Inicio Explorar Axuda
Rexistro Iniciar sesión
scott
/
shop
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: d0e2bef994
Ramas Etiquetas
shop
/
app
/
adminapi
/
controller
/
v1
/
system
/
SystemEvent.php

SystemEvent.php 4.8 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157 
  1. <?php
    2. 

  2. 

  3. namespace app\adminapi\controller\v1\system;
    4. 

  4. 

  5. use app\adminapi\controller\AuthController;
    6. 

  6. use app\services\system\SystemEventServices;
    7. 

  7. use think\facade\App;
    8. 

  8. use think\facade\Env;
    9. 

  9. 

  10. class SystemEvent extends AuthController
    11. 

  11. {
    12. 

  12.     public function __construct(App $app, SystemEventServices $services)
    13. 

  13.     {
    14. 

  14.         parent::__construct($app);
    15. 

  15.         $this->services = $services;
    16. 

  16.     }
    17. 

  17. 

  18.     /**
    19. 

  19.      * 自定事件类型
    20. 

  20.      * @return \think\Response
    21. 

  21.      * @author wuhaotian
    22. 

  22.      * @email 442384644@qq.com
    23. 

  23.      * @date 2024/6/7
    24. 

  24.      */
    25. 

  25.     public function getMarkList()
    26. 

  26.     {
    27. 

  27.         return app('json')->success($this->services->getMarkList());
    28. 

  28.     }
    29. 

  29. 

  30.     /**
    31. 

  31.      * 自定事件列表
    32. 

  32.      * @return \think\Response
    33. 

  33.      * @throws \ReflectionException
    34. 

  34.      * @throws \think\db\exception\DataNotFoundException
    35. 

  35.      * @throws \think\db\exception\DbException
    36. 

  36.      * @throws \think\db\exception\ModelNotFoundException
    37. 

  37.      * @author wuhaotian
    38. 

  38.      * @email 442384644@qq.com
    39. 

  39.      * @date 2024/6/7
    40. 

  40.      */
    41. 

  41.     public function getEventList()
    42. 

  42.     {
    43. 

  43.         return app('json')->success($this->services->getEventList());
    44. 

  44.     }
    45. 

  45. 

  46.     /**
    47. 

  47.      * 自定事件详情
    48. 

  48.      * @param $id
    49. 

  49.      * @return \think\Response
    50. 

  50.      * @throws \think\db\exception\DataNotFoundException
    51. 

  51.      * @throws \think\db\exception\DbException
    52. 

  52.      * @throws \think\db\exception\ModelNotFoundException
    53. 

  53.      * @author wuhaotian
    54. 

  54.      * @email 442384644@qq.com
    55. 

  55.      * @date 2024/6/7
    56. 

  56.      */
    57. 

  57.     public function getEventInfo($id)
    58. 

  58.     {
    59. 

  59.         if (!$id) return app('json')->fail('参数错误');
    60. 

  60.         return app('json')->success($this->services->getEventInfo($id));
    61. 

  61.     }
    62. 

  62. 

  63.     /**
    64. 

  64.      * 自定事件添加编辑
    65. 

  65.      * @return \think\Response
    66. 

  66.      * @author wuhaotian
    67. 

  67.      * @email 442384644@qq.com
    68. 

  68.      * @date 2024/6/7
    69. 

  69.      */
    70. 

  70.     public function saveEvent()
    71. 

  71.     {
    72. 

  72.         $data = $this->request->postMore([
    73. 

  73.             ['id', 0],
    74. 

  74.             ['name', ''],
    75. 

  75.             ['mark', ''],
    76. 

  76.             ['content', ''],
    77. 

  77.             ['is_open', 0],
    78. 

  78.             ['customCode', ''],
    79. 

  79.             ['password', ''],
    80. 

  80.         ]);
    81. 

  81.         if ($data['name'] == '') return app('json')->fail('请填写事件名称');
    82. 

  82.         if ($data['mark'] == '') return app('json')->fail('请选择事件类型');
    83. 

  83.         if (!Env::get('app_debug', false)) return app('json')->fail('生产环境下无法新增和修改自定义内容,如需修改请修改.env文件中app_debug项为true');
    84. 

  84.         if ($data['password'] === '') return app('json')->fail('密码不能为空');
    85. 

  85.         if (config('filesystem.password') !== $data['password']) return app('json')->fail('密码错误');
    86. 

  86.         $adminInfo = $this->request->adminInfo();
    87. 

  87.         if (!$adminInfo) return app('json')->fail('非法操作');
    88. 

  88.         if ($adminInfo['level'] != 0) return app('json')->fail('仅超级管理员可以操作定时任务');
    89. 

  89.         if (!$this->isSafePhpCode($data['customCode'])) return app('json')->fail('自定义内容存在危险代码,请检查代码');
    90. 

  90.         $this->services->saveEvent($data);
    91. 

  91.         return app('json')->success(100000);
    92. 

  92.     }
    93. 

  93. 

  94.     /**
    95. 

  95.      * 检查是否包含删除表,删除表数据,删除文件,修改文件内容以及后缀,执行命令等操作的关键词
    96. 

  96.      * @param $code
    97. 

  97.      * @return bool
    98. 

  98.      * @author wuhaotian
    99. 

  99.      * @email 442384644@qq.com
    100. 

  100.      * @date 2024/6/7
    101. 

  101.      */
    102. 

  102.     function isSafePhpCode($code)
    103. 

  103.     {
    104. 

  104.         // 检查是否包含删除表,删除表数据,删除文件,修改文件内容以及后缀,执行命令等操作的关键词
    105. 

  105.         $dangerous_keywords = [
    106. 

  106.             'delete',
    107. 

  107.             'destroy',
    108. 

  108.             'DROP TABLE',
    109. 

  109.             'DELETE FROM',
    110. 

  110.             'unlink(',
    111. 

  111.             'fwrite(',
    112. 

  112.             'shell_exec(',
    113. 

  113.             'exec(',
    114. 

  114.             'system(',
    115. 

  115.             'passthru('
    116. 

  116.         ];
    117. 

  117.         foreach ($dangerous_keywords as $keyword) {
    118. 

  118.             if (strpos($code, $keyword) !== false) {
    119. 

  119.                 return false;
    120. 

  120.             }
    121. 

  121.         }
    122. 

  122.         return true; // 如果通过所有安全检查,返回 true
    123. 

  123.     }
    124. 

  124. 

  125.     /**
    126. 

  126.      * 自定事件是否开启开关
    127. 

  127.      * @param $id
    128. 

  128.      * @param $is_open
    129. 

  129.      * @return \think\Response
    130. 

  130.      * @author wuhaotian
    131. 

  131.      * @email 442384644@qq.com
    132. 

  132.      * @date 2024/6/7
    133. 

  133.      */
    134. 

  134.     public function setEventStatus($id, $is_open)
    135. 

  135.     {
    136. 

  136.         $this->services->setEventStatus($id, $is_open);
    137. 

  137.         return app('json')->success(100014);
    138. 

  138.     }
    139. 

  139. 

  140.     /**
    141. 

  141.      * 删除自定事件
    142. 

  142.      * @param $id
    143. 

  143.      * @return \think\Response
    144. 

  144.      * @throws \think\db\exception\DataNotFoundException
    145. 

  145.      * @throws \think\db\exception\DbException
    146. 

  146.      * @throws \think\db\exception\ModelNotFoundException
    147. 

  147.      * @author wuhaotian
    148. 

  148.      * @email 442384644@qq.com
    149. 

  149.      * @date 2024/6/7
    150. 

  150.      */
    151. 

  151.     public function delEvent($id)
    152. 

  152.     {
    153. 

  153.         if (!$id) return app('json')->fail('参数错误');
    154. 

  154.         $this->services->eventDel($id);
    155. 

  155.         return app('json')->success(100002);
    156. 

  156.     }
    157. 

  157. }
    158.