userName)->find(); if ($user && password_verify($password, $user->password)) { // 检查IP白名单 $clientIp = IpWhiteListService::getRealIp(); if (!IpWhiteListService::checkIpWhiteList($clientIp, $user->white_list_ip)) { // 记录IP限制登录日志 trace("用户 {$userName} 尝试从IP {$clientIp} 登录，但不在白名单 {$user->white_list_ip} 中", 'info'); return json_error([ 'client_ip' => $clientIp, 'white_list_ip' => $user->white_list_ip ], $this->message['ip_denied']); } $token = generateToken([ 'user_id' => $user->user_id, 'merchant_id' => $user->merchant_id, 'user_role' => $user->user_role ]); Cookie::set('auth_token', $token, ['expire' => $GLOBALS['cookieExpire'], 'httponly' => true]); // 更新登录时间 $user->login_time = time(); $user->save(); // 记录成功登录日志 trace("用户 {$userName} 从IP {$clientIp} 登录成功", 'info'); return json_success([ 'user_name' => $user->user_name, 'nick_name' => $user->nick_name, 'user_role' => $user->user_role, 'login_time' => $user->login_time, 'token' => $token, 'client_ip' => $clientIp ], $this->message['login']); } else { return json_error([], $this->message['error']); } } /** * 用户注销 */ public function logout() { Cookie::delete('auth_token'); return json_success([], '退出成功'); } /** * 创建用户 */ public function createUser() { // 获取当前登录用户信息 $loginInfo = checkUserLogin(); if (!$loginInfo) { return json_error([], '请先登录'); } // 检查是否有创建用户权限 if (!checkPermission($loginInfo, 'user', 'create')) { return json_error([], '没有创建用户的权限'); } // 获取输入数据 $data = Request::only([ 'user_name', 'nick_name', 'password', 'phone', 'user_role', 'white_list_ip' ]); $data['merchant_id'] = $loginInfo['merchant_id']; try { // 验证数据 $this->validate($data, UserValidate::class . '.create'); } catch (\think\exception\ValidateException $e) { return json_error($e->getError()); } // 验证角色是否存在 if ($data['user_role'] > 0) { $role = UserRoleModel::getRoleById($data['user_role'], $loginInfo['merchant_id']); if (!$role) { return json_error([], '选择的角色不存在'); } } // 检查用户名是否已存在 if (UserModel::where('user_name', $data['user_name'])->find()) { return json_error($this->message['duplicate']); } // 创建新用户 $data['password'] = password_hash($data['password'], PASSWORD_DEFAULT); try { $user = UserModel::create($data); return json_success(['user_id' => $user->user_id], $this->message['create_suc']); } catch (\Exception $e) { return json_error([], '创建用户失败：' . $e->getMessage()); } } /** * 获取用户列表 */ public function list() { $loginInfo = checkUserLogin(); if (!$loginInfo) { return json_error([], '请先登录'); } if (!checkPermission($loginInfo, 'user', 'list')) { return json_error([], '没有查看用户列表的权限'); } $page = Request::get('page', 1, 'intval'); $limit = Request::get('limit', 10, 'intval'); $userName = Request::get('user_name', '', 'trim'); $nickName = Request::get('nick_name', '', 'trim'); $userRole = Request::get('user_role', 0, 'intval'); $where = [ ['merchant_id', '=', $loginInfo['merchant_id']] ]; if ($userName) { $where[] = ['user_name', 'like', '%' . $userName . '%']; } if ($nickName) { $where[] = ['nick_name', 'like', '%' . $nickName . '%']; } if ($userRole > 0) { $where[] = ['user_role', '=', $userRole]; } $total = UserModel::where($where)->count(); $list = UserModel::where($where) ->field('user_id, user_name, nick_name, phone, user_role, merchant_id, white_list_ip, create_time, login_time, update_time') ->order('user_id', 'desc') ->page($page, $limit) ->select(); // 获取角色信息 $roleIds = array_unique(array_column($list->toArray(), 'user_role')); $roles = []; if ($roleIds) { $roleList = UserRoleModel::whereIn('id', $roleIds)->select(); foreach ($roleList as $role) { $roles[$role->id] = $role->role_name; } } // 添加角色名称 foreach ($list as $user) { $user->role_name = $roles[$user->user_role] ?? '未分配角色'; } return json_success([ 'list' => $list, 'total' => $total, 'page' => $page, 'limit' => $limit ]); } /** * 获取用户详情 */ public function detail() { $loginInfo = checkUserLogin(); if (!$loginInfo) { return json_error([], '请先登录'); } if (!checkPermission($loginInfo, 'user', 'detail')) { return json_error([], '没有查看用户详情的权限'); } $userId = Request::param('user_id', 0, 'intval'); if (!$userId) { return json_error([], '用户ID不能为空'); } $user = UserModel::where('user_id', $userId) ->where('merchant_id', $loginInfo['merchant_id']) ->field('user_id, user_name, nick_name, phone, user_role, merchant_id, white_list_ip, create_time, login_time, update_time') ->find(); if (!$user) { return json_error($this->message['empty']); } // 获取角色信息 if ($user->user_role > 0) { $role = UserRoleModel::getRoleById($user->user_role, $loginInfo['merchant_id']); $user->role_name = $role ? $role->role_name : '未分配角色'; $user->role_privileges = $role ? $role->privileges : []; } else { $user->role_name = '未分配角色'; $user->role_privileges = []; } return json_success($user); } /** * 更新用户 */ public function update() { $loginInfo = checkUserLogin(); if (!$loginInfo) { return json_error([], '请先登录'); } if (!checkPermission($loginInfo, 'user', 'update')) { return json_error([], '没有编辑用户的权限'); } $userId = Request::post('user_id', 0, 'intval'); if (!$userId) { return json_error([], '用户ID不能为空'); } $user = UserModel::where('user_id', $userId) ->where('merchant_id', $loginInfo['merchant_id']) ->find(); if (!$user) { return json_error($this->message['empty']); } // 获取更新数据 $data = Request::only([ 'nick_name', 'phone', 'password', 'user_role', 'white_list_ip' ]); // 过滤空值 $data = array_filter($data, function($value, $key) { return $key !== 'password' || !empty($value); }, ARRAY_FILTER_USE_BOTH); if (empty($data)) { return json_error([], '没有要更新的数据'); } // 验证角色是否存在 if (isset($data['user_role']) && $data['user_role'] > 0) { $role = UserRoleModel::getRoleById($data['user_role'], $loginInfo['merchant_id']); if (!$role) { return json_error([], '选择的角色不存在'); } } // 密码加密 if (isset($data['password'])) { $data['password'] = password_hash($data['password'], PASSWORD_DEFAULT); } try { $user->save($data); return json_success([], $this->message['suc']); } catch (\Exception $e) { return json_error([], '更新失败：' . $e->getMessage()); } } /** * 删除用户 */ public function delete() { $loginInfo = checkUserLogin(); if (!$loginInfo) { return json_error([], '请先登录'); } if (!checkPermission($loginInfo, 'user', 'delete')) { return json_error([], '没有删除用户的权限'); } $userId = Request::post('user_id', 0, 'intval'); if (!$userId) { return json_error([], '用户ID不能为空'); } if ($userId == $loginInfo['user_id']) { return json_error([], '不能删除自己'); } $user = UserModel::where('user_id', $userId) ->where('merchant_id', $loginInfo['merchant_id']) ->find(); if (!$user) { return json_error($this->message['empty']); } try { $user->delete(); return json_success([], '删除成功'); } catch (\Exception $e) { return json_error([], '删除失败：' . $e->getMessage()); } } /** * 验证IP白名单格式 */ public function validateIpWhiteList() { $loginInfo = checkUserLogin(); if (!$loginInfo) { return json_error([], '请先登录'); } $whiteListIp = Request::post('white_list_ip', '', 'trim'); try { list($isValid, $message, $parsedList) = IpWhiteListService::validateWhiteListFormat($whiteListIp); return json_success([ 'valid' => $isValid, 'message' => $message, 'parsed_list' => $parsedList, 'current_ip' => IpWhiteListService::getRealIp() ], '验证完成'); } catch (\Exception $e) { return json_error([], '验证失败：' . $e->getMessage()); } } /** * 获取当前访问IP信息 */ public function getCurrentIp() { $loginInfo = checkUserLogin(); if (!$loginInfo) { return json_error([], '请先登录'); } try { $currentIp = IpWhiteListService::getRealIp(); $ipInfo = IpWhiteListService::getIpInfo($currentIp); return json_success([ 'current_ip' => $currentIp, 'ip_info' => $ipInfo, 'timestamp' => time(), 'datetime' => date('Y-m-d H:i:s') ], '获取当前IP成功'); } catch (\Exception $e) { return json_error([], '获取IP信息失败：' . $e->getMessage()); } } /** * 检查IP是否在用户白名单中 */ public function checkIpWhiteList() { $loginInfo = checkUserLogin(); if (!$loginInfo) { return json_error([], '请先登录'); } $userId = Request::get('user_id', $loginInfo['user_id'], 'intval'); $testIp = Request::get('test_ip', '', 'trim'); // 获取用户信息 $user = UserModel::where('user_id', $userId) ->where('merchant_id', $loginInfo['merchant_id']) ->find(); if (!$user) { return json_error([], '用户不存在'); } $currentIp = IpWhiteListService::getRealIp(); $checkIp = !empty($testIp) ? $testIp : $currentIp; try { $isAllowed = IpWhiteListService::checkIpWhiteList($checkIp, $user->white_list_ip); return json_success([ 'user_id' => $userId, 'user_name' => $user->user_name, 'check_ip' => $checkIp, 'white_list_ip' => $user->white_list_ip, 'is_allowed' => $isAllowed, 'current_ip' => $currentIp, 'is_current_ip' => $checkIp === $currentIp ], $isAllowed ? 'IP在白名单中' : 'IP不在白名单中'); } catch (\Exception $e) { return json_error([], '检查IP白名单失败：' . $e->getMessage()); } } /** * 验证输入数据 */ protected function validateInput(array $data, $scene = '') { $validate = new UserValidate(); // 执行场景验证 if (!$validate->scene($scene)->check($data)) { return $validate->getError(); } return ""; } }