diff --git a/README.md b/README.md index e2a2f5a..1f36603 100644 --- a/README.md +++ b/README.md @@ -419,6 +419,38 @@ type 为 image 时,text 中为要发送图片的URL。 |-|-|-| |token|认证token| +#### Simple token +> 为了方便客户端永久保持登入状态,我们提供了一个永不失效的Token,即 Simple token + +##### 获取 Simple token +通过 上文中的「获得当前用户的基本信息」接口(`POST /user/info`) 得到 + +##### 通过 Simple token 登入 + +`POST /login/simple_token` + +|参数|说明|备注| +|-|-|-| +|stoken|Simple token| + +登入成功返回认证token。 + +##### 重置 Simple token + +`POST /simple_token/regen` + +|参数|说明|备注| +|-|-|-| +|token|认证token| + +##### 清空 Simple token + +`POST /simple_token/remove` + +|参数|说明|备注| +|-|-|-| +|token|认证token| + [更详细的请求和返回值可以参考这里](doc/api/PushDeerOS.md) diff --git a/api/app/Http/Controllers/PushDeerUserController.php b/api/app/Http/Controllers/PushDeerUserController.php index 9d3325e..4590d2c 100644 --- a/api/app/Http/Controllers/PushDeerUserController.php +++ b/api/app/Http/Controllers/PushDeerUserController.php @@ -39,6 +39,8 @@ class PushDeerUserController extends Controller $the_user['level'] = 1; $pd_user = PushDeerUser::create($the_user); + $pd_user['simple_token'] = 'SP'.$pd_user['id'].'P'.md5(uniqid(rand(), true)); + $pd_user->save(); } // 将数据写到session @@ -47,6 +49,7 @@ class PushDeerUserController extends Controller $_SESSION['name'] = $pd_user['name']; $_SESSION['email'] = $pd_user['email']; $_SESSION['level'] = $pd_user['level']; + $_SESSION['simple_token'] = $pd_user['simple_token']; session_regenerate_id(true); $token = session_id(); @@ -56,6 +59,56 @@ class PushDeerUserController extends Controller return send_error('id_token解析错误', ErrorCode('ARGS')); } + public function loginBySimpleToken(Request $request) + { + $validated = $request->validate( + [ + 'stoken' => 'required|string', + ] + ); + + if (!$pd_user = PushDeerUser::where('simple_token', $validated['stoken'])->get()->first()) { + return send_error('stoken无效', ErrorCode('ARGS')); + } + + if ($pd_user['level']<1) { + return send_error('账号已被禁用', ErrorCode('ARGS')); + } + + // 将数据写到session + session_start(); + $_SESSION['uid'] = $pd_user['id']; + $_SESSION['name'] = $pd_user['name']; + $_SESSION['email'] = $pd_user['email']; + $_SESSION['level'] = $pd_user['level']; + + session_regenerate_id(true); + $token = session_id(); + return http_result(['token'=>$token]); + } + + public function simpleTokenRegen(Request $request) + { + // get user by session + if (!$pd_user = PushDeerUser::where('id', $_SESSION['uid'])->get()->first()) { + return send_error('用户不存在', ErrorCode('ARGS')); + } + $pd_user['simple_token'] = 'SP'.$pd_user['id'].'P'.md5(uniqid(rand(), true)); + $pd_user->save(); + return http_result(['stoken'=>$pd_user['simple_token']]); + } + + public function simpleTokenRemove(Request $request) + { + // get user by session + if (!$pd_user = PushDeerUser::where('id', $_SESSION['uid'])->get()->first()) { + return send_error('用户不存在', ErrorCode('ARGS')); + } + $pd_user['simple_token'] = ''; + $pd_user->save(); + return http_result(['stoken'=>$pd_user['simple_token']]); + } + public function wecode2unionid(Request $request) { $validated = $request->validate( @@ -133,6 +186,8 @@ class PushDeerUserController extends Controller $the_user['level'] = 1; $pd_user = PushDeerUser::create($the_user); + $pd_user['simple_token'] = 'SP'.$pd_user['id'].'P'.md5(uniqid(rand(), true)); + $pd_user->save(); } // 将数据写到session @@ -141,6 +196,7 @@ class PushDeerUserController extends Controller $_SESSION['name'] = $pd_user['name']; $_SESSION['email'] = $pd_user['email']; $_SESSION['level'] = $pd_user['level']; + $_SESSION['simple_token'] = $pd_user['simple_token']; session_regenerate_id(true); $token = session_id(); @@ -175,6 +231,8 @@ class PushDeerUserController extends Controller $the_user['level'] = 1; $pd_user = PushDeerUser::create($the_user); + $pd_user['simple_token'] = 'SP'.$pd_user['id'].'P'.md5(uniqid(rand(), true)); + $pd_user->save(); } // 将数据写到session @@ -183,6 +241,7 @@ class PushDeerUserController extends Controller $_SESSION['name'] = $pd_user['name']; $_SESSION['email'] = $pd_user['email']; $_SESSION['level'] = $pd_user['level']; + $_SESSION['simple_token'] = $pd_user['simple_token']; session_regenerate_id(true); $token = session_id(); diff --git a/api/database/migrations/2022_09_05_154456_add_simple_token_to_user_table.php b/api/database/migrations/2022_09_05_154456_add_simple_token_to_user_table.php new file mode 100644 index 0000000..3c7a9c0 --- /dev/null +++ b/api/database/migrations/2022_09_05_154456_add_simple_token_to_user_table.php @@ -0,0 +1,32 @@ +string('simple_token')->nullable(); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::table('push_deer_users', function (Blueprint $table) { + $table->dropColumn('simple_token'); + }); + } +} diff --git a/api/routes/api.php b/api/routes/api.php index f6cf48f..72ca46a 100644 --- a/api/routes/api.php +++ b/api/routes/api.php @@ -23,6 +23,9 @@ use Illuminate\Support\Facades\Route; // 假登入,用于测试使用 Route::any('/login/fake', 'App\Http\Controllers\PushDeerUserController@fakeLogin'); +// 通过 simple_token 登入 +Route::any('/login/simple_token', 'App\Http\Controllers\PushDeerUserController@loginBySimpleToken'); + // 通过 apple 返回的 idtoken 登入 Route::post('/login/idtoken', 'App\Http\Controllers\PushDeerUserController@login'); @@ -59,6 +62,11 @@ Route::middleware('auto.login')->group(function () { // 删除一个key Route::post('/key/remove', 'App\Http\Controllers\PushDeerKeyController@remove'); + // simple_token + Route::post('/simple_token/regen', 'App\Http\Controllers\PushDeerUserController@simpleTokenRegen'); + + Route::post('/simple_token/remove', 'App\Http\Controllers\PushDeerUserController@simpleTokenRemove'); + // 消息列表 Route::post('/message/list', 'App\Http\Controllers\PushDeerMessageController@list'); // 删除消息