| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 |
- <?php
- namespace app\middleware;
- use app\model\Camp;
- use app\model\CampEmployee;
- use app\model\Employee;
- use Exception;
- use Firebase\JWT\JWT;
- use openssl\Aes;
- use think\exception\HttpException;
- use app\model\Company;
- use app\model\AgentUser;
- use app\logics\AgentsLogic;
- use app\model\Setting;
- /**
- * 接口权限验证中间件
- */
- class Token
- {
- public function handle($request, \Closure $next)
- {
- // 请求控制器获取
- $controller = lcfirst($request->controller());
- // 请求方法获取
- $action = lcfirst($request->action());
- // 调试信息
- trace('控制器:' . $controller, 'debug');
- trace('方法名:' . $action, 'debug');
- trace('参数:' . json_encode($request->param()), 'debug');
- // 无需jwt验证控制器与方法获取
- $notNeed = config('app.jwt_not_check');
- // 判断控制器是否需要验证jwt
- if (isset($notNeed['CONTROLLER']) && in_array($controller, $notNeed['CONTROLLER'])) return $next($request);
- // 判断控制器中是否有方法无需验证jwt
- if (isset($notNeed[$controller])) {
- // 是否是要判断都选项
- $rs = in_array($action, $notNeed[$controller]);
- // 如果是, 判断是否是排除还是包含关系
- if ($rs && !(isset($notNeed[$controller]['EXCEPT']) && $notNeed[$controller]['EXCEPT'] == true)) return $next($request);
- }
- $jwt = $request->header('Authorization');
- if (empty($jwt)) return json(['code' => 1, 'msg' => '请登录']);
- $jwt = str_replace('bearer ', '', $jwt);
- try {
- JWT::$leeway = 60; //token的弹性有效时间
- $decoded = JWT::decode($jwt, config('app.jwt_key'), ['HS256']);
- $arr = (array) $decoded;
- $aes = new Aes(config('app.jwt_key'));
- $queryData = $aes->decrypt($arr['data']);
- parse_str($queryData, $token);
- } catch (Exception $e) {
- if ($request->isAjax()) {
- return json(['code' => 1, 'msg' => 'Token验证失败,请重新登录']);
- }
- throw new HttpException(404, 'Token验证失败,请重新登录');
- }
- $request->token = $token;
- //跳转添加经纪人控制器
- if ($controller == 'agentsWork') {
- $agtdata = Agentuser::where([['uid','=',$token['uid']],['root_id','=',$token['root_org']]])->find();
- if (!empty($agtdata) && $agtdata['status'] != 1) {
- return json(['code' => 1, 'msg' => '你的经纪人账号已停用']);
- } elseif (empty($agtdata)) {
- return json(['code' => 1, 'msg' => '你不属于经济人']);
- }
- $agentlog = new AgentsLogic();
- $daoday = 0;
- $agentlog->call_agt_integral($daoday, $agtdata['id'],$token['root_org']);
- $request->agtdata = $agtdata;
- }
- // 检测是否需要员工检测
- $employeeCheck = config('app.employee_check');
- if (!isset($employeeCheck['CONTROLLER']) || !in_array($controller, $employeeCheck['CONTROLLER'])) return $next($request);
- if (isset($employeeCheck[$controller]) && !in_array($action, $notNeed[$controller])) return $next($request);
- if (!$token['isEmployee'] || empty($token['employee_id'])) return json(['code' => 1, 'msg' => '请求失败']);
- // 判断是否离职
- if ($token['isEmployee']) {
- $employee = Employee::where(['id' => $token['employee_id']])->find();
- if ($employee->state == '离职' || $employee->disable == 1) return json(['code' => 403, 'msg' => '请重新登录']);
- if ($token['org_id'] != $employee->org_id) return json(['code' => 403, 'msg' => '部门变动,请重新登录']);
- $info = Company::where(['root_id' => $token['root_org']])->find();
- if ($info['end_date'] < date('Y-m-d') || $info['status'] == 1) return json(['code' => 403, 'msg' => '账号过期,请重新登录']);
- // 员工N天未登录限制进入小程序 设置是否开启
- $disable_day_setting = Setting::where([['name', '=', 'disable_day'], ['root_id', '=', $token['root_org']]])->findOrEmpty();
- if (!$disable_day_setting->isEmpty()) {
- $disable_switch = $disable_day_setting['content'];
- if ($disable_switch && $employee['last_login_time']) {
- // 不受限制人员
- $unlimit_check = false;
- $unlimited_employee = Setting::where([['name', '=', 'disable_day_unlimited'], ['root_id', '=', $token['root_org']]])->findOrEmpty();
- if (!$unlimited_employee->isEmpty()) {
- $unlimited_ids = explode(',', $unlimited_employee['content']);
- if (in_array($token['employee_id'], $unlimited_ids)) {
- $unlimit_check = true;
- }
- }
- if (!$unlimit_check) {
- $last_login_time = time() - strtotime($employee['last_login_time']);
- if ($last_login_time > 24*3600*5) {
- // 限制进入
- $employee->disable = 1;
- $employee->save();
- return json(['code' => 403, 'msg' => '请重新登录']);
- }
- }
- }
- }
- // 更新员工的上次登录时间
- $employee->last_login_time = date('Y-m-d H:i:s', time());
- $employee->save();
- //是否在新兵训练营中
- $camps = Camp::where([['root_id', '=', $token['root_org']], ['del', '=', 0]])->column('id');
- if ($camps && !in_array($controller,['train','exam']) && !in_array($action,['empdetail','haveOutCall','ticket'])) {
- $tw[] = ['camp_id', 'in', $camps];
- $check = CampEmployee::where([['state', '<>', '转正'], ['now', '=', 1], ['employee_id', '=', $token['employee_id']], ['root_id', '=', $token['root_org']]])->where($tw)->count();
- if ($check) {
- $detail = Employee::with([
- 'company' => function ($query) {
- $query->withField(['id', 'info', 'name', 'org_type']);
- }, 'user' => function ($query) {
- $query->withField(['id', 'phone', 'headimgurl', 'nickname', 'sex']);
- }, 'org' => function ($query) {
- $query->withField(['id', 'info', 'name', 'org_type']);
- }
- ])->field('id,phone,image_photo,is_manager,is_newbie,media_id,name,org_id,role,root_id,uid,qrcode,wx,position')->find($token['employee_id'])->toArray();
- $res = array_merge($detail,$token);
- return json(['code' => 601, 'msg' => '有未转正的新兵训练营。', 'data' => $res]);
- }
- }
- }
- return $next($request);
- }
- }
|
