diff --git a/app/Http/Admin/Controllers/Controller.php b/app/Http/Admin/Controllers/Controller.php index 058bfa77..25899d50 100644 --- a/app/Http/Admin/Controllers/Controller.php +++ b/app/Http/Admin/Controllers/Controller.php @@ -21,6 +21,17 @@ class Controller extends \Phalcon\Mvc\Controller public function beforeExecuteRoute(Dispatcher $dispatcher) { + /** + * demo分支拒绝数据提交 + */ + if ($this->isNotSafeRequest()) { + $dispatcher->forward([ + 'controller' => 'public', + 'action' => 'forbidden', + ]); + return false; + } + if ($this->isNotSafeRequest()) { $this->checkHttpReferer(); $this->checkCsrfToken(); diff --git a/app/Http/Admin/Controllers/SettingController.php b/app/Http/Admin/Controllers/SettingController.php index 24c70aa3..71e41fc0 100644 --- a/app/Http/Admin/Controllers/SettingController.php +++ b/app/Http/Admin/Controllers/SettingController.php @@ -298,4 +298,33 @@ class SettingController extends Controller } } + /** + * @Route("/oauth", name="admin.setting.oauth") + */ + public function oauthAction() + { + $settingService = new SettingService(); + + if ($this->request->isPost()) { + + $section = $this->request->getPost('section', 'string'); + + $data = $this->request->getPost(); + + $settingService->updateSettings($section, $data); + + return $this->jsonSuccess(['msg' => '更新配置成功']); + + } else { + + $qqAuth = $settingService->getQQAuthSettings(); + $weixinAuth = $settingService->getWeixinAuthSettings(); + $weiboAuth = $settingService->getWeiboAuthSettings(); + + $this->view->setVar('qq_auth', $qqAuth); + $this->view->setVar('weixin_auth', $weixinAuth); + $this->view->setVar('weibo_auth', $weiboAuth); + } + } + } diff --git a/app/Http/Admin/Services/AuthNode.php b/app/Http/Admin/Services/AuthNode.php index 43fb64fd..427c9924 100644 --- a/app/Http/Admin/Services/AuthNode.php +++ b/app/Http/Admin/Services/AuthNode.php @@ -744,6 +744,12 @@ class AuthNode extends Service 'type' => 'menu', 'route' => 'admin.setting.im', ], + [ + 'id' => '5-1-12', + 'title' => '开放登录', + 'type' => 'menu', + 'route' => 'admin.setting.oauth', + ], ], ], ], diff --git a/app/Http/Admin/Services/Setting.php b/app/Http/Admin/Services/Setting.php index b75f2f77..c04014ed 100644 --- a/app/Http/Admin/Services/Setting.php +++ b/app/Http/Admin/Services/Setting.php @@ -9,6 +9,33 @@ use App\Repos\Vip as VipRepo; class Setting extends Service { + public function getQQAuthSettings() + { + $oauth = $this->getSettings('oauth.qq'); + + $oauth['redirect_uri'] = $oauth['redirect_uri'] ?: kg_full_url(['for' => 'home.oauth.qq_callback']); + + return $oauth; + } + + public function getWeixinAuthSettings() + { + $oauth = $this->getSettings('oauth.weixin'); + + $oauth['redirect_uri'] = $oauth['redirect_uri'] ?: kg_full_url(['for' => 'home.oauth.weixin_callback']); + + return $oauth; + } + + public function getWeiboAuthSettings() + { + $oauth = $this->getSettings('oauth.weibo'); + + $oauth['redirect_uri'] = $oauth['redirect_uri'] ?: kg_full_url(['for' => 'home.oauth.weibo_callback']); + + return $oauth; + } + public function getAlipaySettings() { $alipay = $this->getSettings('pay.alipay'); @@ -59,8 +86,16 @@ class Setting extends Service $result = []; + /** + * demo分支过滤敏感数据 + */ if ($items->count() > 0) { foreach ($items as $item) { + $case1 = preg_match('/(id|auth|key|secret|password|pwd)$/', $item->item_key); + $case2 = $this->dispatcher->getControllerName() == 'setting'; + if ($case1 && $case2) { + $item->item_value = '***'; + } $result[$item->item_key] = $item->item_value; } } diff --git a/app/Http/Admin/Views/setting/oauth.volt b/app/Http/Admin/Views/setting/oauth.volt new file mode 100644 index 00000000..15b714b7 --- /dev/null +++ b/app/Http/Admin/Views/setting/oauth.volt @@ -0,0 +1,24 @@ +{% extends 'templates/main.volt' %} + +{% block content %} + +
+ +
+
+ {{ partial('setting/oauth_qq') }} +
+
+ {{ partial('setting/oauth_weixin') }} +
+
+ {{ partial('setting/oauth_weibo') }} +
+
+
+ +{% endblock %} \ No newline at end of file diff --git a/app/Http/Admin/Views/setting/oauth_qq.volt b/app/Http/Admin/Views/setting/oauth_qq.volt new file mode 100644 index 00000000..2f0d2f9a --- /dev/null +++ b/app/Http/Admin/Views/setting/oauth_qq.volt @@ -0,0 +1,35 @@ +
+
+ +
+ + +
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ + + +
+
+
\ No newline at end of file diff --git a/app/Http/Admin/Views/setting/oauth_weibo.volt b/app/Http/Admin/Views/setting/oauth_weibo.volt new file mode 100644 index 00000000..c7ca6bae --- /dev/null +++ b/app/Http/Admin/Views/setting/oauth_weibo.volt @@ -0,0 +1,35 @@ +
+
+ +
+ + +
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ + + +
+
+
\ No newline at end of file diff --git a/app/Http/Admin/Views/setting/oauth_weixin.volt b/app/Http/Admin/Views/setting/oauth_weixin.volt new file mode 100644 index 00000000..4c08c355 --- /dev/null +++ b/app/Http/Admin/Views/setting/oauth_weixin.volt @@ -0,0 +1,35 @@ +
+
+ +
+ + +
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ + + +
+
+
\ No newline at end of file diff --git a/app/Http/Admin/Views/templates/main.volt b/app/Http/Admin/Views/templates/main.volt index 3c1345f1..8803b2a0 100644 --- a/app/Http/Admin/Views/templates/main.volt +++ b/app/Http/Admin/Views/templates/main.volt @@ -22,5 +22,12 @@ {% block include_js %}{% endblock %} {% block inline_js %}{% endblock %} + +{% set site = setting('site') %} + +{% if site['analytics_enabled'] == 1 %} + {{ site['analytics_script'] }} +{% endif %} + \ No newline at end of file diff --git a/app/Http/Home/Controllers/AccountController.php b/app/Http/Home/Controllers/AccountController.php index 8dc2d285..888deac1 100644 --- a/app/Http/Home/Controllers/AccountController.php +++ b/app/Http/Home/Controllers/AccountController.php @@ -4,6 +4,7 @@ namespace App\Http\Home\Controllers; use App\Http\Home\Services\Account as AccountService; use App\Services\Logic\Account\EmailUpdate as EmailUpdateService; +use App\Services\Logic\Account\OAuthProvider as OAuthProviderService; use App\Services\Logic\Account\PasswordReset as PasswordResetService; use App\Services\Logic\Account\PasswordUpdate as PasswordUpdateService; use App\Services\Logic\Account\PhoneUpdate as PhoneUpdateService; @@ -62,8 +63,13 @@ class AccountController extends Controller $captcha = $service->getSettings('captcha'); + $service = new OAuthProviderService(); + + $oauthProvider = $service->handle(); + $returnUrl = $this->request->getHTTPReferer(); + $this->view->setVar('oauth_provider', $oauthProvider); $this->view->setVar('return_url', $returnUrl); $this->view->setVar('captcha', $captcha); } diff --git a/app/Http/Home/Controllers/ConnectController.php b/app/Http/Home/Controllers/ConnectController.php new file mode 100644 index 00000000..49da1270 --- /dev/null +++ b/app/Http/Home/Controllers/ConnectController.php @@ -0,0 +1,139 @@ +getAuthorizeUrl(ConnectModel::PROVIDER_QQ); + + return $this->response->redirect($url, true); + } + + /** + * @Get("/weixin", name="home.oauth.weixin") + */ + public function weixinAction() + { + $service = new ConnectService(); + + $url = $service->getAuthorizeUrl(ConnectModel::PROVIDER_WEIXIN); + + return $this->response->redirect($url, true); + } + + /** + * @Get("/weibo", name="home.oauth.weibo") + */ + public function weiboAction() + { + $service = new ConnectService(); + + $url = $service->getAuthorizeUrl(ConnectModel::PROVIDER_WEIBO); + + return $this->response->redirect($url, true); + } + + /** + * @Get("/qq/callback", name="home.oauth.qq_callback") + */ + public function qqCallbackAction() + { + $this->handleCallback(ConnectModel::PROVIDER_QQ); + } + + /** + * @Get("/weixin/callback", name="home.oauth.weixin_callback") + */ + public function weixinCallbackAction() + { + $this->handleCallback(ConnectModel::PROVIDER_WEIXIN); + } + + /** + * @Get("/weibo/callback", name="home.oauth.weibo_callback") + */ + public function weiboCallbackAction() + { + $this->handleCallback(ConnectModel::PROVIDER_WEIBO); + } + + /** + * @Get("/weibo/refuse", name="home.oauth.weibo_refuse") + */ + public function weiboRefuseAction() + { + return $this->response->redirect(['for' => 'home.account.login']); + } + + /** + * @Post("/bind/login", name="home.oauth.bind_login") + */ + public function bindLoginAction() + { + $service = new ConnectService(); + + $service->bindLogin(); + + $location = $this->url->get(['for' => 'home.uc.account']); + + return $this->jsonSuccess(['location' => $location]); + } + + /** + * @Post("/bind/register", name="home.oauth.bind_register") + */ + public function bindRegisterAction() + { + $service = new ConnectService(); + + $service->bindRegister(); + + $location = $this->url->get(['for' => 'home.uc.account']); + + return $this->jsonSuccess(['location' => $location]); + } + + protected function handleCallback($provider) + { + $code = $this->request->getQuery('code'); + $state = $this->request->getQuery('state'); + + $service = new ConnectService(); + + $openUser = $service->getOpenUserInfo($code, $state, $provider); + + $connect = $service->getConnectRelation($openUser['id'], $provider); + + if ($connect && $connect->deleted == 0) { + if ($this->authUser->id > 0) { + $service->bindUser($openUser, $provider); + return $this->response->redirect(['for' => 'home.uc.account']); + } else { + $service->authLogin($connect); + return $this->response->redirect(['for' => 'home.index']); + } + } + + $captcha = $service->getSettings('captcha'); + + $this->view->pick('connect/bind'); + $this->view->setVar('captcha', $captcha); + $this->view->setVar('provider', $provider); + $this->view->setVar('open_user', $openUser); + } + +} diff --git a/app/Http/Home/Controllers/OrderController.php b/app/Http/Home/Controllers/OrderController.php index acf797a8..6cd6e310 100644 --- a/app/Http/Home/Controllers/OrderController.php +++ b/app/Http/Home/Controllers/OrderController.php @@ -7,6 +7,7 @@ use App\Services\Logic\Order\OrderCancel as OrderCancelService; use App\Services\Logic\Order\OrderConfirm as OrderConfirmService; use App\Services\Logic\Order\OrderCreate as OrderCreateService; use App\Services\Logic\Order\OrderInfo as OrderInfoService; +use App\Services\Logic\Order\PayProvider as PayProviderService; use Phalcon\Mvc\Dispatcher; use Phalcon\Mvc\View; @@ -82,6 +83,10 @@ class OrderController extends Controller { $sn = $this->request->getQuery('sn', 'string'); + $service = new PayProviderService(); + + $payProvider = $service->handle(); + $service = new OrderInfoService(); $order = $service->handle($sn); @@ -90,6 +95,7 @@ class OrderController extends Controller $this->response->redirect(['for' => 'home.uc.orders']); } + $this->view->setVar('pay_provider', $payProvider); $this->view->setVar('order', $order); } diff --git a/app/Http/Home/Controllers/UserConsoleController.php b/app/Http/Home/Controllers/UserConsoleController.php index 5e159e0e..2b56c475 100644 --- a/app/Http/Home/Controllers/UserConsoleController.php +++ b/app/Http/Home/Controllers/UserConsoleController.php @@ -2,7 +2,10 @@ namespace App\Http\Home\Controllers; +use App\Services\Logic\Account\OAuthProvider as OAuthProviderService; use App\Services\Logic\User\Console\AccountInfo as AccountInfoService; +use App\Services\Logic\User\Console\ConnectDelete as ConnectDeleteService; +use App\Services\Logic\User\Console\ConnectList as ConnectListService; use App\Services\Logic\User\Console\ConsultList as ConsultListService; use App\Services\Logic\User\Console\CourseList as CourseListService; use App\Services\Logic\User\Console\FavoriteList as FavoriteListService; @@ -59,13 +62,21 @@ class UserConsoleController extends Controller */ public function accountAction() { + $type = $this->request->getQuery('type', 'string', 'info'); + $service = new AccountInfoService(); $captcha = $service->getSettings('captcha'); $account = $service->handle(); - $type = $this->request->getQuery('type', 'string', 'info'); + $service = new OAuthProviderService(); + + $oauthProvider = $service->handle(); + + $service = new ConnectListService(); + + $connects = $service->handle(); if ($type == 'info') { $this->view->pick('user/console/account_info'); @@ -77,6 +88,8 @@ class UserConsoleController extends Controller $this->view->pick('user/console/account_password'); } + $this->view->setVar('oauth_provider', $oauthProvider); + $this->view->setVar('connects', $connects); $this->view->setVar('captcha', $captcha); $this->view->setVar('account', $account); } @@ -207,4 +220,23 @@ class UserConsoleController extends Controller return $this->jsonSuccess($content); } + /** + * @Post("/connect/{id:[0-9]+}/delete", name="home.uc.unconnect") + */ + public function deleteConnectAction($id) + { + $service = new ConnectDeleteService(); + + $service->handle($id); + + $location = $this->url->get(['for' => 'home.uc.account']); + + $content = [ + 'location' => $location, + 'msg' => '解除登录绑定成功', + ]; + + return $this->jsonSuccess($content); + } + } diff --git a/app/Http/Home/Services/Connect.php b/app/Http/Home/Services/Connect.php new file mode 100644 index 00000000..15816c1f --- /dev/null +++ b/app/Http/Home/Services/Connect.php @@ -0,0 +1,208 @@ +request->getPost(); + + $auth = $this->getConnectAuth($post['provider']); + + $auth->checkState($post['state']); + + $validator = new AccountValidator(); + + $user = $validator->checkUserLogin($post['account'], $post['password']); + + $openUser = json_decode($post['open_user'], true); + + $this->handleConnectRelation($user, $openUser, $post['provider']); + + $auth = $this->getAppAuth(); + + $auth->saveAuthInfo($user); + } + + public function bindRegister() + { + $post = $this->request->getPost(); + + $auth = $this->getConnectAuth($post['provider']); + + $auth->checkState($post['state']); + + $openUser = json_decode($post['open_user'], true); + + $registerService = new RegisterService(); + + $account = $registerService->handle(); + + $userRepo = new UserRepo(); + + $user = $userRepo->findById($account->id); + + $this->handleConnectRelation($user, $openUser, $post['provider']); + + $auth = $this->getAppAuth(); + + $auth->saveAuthInfo($user); + } + + public function bindUser($openUser, $provider) + { + $user = $this->getLoginUser(); + + $this->handleConnectRelation($user, $openUser, $provider); + } + + public function authLogin(ConnectModel $connect) + { + $userRepo = new UserRepo(); + + $user = $userRepo->findById($connect->user_id); + + $auth = $this->getAppAuth(); + + $auth->saveAuthInfo($user); + } + + public function getAuthorizeUrl($provider) + { + $auth = $this->getConnectAuth($provider); + + return $auth->getAuthorizeUrl(); + } + + public function getOpenUserInfo($code, $state, $provider) + { + $auth = $this->getConnectAuth($provider); + + $auth->checkState($state); + + $token = $auth->getAccessToken($code); + + $openId = $auth->getOpenId($token); + + return $auth->getUserInfo($token, $openId); + } + + public function getConnectRelation($openId, $provider) + { + $connectRepo = new ConnectRepo(); + + return $connectRepo->findByOpenId($openId, $provider); + } + + public function getConnectAuth($provider) + { + $auth = null; + + switch ($provider) { + case ConnectModel::PROVIDER_QQ: + $auth = $this->getQQAuth(); + break; + case ConnectModel::PROVIDER_WEIXIN: + $auth = $this->getWeiXinAuth(); + break; + case ConnectModel::PROVIDER_WEIBO: + $auth = $this->getWeiBoAuth(); + break; + } + + if (!$auth) { + throw new \Exception('Invalid OAuth Provider'); + } + + return $auth; + } + + protected function getQQAuth() + { + $settings = $this->getSettings('oauth.qq'); + + return new QQAuth( + $settings['client_id'], + $settings['client_secret'], + $settings['redirect_uri'] + ); + } + + protected function getWeiXinAuth() + { + $settings = $this->getSettings('oauth.weixin'); + + return new WeiXinAuth( + $settings['client_id'], + $settings['client_secret'], + $settings['redirect_uri'] + ); + } + + protected function getWeiBoAuth() + { + $settings = $this->getSettings('oauth.weibo'); + + return new WeiBoAuth( + $settings['client_id'], + $settings['client_secret'], + $settings['redirect_uri'] + ); + } + + protected function getAppAuth() + { + /** + * @var $auth AuthService + */ + $auth = $this->getDI()->get('auth'); + + return $auth; + } + + protected function handleConnectRelation(UserModel $user, array $openUser, $provider) + { + $connectRepo = new ConnectRepo(); + + $connect = $connectRepo->findByOpenId($openUser['id'], $provider); + + if ($connect) { + + if (time() - $connect->update_time > 86400) { + $connect->open_name = $openUser['name']; + $connect->open_avatar = $openUser['avatar']; + } + + if ($connect->deleted == 1) { + $connect->deleted = 0; + $connect->update(); + } + + } else { + + $connect = new ConnectModel(); + + $connect->user_id = $user->id; + $connect->open_id = $openUser['id']; + $connect->open_name = $openUser['name']; + $connect->open_avatar = $openUser['avatar']; + $connect->provider = $provider; + + $connect->create(); + } + } + +} diff --git a/app/Http/Home/Views/account/login.volt b/app/Http/Home/Views/account/login.volt index edd461b6..34641c28 100644 --- a/app/Http/Home/Views/account/login.volt +++ b/app/Http/Home/Views/account/login.volt @@ -27,6 +27,17 @@ · 忘记密码 +
+ {% if oauth_provider.qq.enabled == 1 %} + + {% endif %} + {% if oauth_provider.weixin.enabled == 1 %} + + {% endif %} + {% if oauth_provider.weibo.enabled == 1 %} + + {% endif %} +
{% endblock %} diff --git a/app/Http/Home/Views/connect/bind.volt b/app/Http/Home/Views/connect/bind.volt new file mode 100644 index 00000000..ecb9d499 --- /dev/null +++ b/app/Http/Home/Views/connect/bind.volt @@ -0,0 +1,34 @@ +{% extends 'templates/main.volt' %} + +{% block content %} + +
+ 首页 + 登录绑定 +
+ +
+
+ +
+
+ {{ partial('connect/bind_login') }} +
+
+ {{ partial('connect/bind_register') }} +
+
+
+
+ +{% endblock %} + +{% block include_js %} + + {{ js_include('https://ssl.captcha.qq.com/TCaptcha.js',false) }} + {{ js_include('home/js/captcha.verify.js') }} + +{% endblock %} \ No newline at end of file diff --git a/app/Http/Home/Views/connect/bind_login.volt b/app/Http/Home/Views/connect/bind_login.volt new file mode 100644 index 00000000..abec6bfd --- /dev/null +++ b/app/Http/Home/Views/connect/bind_login.volt @@ -0,0 +1,21 @@ +
+
+
+ +
+
+
+
+ +
+
+
+
+ + + + + +
+
+
\ No newline at end of file diff --git a/app/Http/Home/Views/connect/bind_register.volt b/app/Http/Home/Views/connect/bind_register.volt new file mode 100644 index 00000000..87208750 --- /dev/null +++ b/app/Http/Home/Views/connect/bind_register.volt @@ -0,0 +1,32 @@ +
+
+
+ +
+
+
+
+ +
+
+
+
+ +
+
+ +
+
+
+
+ + + + + + + + +
+
+
\ No newline at end of file diff --git a/app/Http/Home/Views/order/pay.volt b/app/Http/Home/Views/order/pay.volt index 16bca937..5e3a0a88 100644 --- a/app/Http/Home/Views/order/pay.volt +++ b/app/Http/Home/Views/order/pay.volt @@ -17,8 +17,12 @@ 支付金额:{{ '¥%0.2f'|format(order.amount) }}
- {{ image('home/img/alipay.png') }} - {{ image('home/img/wxpay.png') }} + {% if pay_provider.alipay.enabled == 1 %} + {{ image('home/img/alipay.png') }} + {% endif %} + {% if pay_provider.wxpay.enabled == 1 %} + {{ image('home/img/wxpay.png') }} + {% endif %}
友情提示:请在12小时内完成支付,有问题请联系客服 diff --git a/app/Http/Home/Views/user/console/account_info.volt b/app/Http/Home/Views/user/console/account_info.volt index 958e8a33..5b6b3e22 100644 --- a/app/Http/Home/Views/user/console/account_info.volt +++ b/app/Http/Home/Views/user/console/account_info.volt @@ -2,6 +2,23 @@ {% block content %} + {%- macro connect_provider(item) %} + {% if item.provider == 1 %} + + {% elseif item.provider == 2 %} + + {% elseif item.provider == 3 %} + + {% endif %} + {%- endmacro %} + + {%- macro connect_user(item) %} + {% if item.open_avatar %} + + {% endif %} + {{ item.open_name }} + {%- endmacro %} + {% set edit_pwd_url = url({'for':'home.uc.account'},{'type':'password'}) %} {% set edit_phone_url = url({'for':'home.uc.account'},{'type':'phone'}) %} {% set edit_email_url = url({'for':'home.uc.account'},{'type':'email'}) %} @@ -43,6 +60,45 @@ {% endif %}
+
+ 开放登录 +
+ {% if connects %} +
已经绑定的第三方帐号
+
+ + + + + + + + + {% for connect in connects %} + {% set url = url({'for':'home.uc.unconnect','id':connect.id}) %} + + + + + + + + {% endfor %} +
序号提供方用户信息创建日期操作
{{ loop.index }}{{ connect_provider(connect) }}{{ connect_user(connect) }}{{ date('Y-m-d H:i',connect.create_time) }}解除绑定
+
+ {% endif %} +
支持绑定的第三方帐号
+
+ {% if oauth_provider.qq.enabled == 1 %} + + {% endif %} + {% if oauth_provider.qq.enabled == 1 %} + + {% endif %} + {% if oauth_provider.qq.enabled == 1 %} + + {% endif %} +
diff --git a/app/Library/OAuth.php b/app/Library/OAuth.php deleted file mode 100644 index 49879bc6..00000000 --- a/app/Library/OAuth.php +++ /dev/null @@ -1,53 +0,0 @@ -appId = $appId; - $this->appSecret = $appSecret; - $this->redirectUri = $redirectUri; - } - - public function httpGet($uri, $params = [], $headers = []) - { - $client = new HttpClient(); - - $options = ['query' => $params, 'headers' => $headers]; - - $response = $client->get($uri, $options); - - return $response->getBody(); - } - - public function httpPost($uri, $params = [], $headers = []) - { - $client = new HttpClient(); - - $options = ['query' => $params, 'headers' => $headers]; - - $response = $client->post($uri, $options); - - return $response->getBody(); - } - - abstract public function getAuthorizeUrl(); - - abstract public function getAccessToken($code); - - abstract public function getOpenId($accessToken); - - abstract public function getUserInfo($accessToken, $openId); - -} diff --git a/app/Models/Connect.php b/app/Models/Connect.php new file mode 100644 index 00000000..4266e805 --- /dev/null +++ b/app/Models/Connect.php @@ -0,0 +1,104 @@ +addBehavior( + new SoftDelete([ + 'field' => 'deleted', + 'value' => 1, + ]) + ); + } + + public function beforeCreate() + { + $this->create_time = time(); + } + + public function beforeUpdate() + { + $this->update_time = time(); + } + +} diff --git a/app/Repos/Connect.php b/app/Repos/Connect.php new file mode 100644 index 00000000..e32c88a1 --- /dev/null +++ b/app/Repos/Connect.php @@ -0,0 +1,62 @@ +where('1 = 1'); + + if (isset($where['user_id'])) { + $query->andWhere('user_id = :user_id:', ['user_id' => $where['user_id']]); + } + + if (isset($where['provider'])) { + $query->andWhere('provider = :provider:', ['provider' => $where['provider']]); + } + + if (isset($where['deleted'])) { + $query->andWhere('deleted = :deleted:', ['deleted' => $where['deleted']]); + } + + $query->orderBy('id DESC'); + + return $query->execute(); + } + + /** + * @param int $id + * @return ConnectModel|Model|bool + */ + public function findById($id) + { + return ConnectModel::findFirst($id); + } + + /** + * @param string $openId + * @param int $provider + * @return ConnectModel|Model|bool + */ + public function findByOpenId($openId, $provider) + { + return ConnectModel::findFirst([ + 'conditions' => 'open_id = ?1 and provider = ?2', + 'bind' => [1 => $openId, 2 => $provider], + ]); + } + +} diff --git a/app/Services/Logic/Account/OAuthProvider.php b/app/Services/Logic/Account/OAuthProvider.php new file mode 100644 index 00000000..79a9cd2d --- /dev/null +++ b/app/Services/Logic/Account/OAuthProvider.php @@ -0,0 +1,23 @@ +getSettings('oauth.weixin'); + $weibo = $this->getSettings('oauth.weibo'); + $qq = $this->getSettings('oauth.qq'); + + return [ + 'weixin' => ['enabled' => $weixin['enabled']], + 'weibo' => ['enabled' => $weibo['enabled']], + 'qq' => ['enabled' => $qq['enabled']], + ]; + } + +} diff --git a/app/Services/Logic/Order/PayProvider.php b/app/Services/Logic/Order/PayProvider.php new file mode 100644 index 00000000..a8271845 --- /dev/null +++ b/app/Services/Logic/Order/PayProvider.php @@ -0,0 +1,21 @@ +getSettings('pay.alipay'); + $wxpay = $this->getSettings('pay.wxpay'); + + return [ + 'alipay' => ['enabled' => $alipay['enabled']], + 'wxpay' => ['enabled' => $wxpay['enabled']], + ]; + } + +} diff --git a/app/Services/Logic/User/Console/ConnectDelete.php b/app/Services/Logic/User/Console/ConnectDelete.php new file mode 100644 index 00000000..27d60489 --- /dev/null +++ b/app/Services/Logic/User/Console/ConnectDelete.php @@ -0,0 +1,26 @@ +getLoginUser(); + + $validator = new ConnectValidator(); + + $connect = $validator->checkConnect($id); + + $validator->checkOwner($user->id, $connect->user_id); + + $connect->deleted = 1; + + $connect->update(); + } + +} diff --git a/app/Services/Logic/User/Console/ConnectList.php b/app/Services/Logic/User/Console/ConnectList.php new file mode 100644 index 00000000..7c930e89 --- /dev/null +++ b/app/Services/Logic/User/Console/ConnectList.php @@ -0,0 +1,45 @@ +getLoginUser(); + + $params = [ + 'user_id' => $user->id, + 'deleted' => 0, + ]; + + $connectRepo = new ConnectRepo(); + + $connects = $connectRepo->findAll($params); + + if ($connects->count() == 0) { + return []; + } + + $items = []; + + foreach ($connects as $connect) { + $items[] = [ + 'id' => $connect->id, + 'open_id' => $connect->open_id, + 'open_name' => $connect->open_name, + 'open_avatar' => $connect->open_avatar, + 'provider' => $connect->provider, + 'create_time' => $connect->create_time, + 'update_time' => $connect->update_time, + ]; + } + + return $items; + } + +} diff --git a/app/Services/OAuth.php b/app/Services/OAuth.php new file mode 100644 index 00000000..43aeefb0 --- /dev/null +++ b/app/Services/OAuth.php @@ -0,0 +1,107 @@ +clientId = $clientId; + $this->clientSecret = $clientSecret; + $this->redirectUri = $redirectUri; + } + + public function httpGet($uri, $params = [], $headers = []) + { + $client = new HttpClient(); + + $options = ['query' => $params, 'headers' => $headers]; + + $response = $client->get($uri, $options); + + return $response->getBody(); + } + + public function httpPost($uri, $params = [], $headers = []) + { + $client = new HttpClient(); + + $options = ['query' => $params, 'headers' => $headers]; + + $response = $client->post($uri, $options); + + return $response->getBody(); + } + + public function getState() + { + /** + * @var $crypt Crypt + */ + $crypt = Di::getDefault()->get('crypt'); + + return $crypt->encryptBase64(rand(1000, 9999)); + } + + public function checkState($state) + { + /** + * 注意事项: + * callback中的state参数并未做encode处理,参数中含有"+" + * 获取参数的时候却自动做了decode处理,"+"变成了空格 + */ + $state = str_replace(' ', '+', $state); + + /** + * @var $crypt Crypt + */ + $crypt = Di::getDefault()->get('crypt'); + + $value = $crypt->decryptBase64($state); + + if ($value < 1000 || $value > 9999) { + throw new \Exception('Invalid OAuth State Value'); + } + + return true; + } + + abstract public function getAuthorizeUrl(); + + abstract public function getAccessToken($code); + + abstract public function getOpenId($accessToken); + + abstract public function getUserInfo($accessToken, $openId); + +} diff --git a/app/Library/OAuth/QQ.php b/app/Services/OAuth/QQ.php similarity index 75% rename from app/Library/OAuth/QQ.php rename to app/Services/OAuth/QQ.php index 3515a0d9..c166b8e5 100644 --- a/app/Library/OAuth/QQ.php +++ b/app/Services/OAuth/QQ.php @@ -1,8 +1,8 @@ $this->appId, + 'client_id' => $this->clientId, 'redirect_uri' => $this->redirectUri, + 'state' => $this->getState(), 'response_type' => 'code', - 'scope' => '', + 'scope' => 'get_user_info', ]; return self::AUTHORIZE_URL . '?' . http_build_query($params); @@ -28,11 +29,10 @@ class QQ extends OAuth { $params = [ 'code' => $code, - 'client_id' => $this->appId, - 'client_secret' => $this->appSecret, + 'client_id' => $this->clientId, + 'client_secret' => $this->clientSecret, 'redirect_uri' => $this->redirectUri, 'grant_type' => 'authorization_code', - 'state' => 'ok', ]; $response = $this->httpPost(self::ACCESS_TOKEN_URL, $params); @@ -56,14 +56,14 @@ class QQ extends OAuth public function getUserInfo($accessToken, $openId) { $params = [ + 'oauth_consumer_key' => $this->clientId, 'access_token' => $accessToken, 'openid' => $openId, - 'oauth_consumer_key' => $this->appId, ]; $response = $this->httpGet(self::USER_INFO_URL, $params); - - $this->parseUserInfo($response); + + return $this->parseUserInfo($response); } protected function parseAccessToken($response) @@ -81,15 +81,15 @@ class QQ extends OAuth protected function parseOpenId($response) { - $result = $match = []; + $result = $matches = []; if (!empty($response)) { - preg_match('/callback\(\s+(.*?)\s+\)/i', $response, $match); - $result = json_decode($match[1], true); + preg_match('/callback\(\s+(.*?)\s+\)/i', $response, $matches); + $result = json_decode($matches[1], true); } if (!isset($result['openid'])) { - throw new \Exception("Fetch Openid Failed:{$response}"); + throw new \Exception("Fetch OpenId Failed:{$response}"); } return $result['openid']; @@ -98,16 +98,15 @@ class QQ extends OAuth protected function parseUserInfo($response) { $data = json_decode($response, true); - - if ($data['ret'] != 0) { - throw new \Exception("Fetch User Info Failed:{$data['msg']}"); + + if (isset($data['ret']) && $data['ret'] != 0) { + throw new \Exception("Fetch User Info Failed:{$response}"); } - - $userInfo['type'] = 'QQ'; + + $userInfo['id'] = $this->openId; $userInfo['name'] = $data['nickname']; - $userInfo['nick'] = $data['nickname']; - $userInfo['head'] = $data['figureurl_2']; - + $userInfo['avatar'] = $data['figureurl']; + return $userInfo; } diff --git a/app/Library/OAuth/WeiBo.php b/app/Services/OAuth/WeiBo.php similarity index 73% rename from app/Library/OAuth/WeiBo.php rename to app/Services/OAuth/WeiBo.php index b7bc79ac..a8c7bb48 100644 --- a/app/Library/OAuth/WeiBo.php +++ b/app/Services/OAuth/WeiBo.php @@ -1,21 +1,22 @@ $this->appId, + 'client_id' => $this->clientId, 'redirect_uri' => $this->redirectUri, + 'state' => $this->getState(), 'response_type' => 'code', ]; @@ -26,8 +27,8 @@ class WeiBo extends OAuth { $params = [ 'code' => $code, - 'client_id' => $this->appId, - 'client_secret' => $this->appSecret, + 'client_id' => $this->clientId, + 'client_secret' => $this->clientSecret, 'redirect_uri' => $this->redirectUri, 'grant_type' => 'authorization_code', ]; @@ -59,8 +60,8 @@ class WeiBo extends OAuth private function parseAccessToken($response) { $data = json_decode($response, true); - - if (!isset($data['access_token']) || isset($data['uid'])) { + + if (!isset($data['access_token']) || !isset($data['uid'])) { throw new \Exception("Fetch Access Token Failed:{$response}"); } @@ -72,16 +73,15 @@ class WeiBo extends OAuth private function parseUserInfo($response) { $data = json_decode($response, true); - - if ($data['error_code'] != 0) { - throw new \Exception("Fetch User Info Failed:{$data['error']}"); + + if (isset($data['error_code']) && $data['error_code'] != 0) { + throw new \Exception("Fetch User Info Failed:{$response}"); } - - $userInfo['type'] = 'WEIBO'; + + $userInfo['id'] = $data['id']; $userInfo['name'] = $data['name']; - $userInfo['nick'] = $data['screen_name']; - $userInfo['head'] = $data['avatar_large']; - + $userInfo['avatar'] = $data['profile_image_url']; + return $userInfo; } diff --git a/app/Library/OAuth/WeiXin.php b/app/Services/OAuth/WeiXin.php similarity index 76% rename from app/Library/OAuth/WeiXin.php rename to app/Services/OAuth/WeiXin.php index 4d741276..df371797 100644 --- a/app/Library/OAuth/WeiXin.php +++ b/app/Services/OAuth/WeiXin.php @@ -1,8 +1,8 @@ $this->appId, + 'appid' => $this->clientId, 'redirect_uri' => $this->redirectUri, + 'state' => $this->getState(), 'response_type' => 'code', 'scope' => 'snsapi_login', - 'state' => 'dev', ]; return self::AUTHORIZE_URL . '?' . http_build_query($params); @@ -28,8 +28,8 @@ class WeiXin extends OAuth { $params = [ 'code' => $code, - 'appid' => $this->appId, - 'secret' => $this->appSecret, + 'appid' => $this->clientId, + 'secret' => $this->clientSecret, 'grant_type' => 'authorization_code', ]; @@ -62,7 +62,7 @@ class WeiXin extends OAuth $data = json_decode($response, true); if (isset($data['errcode']) && $data['errcode'] != 0) { - throw new \Exception("Fetch Access Token Failed:{$data['errmsg']}"); + throw new \Exception("Fetch Access Token Failed:{$response}"); } $this->openId = $data['openid']; @@ -73,16 +73,15 @@ class WeiXin extends OAuth private function parseUserInfo($response) { $data = json_decode($response, true); - + if (isset($data['errcode']) && $data['errcode'] != 0) { - throw new \Exception("Fetch User Info Failed:{$data['errmsg']}"); + throw new \Exception("Fetch User Info Failed:{$response}"); } - - $userInfo['type'] = 'WEIXIN'; - $userInfo['name'] = $data['name']; - $userInfo['nick'] = $data['screen_name']; - $userInfo['head'] = $data['avatar_large']; - + + $userInfo['id'] = $data['openid']; + $userInfo['name'] = $data['nickname']; + $userInfo['avatar'] = $data['headimgurl']; + return $userInfo; } diff --git a/app/Validators/Connect.php b/app/Validators/Connect.php new file mode 100644 index 00000000..cdcf4410 --- /dev/null +++ b/app/Validators/Connect.php @@ -0,0 +1,41 @@ +checkConnectById($id); + } + + public function checkConnectById($id) + { + $connectRepo = new ConnectRepo(); + + $connect = $connectRepo->findById($id); + + if (!$connect) { + throw new BadRequestException('connect.not_found'); + } + + return $connect; + } + + public function checkConnectByOpenId($openId, $provider) + { + $connectRepo = new ConnectRepo(); + + $connect = $connectRepo->findByOpenId($openId, $provider); + + if (!$connect) { + throw new BadRequestException('connect.not_found'); + } + + return $connect; + } +} diff --git a/db/migrations/20201205091213_create_connect_table.php b/db/migrations/20201205091213_create_connect_table.php new file mode 100644 index 00000000..53041625 --- /dev/null +++ b/db/migrations/20201205091213_create_connect_table.php @@ -0,0 +1,92 @@ +table('kg_connect', [ + 'id' => false, + 'primary_key' => ['id'], + 'engine' => 'InnoDB', + 'encoding' => 'utf8mb4', + 'collation' => 'utf8mb4_general_ci', + 'comment' => '', + 'row_format' => 'DYNAMIC', + ]) + ->addColumn('id', 'integer', [ + 'null' => false, + 'limit' => MysqlAdapter::INT_REGULAR, + 'identity' => 'enable', + 'comment' => '主键编号', + ]) + ->addColumn('user_id', 'integer', [ + 'null' => false, + 'default' => '0', + 'limit' => MysqlAdapter::INT_REGULAR, + 'comment' => '用户编号', + 'after' => 'id', + ]) + ->addColumn('open_id', 'string', [ + 'null' => false, + 'default' => '', + 'limit' => 50, + 'collation' => 'utf8mb4_general_ci', + 'encoding' => 'utf8mb4', + 'comment' => '开放ID', + 'after' => 'user_id', + ]) + ->addColumn('open_name', 'string', [ + 'null' => false, + 'default' => '', + 'limit' => 30, + 'collation' => 'utf8mb4_general_ci', + 'encoding' => 'utf8mb4', + 'comment' => '开放名称', + 'after' => 'open_id', + ]) + ->addColumn('open_avatar', 'string', [ + 'null' => false, + 'default' => '', + 'limit' => 150, + 'collation' => 'utf8mb4_general_ci', + 'encoding' => 'utf8mb4', + 'comment' => '开放头像', + 'after' => 'open_name', + ]) + ->addColumn('provider', 'integer', [ + 'null' => false, + 'default' => '0', + 'limit' => MysqlAdapter::INT_REGULAR, + 'comment' => '提供方', + 'after' => 'open_avatar', + ]) + ->addColumn('deleted', 'integer', [ + 'null' => false, + 'default' => '0', + 'limit' => MysqlAdapter::INT_REGULAR, + 'comment' => '删除标识', + 'after' => 'provider', + ]) + ->addColumn('create_time', 'integer', [ + 'null' => false, + 'default' => '0', + 'limit' => MysqlAdapter::INT_REGULAR, + 'comment' => '创建时间', + 'after' => 'deleted', + ]) + ->addColumn('update_time', 'integer', [ + 'null' => false, + 'default' => '0', + 'limit' => MysqlAdapter::INT_REGULAR, + 'comment' => '更新时间', + 'after' => 'create_time', + ]) + ->addIndex(['open_id', 'provider'], [ + 'name' => 'openid_provider', + 'unique' => false, + ]) + ->create(); + } +} diff --git a/db/migrations/20201205112717_insert_oauth_setting_data.php b/db/migrations/20201205112717_insert_oauth_setting_data.php new file mode 100644 index 00000000..40cfe6f2 --- /dev/null +++ b/db/migrations/20201205112717_insert_oauth_setting_data.php @@ -0,0 +1,85 @@ + 'oauth.qq', + 'item_key' => 'enabled', + 'item_value' => '0', + ], + [ + 'section' => 'oauth.qq', + 'item_key' => 'client_id', + 'item_value' => '', + ], + [ + 'section' => 'oauth.qq', + 'item_key' => 'client_secret', + 'item_value' => '', + ], + [ + 'section' => 'oauth.qq', + 'item_key' => 'redirect_uri', + 'item_value' => '', + ], + [ + 'section' => 'oauth.weixin', + 'item_key' => 'enabled', + 'item_value' => '0', + ], + [ + 'section' => 'oauth.weixin', + 'item_key' => 'client_id', + 'item_value' => '', + ], + [ + 'section' => 'oauth.weixin', + 'item_key' => 'client_secret', + 'item_value' => '', + ], + [ + 'section' => 'oauth.weixin', + 'item_key' => 'redirect_uri', + 'item_value' => '', + ], + [ + 'section' => 'oauth.weibo', + 'item_key' => 'enabled', + 'item_value' => '0', + ], + [ + 'section' => 'oauth.weibo', + 'item_key' => 'client_id', + 'item_value' => '', + ], + [ + 'section' => 'oauth.weibo', + 'item_key' => 'client_secret', + 'item_value' => '', + ], + [ + 'section' => 'oauth.weibo', + 'item_key' => 'redirect_uri', + 'item_value' => '', + ], + ]; + + $this->table('kg_setting')->insert($rows)->save(); + } + + public function down() + { + $this->execute("DELETE FROM kg_setting WHERE section = 'oauth.qq'"); + $this->execute("DELETE FROM kg_setting WHERE section = 'oauth.weixin'"); + $this->execute("DELETE FROM kg_setting WHERE section = 'oauth.weibo'"); + } + +} \ No newline at end of file diff --git a/public/static/home/css/common.css b/public/static/home/css/common.css index a78ec345..bf8478c5 100644 --- a/public/static/home/css/common.css +++ b/public/static/home/css/common.css @@ -1188,7 +1188,7 @@ } .login-wrap .link { - margin-bottom: 30px; + margin-bottom: 20px; font-size: 12px; text-align: center; } @@ -1202,6 +1202,26 @@ color: #999; } +.login-wrap .oauth { + text-align: center; +} + +.login-wrap .oauth a { + margin: 0 10px; +} + +.login-qq { + color: dodgerblue; +} + +.login-wechat { + color: green; +} + +.login-weibo { + color: red; +} + .user-profile { position: relative; } @@ -1537,9 +1557,12 @@ margin-right: 0; } +.security-item-list { + margin-top: -20px; +} + .security-item { - padding: 15px; - line-height: 50px; + line-height: 80px; border-bottom: 1px dashed #ccc; } @@ -1563,6 +1586,29 @@ float: right; } +.connect-list { + margin-bottom: 20px; +} + +.open-avatar img { + width: 16px; + height: 16px; + border-radius: 100%; +} + +.connect-tips { + color: #666; + margin-bottom: 20px; +} + +.oauth-list { + margin-bottom: 20px; +} + +.oauth-list a { + margin: 0 10px; +} + .order-filter { padding: 15px 20px; }