/** * 检查 token 对应的用户是否有权限访问接口 * * @param string $token 用于API权限验证的 token * @param string $action 控制器类名及方法(不包含命名空间) * @param \App\Http\Request $req HTTP 请求对象 * @return array */ public function valid_token($token, $action, &$req = null) : array { if (!$token || strlen($token) !== 32) { return [-101, '请提供有效的 token']; } $dateline = time(); $uid = mem_get('api_' . $token); if ($uid === false) { $m_al = new ApiLogin(); $api_login = $m_al->find(['token' => $token, 'dateline >=' => $dateline - self::CACHE_TIME], 'uid, token, dateline'); if ($api_login) { $uid = $api_login['uid']; mem_set('api_' . $token, $uid, self::CACHE_TIME); } else { return [-102, 'token不匹配']; } } // 检查权限 $key_rights = 'api_rights_' . $uid; $key_allowed_ip = 'api_allowed_ip_' . $uid; $uid_rights = mem_get($key_rights); $allowed_ip = mem_get($key_allowed_ip); if ($uid_rights === false) { $m_au = new ApiUser(); $api_user = $m_au->find(['uid' => $uid], 'rights, allowed_ip'); if (!$api_user) { return [-103, 'token 对应的用户不存在']; } $uid_rights = $api_user['rights']; $allowed_ip = $api_user['allowed_ip']; mem_set($key_rights, $uid_rights, self::CACHE_TIME); mem_set($key_allowed_ip, $allowed_ip, self::CACHE_TIME); } list($controller, $method) = explode(':', $action, 2); if (!$this->check_rights($uid_rights, $controller, $method)) { return [-104, '您没有权限访问该接口']; } // 检查IP是否允许 $ip = $_SERVER['REMOTE_ADDR']; if ($allowed_ip && strpos($allowed_ip, $ip) === false) { return [-105, '您的IP无权限访问接口']; } $req = $this->set_extra_args($req, $uid_rights, $action); return [0, $uid]; }
<?php } ?> <div class="page-header" style="margin: 0 0 20px;"> <h2> <a href="<?php echo URL::route('home'); ?> " class="pull-right btn btn-default">Back to List</a> Timer Details </h2> </div> <?php $name = MapItem::find($timer->itemID); $user = ApiUser::find($timer->user_id); $sys_tmp = preg_split("/\\ [IVX]+/", $name->itemName); $system = $sys_tmp[0]; ?> <h3><a href="http://evemaps.dotlan.net/system/<?php echo $system; ?> "><?php echo $name->itemName; ?> </a></h3> <h4><?php echo date('Y-m-d H:i:s e', strtotime($timer->timeExiting)); ?> - <?php echo Carbon::createFromTimeStamp(strtotime($timer->timeExiting))->diffForHumans();
private function updateUser($token, $result) { // validate permissions $permission = 0; foreach (Config::get('braveapi.auth-edit-tags') as $tag) { if (in_array($tag, $result->tags)) { $permission = 1; break; } } // per user overrides foreach (Config::get('braveapi.auth-edit-users') as $id) { if ($id == $result->character->id) { $permission = 1; break; } } // Get alliance info $api = new Brave\API(Config::get('braveapi.application-endpoint'), Config::get('braveapi.application-identifier'), Config::get('braveapi.local-private-key'), Config::get('braveapi.remote-public-key')); $alliance_result = $api->lookup->alliance(array('search' => $result->alliance->id, 'only' => 'short')); /* if($result->character->id == 93647416) { dd($result); } */ // check for existing user $userfound = ApiUser::find($result->character->id); if ($userfound == false) { // no user found, create it $userfound = ApiUser::create(array('id' => $result->character->id, 'token' => $token, 'remember_token' => '', 'character_name' => $result->character->name, 'alliance_id' => $result->alliance->id, 'alliance_name' => $result->alliance->name, 'alliance_ticker' => $alliance_result->short, 'tags' => json_encode($result->tags), 'status' => 1, 'permission' => $permission)); } else { // update the existing user $userfound->token = $token; $userfound->status = 1; $userfound->permission = $permission; $userfound->token = $token; $userfound->character_name = $result->character->name; $userfound->alliance_id = $result->alliance->id; $userfound->alliance_name = $result->alliance->name; $userfound->alliance_ticker = $alliance_result->short; $userfound->permission = $permission; $userfound->tags = json_encode($result->tags); $userfound->save(); } return $userfound; }