|
|
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
|
|
namespace App\Http\Controllers\Api;
|
|
|
|
|
|
|
|
|
|
|
|
use App\Http\Controllers\Controller;
|
|
|
|
|
|
use App\Models\AuditLog;
|
|
|
|
|
|
use App\Models\User;
|
|
|
|
|
|
use Illuminate\Http\JsonResponse;
|
|
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
|
|
use Illuminate\Support\Facades\Hash;
|
|
|
|
|
|
|
|
|
|
|
|
class AuthController extends Controller
|
|
|
|
|
|
{
|
|
|
|
|
|
public function login(Request $request): JsonResponse
|
|
|
|
|
|
{
|
|
|
|
|
|
$data = $request->validate([
|
|
|
|
|
|
'username' => ['required', 'string'],
|
|
|
|
|
|
'password' => ['required', 'string'],
|
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
|
|
$user = User::with('venues:id,name')->where('username', $data['username'])->first();
|
|
|
|
|
|
if (! $user || ! $user->is_active || ! Hash::check($data['password'], $user->password)) {
|
|
|
|
|
|
$this->recordLoginAudit(
|
|
|
|
|
|
$request,
|
|
|
|
|
|
null,
|
|
|
|
|
|
422,
|
|
|
|
|
|
'登录失败(账号或密码错误)',
|
|
|
|
|
|
['username' => $data['username']]
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
return response()->json(['message' => '账号或密码错误'], 422);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 移动端核销登录:签发更长有效期的 token(Sanctum 仍会在 expires_at 到期后失效)
|
|
|
|
|
|
$isH5Verify = $request->input('client') === 'h5_verify';
|
|
|
|
|
|
if ($isH5Verify && ! $user->isSuperAdmin()) {
|
|
|
|
|
|
$this->recordLoginAudit(
|
|
|
|
|
|
$request,
|
|
|
|
|
|
$user,
|
|
|
|
|
|
403,
|
|
|
|
|
|
'登录失败(核销端仅限超级管理员账号)',
|
|
|
|
|
|
['username' => $data['username'], 'client' => 'h5_verify']
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
return response()->json(['message' => '场馆管理员请使用活动专用核销链接与账号登录'], 403);
|
|
|
|
|
|
}
|
|
|
|
|
|
$expiresAt = $isH5Verify ? now()->addMonths(6) : null;
|
|
|
|
|
|
$tokenName = $isH5Verify ? 'h5-verify' : 'admin-token';
|
|
|
|
|
|
|
|
|
|
|
|
$token = $user->createToken($tokenName, ['*'], $expiresAt)->plainTextToken;
|
|
|
|
|
|
|
|
|
|
|
|
$this->recordLoginAudit(
|
|
|
|
|
|
$request,
|
|
|
|
|
|
$user,
|
|
|
|
|
|
200,
|
|
|
|
|
|
'登录('.$user->username.')',
|
|
|
|
|
|
[
|
|
|
|
|
|
'username' => $data['username'],
|
|
|
|
|
|
'client' => $request->input('client'),
|
|
|
|
|
|
]
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
return response()->json([
|
|
|
|
|
|
'token' => $token,
|
|
|
|
|
|
'user' => [
|
|
|
|
|
|
'id' => $user->id,
|
|
|
|
|
|
'username' => $user->username,
|
|
|
|
|
|
'name' => $user->name,
|
|
|
|
|
|
'role' => $user->role,
|
|
|
|
|
|
'venues' => $user->venues,
|
|
|
|
|
|
'full_admin_access' => $user->isSuperAdmin(),
|
|
|
|
|
|
],
|
|
|
|
|
|
]);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function logout(Request $request): JsonResponse
|
|
|
|
|
|
{
|
|
|
|
|
|
$request->user()?->currentAccessToken()?->delete();
|
|
|
|
|
|
|
|
|
|
|
|
return response()->json(['message' => '已退出登录']);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* @param array<string, mixed> $payload
|
|
|
|
|
|
*/
|
|
|
|
|
|
private function recordLoginAudit(Request $request, ?User $user, int $statusCode, string $operationSummary, array $payload = []): void
|
|
|
|
|
|
{
|
|
|
|
|
|
try {
|
|
|
|
|
|
AuditLog::create([
|
|
|
|
|
|
'user_id' => $user?->id,
|
|
|
|
|
|
'username' => $user?->username ?? (isset($payload['username']) ? (string) $payload['username'] : null),
|
|
|
|
|
|
'role' => $user?->role,
|
|
|
|
|
|
'method' => 'POST',
|
|
|
|
|
|
'path' => '/'.ltrim($request->path(), '/'),
|
|
|
|
|
|
'action' => 'POST '.$request->path(),
|
|
|
|
|
|
'operation_summary' => $operationSummary,
|
|
|
|
|
|
'status_code' => $statusCode,
|
|
|
|
|
|
'ip' => $request->ip(),
|
|
|
|
|
|
'user_agent' => substr((string) $request->userAgent(), 0, 500),
|
|
|
|
|
|
'request_payload' => $payload,
|
|
|
|
|
|
]);
|
|
|
|
|
|
} catch (\Throwable) {
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
