/**
* 检查 token 对应的用户是否有权限访问接口
*
* @param string $token 用于API权限验证的 token
* @param string $action 控制器类名及方法(不包含命名空间)
* @param \App\Http\Request $req HTTP 请求对象
* @return array
*/
public function valid_token($token, $action, &$req = null) : array
{
if (!$token || strlen($token) !== 32) {
return [-101, '请提供有效的 token'];
}
$dateline = time();
$uid = mem_get('api_' . $token);
if ($uid === false) {
$m_al = new ApiLogin();
$api_login = $m_al->find(['token' => $token, 'dateline >=' => $dateline - self::CACHE_TIME], 'uid, token, dateline');
if ($api_login) {
$uid = $api_login['uid'];
mem_set('api_' . $token, $uid, self::CACHE_TIME);
} else {
return [-102, 'token不匹配'];
}
}
// 检查权限
$key_rights = 'api_rights_' . $uid;
$key_allowed_ip = 'api_allowed_ip_' . $uid;
$uid_rights = mem_get($key_rights);
$allowed_ip = mem_get($key_allowed_ip);
if ($uid_rights === false) {
$m_au = new ApiUser();
$api_user = $m_au->find(['uid' => $uid], 'rights, allowed_ip');
if (!$api_user) {
return [-103, 'token 对应的用户不存在'];
}
$uid_rights = $api_user['rights'];
$allowed_ip = $api_user['allowed_ip'];
mem_set($key_rights, $uid_rights, self::CACHE_TIME);
mem_set($key_allowed_ip, $allowed_ip, self::CACHE_TIME);
}
list($controller, $method) = explode(':', $action, 2);
if (!$this->check_rights($uid_rights, $controller, $method)) {
return [-104, '您没有权限访问该接口'];
}
// 检查IP是否允许
$ip = $_SERVER['REMOTE_ADDR'];
if ($allowed_ip && strpos($allowed_ip, $ip) === false) {
return [-105, '您的IP无权限访问接口'];
}
$req = $this->set_extra_args($req, $uid_rights, $action);
return [0, $uid];
}
<?php
}
?>
<div class="page-header" style="margin: 0 0 20px;">
<h2>
<a href="<?php
echo URL::route('home');
?>
" class="pull-right btn btn-default">Back to List</a>
Timer Details
</h2>
</div>
<?php
$name = MapItem::find($timer->itemID);
$user = ApiUser::find($timer->user_id);
$sys_tmp = preg_split("/\\ [IVX]+/", $name->itemName);
$system = $sys_tmp[0];
?>
<h3><a href="http://evemaps.dotlan.net/system/<?php
echo $system;
?>
"><?php
echo $name->itemName;
?>
</a></h3>
<h4><?php
echo date('Y-m-d H:i:s e', strtotime($timer->timeExiting));
?>
- <?php
echo Carbon::createFromTimeStamp(strtotime($timer->timeExiting))->diffForHumans();
private function updateUser($token, $result)
{
// validate permissions
$permission = 0;
foreach (Config::get('braveapi.auth-edit-tags') as $tag) {
if (in_array($tag, $result->tags)) {
$permission = 1;
break;
}
}
// per user overrides
foreach (Config::get('braveapi.auth-edit-users') as $id) {
if ($id == $result->character->id) {
$permission = 1;
break;
}
}
// Get alliance info
$api = new Brave\API(Config::get('braveapi.application-endpoint'), Config::get('braveapi.application-identifier'), Config::get('braveapi.local-private-key'), Config::get('braveapi.remote-public-key'));
$alliance_result = $api->lookup->alliance(array('search' => $result->alliance->id, 'only' => 'short'));
/*
if($result->character->id == 93647416)
{
dd($result);
}
*/
// check for existing user
$userfound = ApiUser::find($result->character->id);
if ($userfound == false) {
// no user found, create it
$userfound = ApiUser::create(array('id' => $result->character->id, 'token' => $token, 'remember_token' => '', 'character_name' => $result->character->name, 'alliance_id' => $result->alliance->id, 'alliance_name' => $result->alliance->name, 'alliance_ticker' => $alliance_result->short, 'tags' => json_encode($result->tags), 'status' => 1, 'permission' => $permission));
} else {
// update the existing user
$userfound->token = $token;
$userfound->status = 1;
$userfound->permission = $permission;
$userfound->token = $token;
$userfound->character_name = $result->character->name;
$userfound->alliance_id = $result->alliance->id;
$userfound->alliance_name = $result->alliance->name;
$userfound->alliance_ticker = $alliance_result->short;
$userfound->permission = $permission;
$userfound->tags = json_encode($result->tags);
$userfound->save();
}
return $userfound;
}
