鉴权部分优化

45426787 · 秦俊坤 · ae9e4f3f · 45426787 · 45426787
Commit 45426787 authored Mar 31, 2022 by 秦俊坤
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 8 deletions

AuthorizeMiddleware.php src/Middleware/AuthorizeMiddleware.php +28 -6

AuthenticationServiceInterface.php ...ervice/Interfaces/User/AuthenticationServiceInterface.php +2 -2

No files found.
--- a/src/Middleware/AuthorizeMiddleware.php
+++ b/src/Middleware/AuthorizeMiddleware.php
@@ -2,6 +2,9 @@

 namespace Meibuyu\Micro\Middleware;

+use FastRoute\Dispatcher;
+use Hyperf\HttpServer\Router\DispatcherFactory;
+use Hyperf\Utils\ApplicationContext;
 use Meibuyu\Micro\Model\Auth;
 use Meibuyu\Micro\Service\Interfaces\User\AuthenticationServiceInterface;
 use Psr\Http\Message\ResponseInterface;
@@ -21,20 +24,20 @@ class AuthorizeMiddleware implements MiddlewareInterface

    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
-        $route = $request->getUri()->getPath();
+        $path = $request->getUri()->getPath();
        $token = token();
        $applicationName = env('APP_NAME');
        $method = $request->getMethod();

-        if (empty($route)) return $handler->handle($request);
-        //获取对应的 route 对应的权限，如果 route 是不需要登录鉴权，直接返回
-        $passed  = $this->authRouter($applicationName, $route, $method, $token);
+        if (empty($path)) return $handler->handle($request);
+        //获取对应的 path 对应的权限，如果 path 是不需要登录鉴权，直接返回
+        $passed  = $this->authRouter($applicationName, $path, $method, $token);
        if ($passed)  {
            return $handler->handle($request);
        }

        return response()->withStatus(403);     //鉴权失败，错误码 403 forbidden
-        //route 是需要登录鉴权的，判断当前用户是佛有对应  route 的权限
+        //path 是需要登录鉴权的，判断当前用户是佛有对应  path 的权限

    }

@@ -46,13 +49,32 @@ class AuthorizeMiddleware implements MiddlewareInterface
     * @param $token
     * @return bool
     */
-    protected function authRouter($applicationName, $route, $method, $token):  bool
+    protected function authRouter($applicationName, $path, $method, $token):  bool
    {
        $userId = $this->getUserIdByToken($token);
+        $route = $this->getRouterByPath($path, $method);
+        if (empty($route)) return true;     //说明没有匹配到路由，直接 pass，后续执行一定会返回 404， 这里也可以直接  返回 404

        return $this->authorizationService->authByRouter($applicationName, $route, $method, $userId);
    }

+    /**
+     * 根据 path 和 method 获取对应的 router
+     * @param string $path
+     * @param string $method
+     * @return array|string
+     */
+    private function getRouterByPath(string $path, string $method) : array
+    {
+        $factory = ApplicationContext::getContainer()->get(DispatcherFactory::class);
+        $dispatcher = $factory->getDispatcher('http');
+        $routerMatched = $dispatcher->dispatch($method, $path);
+        $founded =  $routerMatched[0];
+        if ( $founded != Dispatcher::FOUND) return '';        //说明没有匹配上路由，可以直接 return 404 not found
+
+        $handler = $routerMatched[1];
+        return $handler->route;
+    }

    /**
     * 根据 token 获取对应的 user_id

--- a/src/Service/Interfaces/User/AuthenticationServiceInterface.php
+++ b/src/Service/Interfaces/User/AuthenticationServiceInterface.php
@@ -31,12 +31,12 @@ interface AuthenticationServiceInterface

    /**
     * 获取对应路由的接口权限结果
-     * @param $path string 路由名字
+     * @param $route string 路由名字
     * @param $applicationName string 应用名字
     * @param $method string  请求方法
     * @param $userId integer  用户 ID
     * @return bool
     */
-    public function authByRouter($applicationName, $path, $method, $userId):  bool;
+    public function authByRouter($applicationName, $route, $method, $userId):  bool;

 }