<?php namespace Meibuyu\Micro\Middleware; use FastRoute\Dispatcher; use Hyperf\HttpServer\Router\DispatcherFactory; use Hyperf\Utils\ApplicationContext; use Meibuyu\Micro\Model\Auth; use Meibuyu\Micro\Service\Interfaces\User\AuthenticationServiceInterface; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\MiddlewareInterface; use Psr\Http\Server\RequestHandlerInterface; use Hyperf\Di\Annotation\Inject; class AuthorizeMiddleware implements MiddlewareInterface { /** * @Inject() * @var AuthenticationServiceInterface */ private $authorizationService; public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface { $path = $request->getUri()->getPath(); $token = token(); $applicationName = env('APP_NAME'); $method = $request->getMethod(); if (empty($path)) return $handler->handle($request); //获取对应的 path 对应的权限,如果 path 是不需要登录鉴权,直接返回 $passed = $this->authRouter($applicationName, $path, $method, $token); if ($passed) { return $handler->handle($request); } return response()->withStatus(403)->json( [ 'code' => 403, 'msg' => "您没有访问接口的权限,请检查后再操作" ]); //鉴权失败,错误码 403 forbidden //path 是需要登录鉴权的,判断当前用户是佛有对应 path 的权限 } /** * 获取对应路由的权限,调用 RPC 服务 * @param $applicationName * @param $route * @param $token * @return bool */ protected function authRouter($applicationName, $path, $method, $token): bool { $userId = $this->getUserIdByToken($token); $route = $this->getRouterByPath($path, $method); if (empty($route)) return true; //说明没有匹配到路由,直接 pass,后续执行一定会返回 404, 这里也可以直接 返回 404 return $this->authorizationService->authByRouter($applicationName, $route, $method, $userId); } /** * 根据 path 和 method 获取对应的 router * @param string $path * @param string $method * @return array|string */ private function getRouterByPath(string $path, string $method) : string { $factory = ApplicationContext::getContainer()->get(DispatcherFactory::class); $dispatcher = $factory->getDispatcher('http'); $routerMatched = $dispatcher->dispatch($method, $path); $founded = $routerMatched[0]; if ( $founded != Dispatcher::FOUND) return ''; //说明没有匹配上路由,可以直接 return 404 not found $handler = $routerMatched[1]; return $handler->route; } /** * 根据 token 获取对应的 user_id * @param $token * @return int|mixed */ protected function getUserIdByToken($token) { if (empty($token)) return 0; $user = redis()->get($token); if ( ! $user) return 0; $userArr = \json_decode($user, true); return !empty($userArr['id']) ? $userArr['id'] : 0; } }