diff --git a/app/Http/Admin/Controllers/PublicController.php b/app/Http/Admin/Controllers/PublicController.php index ececdd1d..881d657e 100644 --- a/app/Http/Admin/Controllers/PublicController.php +++ b/app/Http/Admin/Controllers/PublicController.php @@ -17,9 +17,7 @@ class PublicController extends \Phalcon\Mvc\Controller */ public function authAction() { - $isAjaxRequest = is_ajax_request(); - - if ($isAjaxRequest) { + if ($this->request->isAjax()) { return $this->jsonError(['msg' => '会话已过期,请重新登录']); } @@ -31,9 +29,7 @@ class PublicController extends \Phalcon\Mvc\Controller */ public function forbiddenAction() { - $isAjaxRequest = is_ajax_request(); - - if ($isAjaxRequest) { + if ($this->request->isAjax()) { return $this->jsonError(['msg' => '无相关操作权限']); } } diff --git a/app/Http/Admin/Controllers/TestController.php b/app/Http/Admin/Controllers/TestController.php index eceb1ca3..0685c219 100644 --- a/app/Http/Admin/Controllers/TestController.php +++ b/app/Http/Admin/Controllers/TestController.php @@ -73,7 +73,7 @@ class TestController extends Controller $pushUrl = $liveService->getPushUrl('test'); $codeUrl = $this->url->get( - ['for' => 'web.qr.img'], + ['for' => 'web.qrcode_img'], ['text' => urlencode($pushUrl)] ); @@ -188,7 +188,7 @@ class TestController extends Controller if ($code) { $codeUrl = $this->url->get( - ['for' => 'web.qr.img'], + ['for' => 'web.qrcode_img'], ['text' => urlencode($code)] ); } diff --git a/app/Http/Admin/Services/Session.php b/app/Http/Admin/Services/Session.php index 64f0c4ff..90268ad1 100644 --- a/app/Http/Admin/Services/Session.php +++ b/app/Http/Admin/Services/Session.php @@ -4,7 +4,7 @@ namespace App\Http\Admin\Services; use App\Services\Auth as AuthService; use App\Validators\Account as AccountValidator; -use App\Validators\Security as SecurityValidator; +use App\Validators\Captcha as CaptchaValidator; class Session extends Service { @@ -31,13 +31,13 @@ class Session extends Service $captcha = $setting->getSectionSettings('captcha'); - $securityValidator = new SecurityValidator(); + $captchaValidator = new CaptchaValidator(); /** * 验证码是一次性的,放到最后检查,减少第三方调用 */ if ($captcha->enabled) { - $securityValidator->checkCaptchaCode($post['ticket'], $post['rand']); + $captchaValidator->checkCode($post['ticket'], $post['rand']); } $this->auth->saveAuthInfo($user); diff --git a/app/Http/Web/Controllers/AccountController.php b/app/Http/Web/Controllers/AccountController.php index f25df2a1..bfd536e5 100644 --- a/app/Http/Web/Controllers/AccountController.php +++ b/app/Http/Web/Controllers/AccountController.php @@ -11,9 +11,9 @@ class AccountController extends Controller { /** - * @Post("/signup", name="web.account.signup") + * @Post("/register", name="web.account.register") */ - public function signupAction() + public function registerAction() { $service = new AccountService(); @@ -24,32 +24,6 @@ class AccountController extends Controller $this->response->redirect($location); } - /** - * @Route("/login", name="web.account.login") - */ - public function loginAction() - { - $service = new AccountService(); - - $service->login(); - - $location = $this->request->getHTTPReferer(); - - $this->response->redirect($location); - } - - /** - * @Get("/logout", name="web.account.logout") - */ - public function logoutAction() - { - $service = new AccountService(); - - $service->logout(); - - $this->response->redirect(['for' => 'web.index']); - } - /** * @Route("/password/reset", name="web.account.reset_password") */ @@ -63,9 +37,21 @@ class AccountController extends Controller } /** - * @Post("/mobile/update", name="web.account.update_mobile") + * @Post("/phone/update", name="web.account.update_phone") */ - public function updateMobileAction() + public function updatePhoneAction() + { + $service = new AccountService(); + + $service->updateMobile(); + + return $this->jsonSuccess(); + } + + /** + * @Post("/email/update", name="web.account.update_email") + */ + public function updateEmailAction() { $service = new AccountService(); @@ -86,16 +72,4 @@ class AccountController extends Controller return $this->jsonSuccess(); } - /** - * @Post("/captcha/send", name="web.account.send_captcha") - */ - public function sendCaptchaAction() - { - $service = new AccountService(); - - $service->sendCaptcha(); - - return $this->jsonSuccess(); - } - } diff --git a/app/Http/Web/Controllers/ErrorController.php b/app/Http/Web/Controllers/ErrorController.php index 8d63eb3f..44773c03 100644 --- a/app/Http/Web/Controllers/ErrorController.php +++ b/app/Http/Web/Controllers/ErrorController.php @@ -49,8 +49,8 @@ class ErrorController extends \Phalcon\Mvc\Controller { $this->response->setStatusCode(404); - $isApiRequest = is_api_request(); - $isAjaxRequest = is_ajax_request(); + $isApiRequest = $this->request->isAjax(); + $isAjaxRequest = $this->request->isApi(); if ($isAjaxRequest || $isApiRequest) { return $this->jsonError(['code' => 'sys.not_found']); diff --git a/app/Http/Web/Controllers/PublicController.php b/app/Http/Web/Controllers/PublicController.php index 94f9e13a..9fc84cde 100644 --- a/app/Http/Web/Controllers/PublicController.php +++ b/app/Http/Web/Controllers/PublicController.php @@ -4,6 +4,7 @@ namespace App\Http\Web\Controllers; use App\Models\ContentImage as ContentImageModel; use App\Services\Storage as StorageService; +use App\Services\Verification as VerifyService; use App\Traits\Response as ResponseTrait; use PHPQRCode\QRcode as PHPQRCode; @@ -13,7 +14,7 @@ class PublicController extends \Phalcon\Mvc\Controller use ResponseTrait; /** - * @Get("/content/img/{id:[0-9]+}", name="web.content.img") + * @Get("/content/img/{id:[0-9]+}", name="web.content_img") */ public function contentImageAction($id) { @@ -34,9 +35,9 @@ class PublicController extends \Phalcon\Mvc\Controller } /** - * @Get("/qr/img", name="web.qr.img") + * @Get("/qrcode/img", name="web.qrcode_img") */ - public function qrImageAction() + public function qrcodeImageAction() { $text = $this->request->getQuery('text'); $level = $this->request->getQuery('level', 'int', 0); @@ -51,4 +52,44 @@ class PublicController extends \Phalcon\Mvc\Controller exit; } + /** + * @Post("/sms/code", name="web.sms_code") + */ + public function smsCodeAction() + { + $phone = $this->request->getPost('phone', 'trim'); + + $service = new VerifyService(); + + $success = $service->sendSmsCode($phone); + + if ($success) { + return $this->jsonSuccess(); + } else { + return $this->jsonError([ + 'code' => 'verify.send_sms_failed', + ]); + } + } + + /** + * @Post("/email/code", name="web.email_code") + */ + public function emailCodeAction() + { + $email = $this->request->getPost('email', 'trim'); + + $service = new VerifyService(); + + $success = $service->sendEmailCode($email); + + if ($success) { + return $this->jsonSuccess(); + } else { + return $this->jsonError([ + 'code' => 'verify.send_email_failed', + ]); + } + } + } diff --git a/app/Http/Web/Controllers/SessionController.php b/app/Http/Web/Controllers/SessionController.php new file mode 100644 index 00000000..92f7ee53 --- /dev/null +++ b/app/Http/Web/Controllers/SessionController.php @@ -0,0 +1,39 @@ +login(); + + $location = $this->request->getHTTPReferer(); + + $this->response->redirect($location); + } + + /** + * @Get("/logout", name="web.account.logout") + */ + public function logoutAction() + { + $service = new AccountService(); + + $service->logout(); + + $this->response->redirect(['for' => 'web.index']); + } + +} diff --git a/app/Library/Http/Request.php b/app/Library/Http/Request.php index 99474933..b626b6ab 100644 --- a/app/Library/Http/Request.php +++ b/app/Library/Http/Request.php @@ -7,6 +7,38 @@ use App\Exceptions\BadRequest; class Request extends \Phalcon\Http\Request { + /** + * @return bool + */ + public function isAjax() + { + if (parent::isAjax()) { + return true; + } + + $contentType = $this->getContentType(); + + if (stripos($contentType, 'json') !== false) { + return true; + } + + return false; + } + + /** + * @return bool + */ + public function isApi() + { + $url = $this->get('_url'); + + if (stripos($url, '/api') !== false) { + return true; + } + + return false; + } + public function getPost($name = null, $filters = null, $defaultValue = null, $notAllowEmpty = false, $noRecursive = false) { $contentType = $this->getContentType(); diff --git a/app/Services/Frontend/Account/EmailUpdate.php b/app/Services/Frontend/Account/EmailUpdate.php index 5da85521..0cc89f96 100644 --- a/app/Services/Frontend/Account/EmailUpdate.php +++ b/app/Services/Frontend/Account/EmailUpdate.php @@ -5,7 +5,7 @@ namespace App\Services\Frontend\Account; use App\Repos\Account as AccountRepo; use App\Services\Frontend\Service; use App\Validators\Account as AccountValidator; -use App\Validators\Security as SecurityValidator; +use App\Validators\Verify as VerifyValidator; class EmailUpdate extends Service { @@ -30,9 +30,9 @@ class EmailUpdate extends Service $accountValidator->checkOriginPassword($account, $post['origin_password']); - $securityValidator = new SecurityValidator(); + $verifyValidator = new VerifyValidator(); - $securityValidator->checkVerifyCode($post['email'], $post['verify_code']); + $verifyValidator->checkEmailCode($post['email'], $post['verify_code']); $account->email = $email; diff --git a/app/Services/Frontend/Account/PasswordReset.php b/app/Services/Frontend/Account/PasswordReset.php index 32ed2278..9048808b 100644 --- a/app/Services/Frontend/Account/PasswordReset.php +++ b/app/Services/Frontend/Account/PasswordReset.php @@ -4,7 +4,7 @@ namespace App\Services\Frontend\Account; use App\Services\Frontend\Service; use App\Validators\Account as AccountValidator; -use App\Validators\Security as SecurityValidator; +use App\Validators\Verify as VerifyValidator; class PasswordReset extends Service { @@ -15,13 +15,13 @@ class PasswordReset extends Service $accountValidator = new AccountValidator(); - $account = $accountValidator->checkLoginName($post['name']); + $account = $accountValidator->checkLoginName($post['login_name']); $accountValidator->checkPassword($post['new_password']); - $securityValidator = new SecurityValidator(); + $verifyValidator = new VerifyValidator(); - $securityValidator->checkVerifyCode($post['name'], $post['verify_code']); + $verifyValidator->checkCode($post['login_name'], $post['verify_code']); $account->password = $post['new_password']; diff --git a/app/Services/Frontend/Account/PhoneUpdate.php b/app/Services/Frontend/Account/PhoneUpdate.php index 274a246f..b5e38635 100644 --- a/app/Services/Frontend/Account/PhoneUpdate.php +++ b/app/Services/Frontend/Account/PhoneUpdate.php @@ -5,7 +5,7 @@ namespace App\Services\Frontend\Account; use App\Repos\Account as AccountRepo; use App\Services\Frontend\Service; use App\Validators\Account as AccountValidator; -use App\Validators\Security as SecurityValidator; +use App\Validators\Verify as VerifyValidator; class PhoneUpdate extends Service { @@ -30,9 +30,9 @@ class PhoneUpdate extends Service $accountValidator->checkOriginPassword($account, $post['origin_password']); - $securityValidator = new SecurityValidator(); + $verifyValidator = new VerifyValidator(); - $securityValidator->checkVerifyCode($post['phone'], $post['verify_code']); + $verifyValidator->checkSmsCode($post['phone'], $post['verify_code']); $account->phone = $phone; diff --git a/app/Services/Frontend/Account/RegisterByEmail.php b/app/Services/Frontend/Account/RegisterByEmail.php index 1c3e3d9f..4e20893c 100644 --- a/app/Services/Frontend/Account/RegisterByEmail.php +++ b/app/Services/Frontend/Account/RegisterByEmail.php @@ -5,7 +5,7 @@ namespace App\Services\Frontend\Account; use App\Models\Account as AccountModel; use App\Services\Frontend\Service; use App\Validators\Account as AccountValidator; -use App\Validators\Security as SecurityValidator; +use App\Validators\Verify as VerifyValidator; class RegisterByEmail extends Service { @@ -14,9 +14,9 @@ class RegisterByEmail extends Service { $post = $this->request->getPost(); - $securityValidator = new SecurityValidator(); + $verifyValidator = new VerifyValidator(); - $securityValidator->checkVerifyCode($post['email'], $post['verify_code']); + $verifyValidator->checkEmailCode($post['email'], $post['verify_code']); $accountValidator = new AccountValidator(); diff --git a/app/Services/Frontend/Account/RegisterByPhone.php b/app/Services/Frontend/Account/RegisterByPhone.php index 4d5f3fc8..50f51abe 100644 --- a/app/Services/Frontend/Account/RegisterByPhone.php +++ b/app/Services/Frontend/Account/RegisterByPhone.php @@ -5,7 +5,7 @@ namespace App\Services\Frontend\Account; use App\Models\Account as AccountModel; use App\Services\Frontend\Service; use App\Validators\Account as AccountValidator; -use App\Validators\Security as SecurityValidator; +use App\Validators\Verify as VerifyValidator; class RegisterByPhone extends Service { @@ -14,9 +14,9 @@ class RegisterByPhone extends Service { $post = $this->request->getPost(); - $securityValidator = new SecurityValidator(); + $verifyValidator = new VerifyValidator(); - $securityValidator->checkVerifyCode($post['phone'], $post['verify_code']); + $verifyValidator->checkSmsCode($post['phone'], $post['verify_code']); $accountValidator = new AccountValidator(); diff --git a/app/Services/Storage.php b/app/Services/Storage.php index 963a1fda..8e1ec5fc 100644 --- a/app/Services/Storage.php +++ b/app/Services/Storage.php @@ -74,7 +74,7 @@ class Storage extends Service $contentImage->create(); return $this->url->get([ - 'for' => 'web.content.img', + 'for' => 'web.content_img', 'id' => $contentImage->id, ]); } diff --git a/app/Services/Verification.php b/app/Services/Verification.php index b06e6016..fd3858ef 100644 --- a/app/Services/Verification.php +++ b/app/Services/Verification.php @@ -5,6 +5,7 @@ namespace App\Services; use App\Library\Cache\Backend\Redis as RedisCache; use App\Services\Mailer\Verify as VerifyMailer; use App\Services\Smser\Verify as VerifySmser; +use App\Validators\Verify as VerifyValidator; use Phalcon\Text; class Verification extends Service @@ -22,16 +23,24 @@ class Verification extends Service public function sendSmsCode($phone) { + $validator = new VerifyValidator(); + + $validator->checkPhone($phone); + $smser = new VerifySmser(); - $smser->handle($phone); + return $smser->handle($phone); } - public function sendMailCode($email) + public function sendEmailCode($email) { + $validator = new VerifyValidator(); + + $validator->checkEmail($email); + $mailer = new VerifyMailer(); - $mailer->handle($email); + return $mailer->handle($email); } public function getSmsCode($phone, $lifetime = 300) @@ -45,9 +54,9 @@ class Verification extends Service return $code; } - public function getMailCode($email, $lifetime = 300) + public function getEmailCode($email, $lifetime = 300) { - $key = $this->getSmsCacheKey($email); + $key = $this->getEmailCacheKey($email); $code = Text::random(Text::RANDOM_NUMERIC, 6); @@ -65,18 +74,18 @@ class Verification extends Service return $code == $value; } - public function checkMailCode($email, $code) + public function checkEmailCode($email, $code) { - $key = $this->getMailCacheKey($email); + $key = $this->getEmailCacheKey($email); $value = $this->cache->get($key); return $code == $value; } - protected function getMailCacheKey($email) + protected function getEmailCacheKey($email) { - return "verify:mail:{$email}"; + return "verify:email:{$email}"; } protected function getSmsCacheKey($phone) diff --git a/app/Validators/Account.php b/app/Validators/Account.php index 7d4c2d56..65a51b44 100644 --- a/app/Validators/Account.php +++ b/app/Validators/Account.php @@ -105,9 +105,9 @@ class Account extends Validator public function checkVerifyLogin($name, $code) { - $security = new Security(); + $verify = new Verify(); - $security->checkVerifyCode($name, $code); + $verify->checkCode($name, $code); $account = $this->checkLoginName($name); diff --git a/app/Validators/Captcha.php b/app/Validators/Captcha.php new file mode 100644 index 00000000..fb71f4f7 --- /dev/null +++ b/app/Validators/Captcha.php @@ -0,0 +1,22 @@ +verify($ticket, $rand); + + if (!$result) { + throw new BadRequestException('captcha.invalid_code'); + } + } + +} diff --git a/app/Validators/Course.php b/app/Validators/Course.php index bf109222..97a122c5 100644 --- a/app/Validators/Course.php +++ b/app/Validators/Course.php @@ -208,7 +208,7 @@ class Course extends Validator } if ($publishedCount < $totalCount / 3) { - throw new BadRequestException('course.pub_chapter_too_few'); + throw new BadRequestException('course.pub_chapter_not_enough'); } } diff --git a/app/Validators/Security.php b/app/Validators/Security.php index 2e7a5fbb..85799db3 100644 --- a/app/Validators/Security.php +++ b/app/Validators/Security.php @@ -4,10 +4,7 @@ namespace App\Validators; use App\Exceptions\BadRequest as BadRequestException; use App\Exceptions\ServiceUnavailable as ServiceUnavailableException; -use App\Library\Validator\Common as CommonValidator; -use App\Services\Captcha as CaptchaService; use App\Services\Throttle as ThrottleService; -use App\Services\Verification as VerificationService; class Security extends Validator { @@ -46,32 +43,4 @@ class Security extends Validator } } - public function checkVerifyCode($key, $code) - { - $service = new VerificationService(); - - $result = false; - - if (CommonValidator::email($key)) { - $result = $service->checkMailCode($key, $code); - } elseif (CommonValidator::phone($key)) { - $result = $service->checkSmsCode($key, $code); - } - - if (!$result) { - throw new BadRequestException('security.invalid_verify_code'); - } - } - - public function checkCaptchaCode($ticket, $rand) - { - $service = new CaptchaService(); - - $result = $service->verify($ticket, $rand); - - if (!$result) { - throw new BadRequestException('security.invalid_captcha_code'); - } - } - } diff --git a/app/Validators/Verify.php b/app/Validators/Verify.php new file mode 100644 index 00000000..4732e7f1 --- /dev/null +++ b/app/Validators/Verify.php @@ -0,0 +1,69 @@ +checkSmsCode($phone, $code); + + if (!$result) { + throw new BadRequestException('verify.invalid_code'); + } + } + + public function checkEmailCode($email, $code) + { + $service = new VerifyService(); + + $result = $service->checkEmailCode($email, $code); + + if (!$result) { + throw new BadRequestException('verify.invalid_code'); + } + } + + public function checkCode($key, $code) + { + $service = new VerifyService(); + + $result = false; + + if (CommonValidator::email($key)) { + $result = $service->checkEmailCode($key, $code); + } elseif (CommonValidator::phone($key)) { + $result = $service->checkSmsCode($key, $code); + } + + if (!$result) { + throw new BadRequestException('verify.invalid_code'); + } + } + +} diff --git a/bootstrap/Helper.php b/bootstrap/Helper.php index 7bd51c2b..6fca6bf2 100644 --- a/bootstrap/Helper.php +++ b/bootstrap/Helper.php @@ -1,8 +1,5 @@ get('request'); - - if ($request->isAjax()) { - return true; - } - - $contentType = $request->getContentType(); - - if (Text::startsWith($contentType, 'application/json')) { - return true; - } - - return false; -} - -/** - * @return bool - */ -function is_api_request() -{ - $request = Di::getDefault()->get('request'); - - $_url = $request->get('_url'); - - return Text::startsWith($_url, '/api'); } \ No newline at end of file diff --git a/bootstrap/HttpErrorHandler.php b/bootstrap/HttpErrorHandler.php index 96ff74f1..aeb83a87 100644 --- a/bootstrap/HttpErrorHandler.php +++ b/bootstrap/HttpErrorHandler.php @@ -36,12 +36,9 @@ class HttpErrorHandler extends Component $this->report($e); } - $isApiRequest = is_api_request(); - $isAjaxRequest = is_ajax_request(); - - if ($isApiRequest) { + if ($this->request->isApi()) { $this->apiError($e); - } elseif ($isAjaxRequest) { + } elseif ($this->request->isAjax()) { $this->ajaxError($e); } else { $this->pageError($e); diff --git a/config/errors.php b/config/errors.php index c0d0dfd0..24b696e6 100644 --- a/config/errors.php +++ b/config/errors.php @@ -19,8 +19,20 @@ $error['sys.unknown_error'] = '未知错误'; $error['security.too_many_requests'] = '请求过于频繁'; $error['security.invalid_csrf_token'] = '无效的CSRF令牌'; $error['security.invalid_http_referer'] = '无效请求来源'; -$error['security.invalid_captcha_code'] = '无效的验证码'; -$error['security.invalid_verify_code'] = '无效的验证码'; + +/** + * 验证相关 + */ +$error['verify.invalid_email'] = '无效的邮箱'; +$error['verify.invalid_phone'] = '无效手机号'; +$error['verify.invalid_code'] = '无效的验证码'; +$error['verify.send_sms_failed'] = '发送短信验证码失败'; +$error['verify.send_email_failed'] = '发送邮件验证码失败'; + +/** + * captcha相关 + */ +$error['captcha.invalid_code'] = '无效的验证码'; /** * 帐号相关