nas_docker_compose/kodbox/site/app/controller/user/sso.class.php

<?php

/**
 * 共享账号登录;支持限定账户,部门,权限组;
 */
class userSso extends Controller{
	public function __construct(){
		parent::__construct();
	}

	// sdk模式; 引入代码调用;
	public function check($appName){
		$urlInfo = parse_url(this_url());
		$GLOBALS['API_SSO_KEY']  = 'kodTokenApi-'.substr(md5($urlInfo['path']),0,5);
		$GLOBALS['API_SSO_PATH'] = $this->thisPathUrl();
		if(isset($this->in['kodTokenApi'])){
			$_REQUEST['accessToken'] = $this->in['kodTokenApi'];
		}
		
		$app = new Application();
		$app->setDefault('user.index.index');
		$result = $this->checkAuth($appName);
		$theUrl = $this->urlRemoveKey(this_url(),'kodTokenApi');
		if($result === true){
			if(isset($this->in['kodTokenApi'])){// 登录成功处理;	
				header('Location:'.$theUrl);exit;
			}
			return $this->userInfo();
		}
		$login = 'index.php?user/index/autoLogin&link='.rawurlencode($theUrl).'&callbackToken=1&msg='.$result;
		header('Location:'.APP_HOST.$login);exit;
	}
	private function userInfo(){
		$userInfo = Session::get('kodUser');
		if(!$userInfo) return false;
		
		$keys = explode(',','userID,name,email,phone,nickName,avatar,sex,avatar');
		$user = array_field_key($userInfo,$keys);
		$user['accessToken'] = Action('user.index')->accessToken();
		return $user;
	}
	private function thisPathUrl(){
		$uriInfo = parse_url(this_url());
		$uriPath = dirname($uriInfo['path']);
		if(substr($uriPath,-1) == '/'){$uriPath = $uriInfo['path'];}
		return '/'.trim($uriPath,'/');
	}
	
	private function checkAuth($appName){
		Action('user.index')->init();
		if(!Session::get('kodUser.userID')) return '[API LOGIN]';

		// user:所有登录用户, root:系统管理员用户; 其他指定用户json:指定用户处理;
		if(!$appName || $appName == 'user:all'){$appName = '{"user":"all"}';}
		if($appName == 'user:admin'){$appName = '{"user":"admin"}';}
		if(substr($appName,0,1) == '{'){
			//支持直接传入权限设定对象;{"user":"1,3","group":"1","role":"1,2"}
			$allow = Action('user.AuthPlugin')->checkAuthValue($appName);
		}else{
			$allow = Action('user.AuthPlugin')->checkAuth($appName);
		}
		if(!$allow){return LNG('user.loginNoPermission');}
		return true;
	}

	// 第三方通过url调用请求;
	public function apiCheckToken(){
		$result  = $this->checkAuth($_GET['appName']);
		$content = "[error]:".$result;
		if($result === true){
			ob_get_clean();
			$content = json_encode($this->userInfo());
		}
		echo $content;
	}
	// -> login&apiLogin => 第三方app&token=accessToken;
	public function apiLogin(){
		$result = $this->checkAuth($_GET['appName']);
		$callbackUrl = $_GET['callbackUrl'];
		if($result === true){
			$token = Action('user.index')->accessToken();
			$callbackUrl = $this->urlRemoveKey($callbackUrl,'kodTokenApi');
			if(strstr($callbackUrl,'?')){
				$callbackUrl = $callbackUrl.'&kodTokenApi='.$token;
			}else{
				$callbackUrl = $callbackUrl.'?kodTokenApi='.$token;
			}
			// pr($callbackUrl,$token);exit;
			header('Location:'.$callbackUrl);exit;
		}
		
		$link = APP_HOST.'#user/login&link='.rawurlencode($callbackUrl).'&callbackToken=1&msg='.$result;
		header('Location:'.$link);exit;
	}
	
	// 清除sso 登录cache缓存;
	public function logout(){
		$ssoKey 	= 'KOD_SSO_CACHE_KEY';
		$cachePath 	= BASIC_PATH.'data/temp/_cache/';
		$keys 		= isset($_COOKIE[$ssoKey]) ? $_COOKIE[$ssoKey] : '';
		if(!$keys){return;}
		
		$keyArr = explode(',',rawurldecode($keys));
		foreach ($keyArr as $key){
			$key = str_replace(array("/",'\\','?'),"_",$key);
        	$cacheFile = $cachePath."cache_api_".$key.'.php';
			if($key && @file_exists($cacheFile)){
				@unlink($cacheFile);
			}
		}
		Cookie::remove($ssoKey,true);
	}
	
	private function urlRemoveKey($url,$key){
		$parse = parse_url($url);
		parse_str($parse['query'],$get);
		unset($get[$key]);
		$query = http_build_query($get);
		$query = $query ? '?'.$query : '';
		$port  = (isset($parse['port']) && $parse['port'] != '80' ) ? ':'.$parse['port']:'';
		return $parse['scheme'].'://'.$parse['host'].$port.$parse['path'].$query;
	}
}
update 2024-08-31 01:03:37 +08:00			`<?php`

			`/**`
			`* 共享账号登录;支持限定账户,部门,权限组;`
			`*/`
			`class userSso extends Controller{`
			`public function __construct(){`
			`parent::__construct();`
			`}`

			`// sdk模式; 引入代码调用;`
			`public function check($appName){`
			`$urlInfo = parse_url(this_url());`
			`$GLOBALS['API_SSO_KEY'] = 'kodTokenApi-'.substr(md5($urlInfo['path']),0,5);`
			`$GLOBALS['API_SSO_PATH'] = $this->thisPathUrl();`
			`if(isset($this->in['kodTokenApi'])){`
			`$_REQUEST['accessToken'] = $this->in['kodTokenApi'];`
			`}`

			`$app = new Application();`
			`$app->setDefault('user.index.index');`
			`$result = $this->checkAuth($appName);`
			`$theUrl = $this->urlRemoveKey(this_url(),'kodTokenApi');`
			`if($result === true){`
			`if(isset($this->in['kodTokenApi'])){// 登录成功处理;`
			`header('Location:'.$theUrl);exit;`
			`}`
			`return $this->userInfo();`
			`}`
			`$login = 'index.php?user/index/autoLogin&link='.rawurlencode($theUrl).'&callbackToken=1&msg='.$result;`
			`header('Location:'.APP_HOST.$login);exit;`
			`}`
			`private function userInfo(){`
			`$userInfo = Session::get('kodUser');`
			`if(!$userInfo) return false;`

			`$keys = explode(',','userID,name,email,phone,nickName,avatar,sex,avatar');`
			`$user = array_field_key($userInfo,$keys);`
			`$user['accessToken'] = Action('user.index')->accessToken();`
			`return $user;`
			`}`
			`private function thisPathUrl(){`
			`$uriInfo = parse_url(this_url());`
			`$uriPath = dirname($uriInfo['path']);`
			`if(substr($uriPath,-1) == '/'){$uriPath = $uriInfo['path'];}`
			`return '/'.trim($uriPath,'/');`
			`}`

			`private function checkAuth($appName){`
			`Action('user.index')->init();`
			`if(!Session::get('kodUser.userID')) return '[API LOGIN]';`

			`// user:所有登录用户, root:系统管理员用户; 其他指定用户json:指定用户处理;`
			`if(!$appName \|\| $appName == 'user:all'){$appName = '{"user":"all"}';}`
			`if($appName == 'user:admin'){$appName = '{"user":"admin"}';}`
			`if(substr($appName,0,1) == '{'){`
			`//支持直接传入权限设定对象;{"user":"1,3","group":"1","role":"1,2"}`
			`$allow = Action('user.AuthPlugin')->checkAuthValue($appName);`
			`}else{`
			`$allow = Action('user.AuthPlugin')->checkAuth($appName);`
			`}`
			`if(!$allow){return LNG('user.loginNoPermission');}`
			`return true;`
			`}`

			`// 第三方通过url调用请求;`
			`public function apiCheckToken(){`
			`$result = $this->checkAuth($_GET['appName']);`
			`$content = "[error]:".$result;`
			`if($result === true){`
			`ob_get_clean();`
			`$content = json_encode($this->userInfo());`
			`}`
			`echo $content;`
			`}`
			`// -> login&apiLogin => 第三方app&token=accessToken;`
			`public function apiLogin(){`
			`$result = $this->checkAuth($_GET['appName']);`
			`$callbackUrl = $_GET['callbackUrl'];`
			`if($result === true){`
			`$token = Action('user.index')->accessToken();`
			`$callbackUrl = $this->urlRemoveKey($callbackUrl,'kodTokenApi');`
			`if(strstr($callbackUrl,'?')){`
			`$callbackUrl = $callbackUrl.'&kodTokenApi='.$token;`
			`}else{`
			`$callbackUrl = $callbackUrl.'?kodTokenApi='.$token;`
			`}`
			`// pr($callbackUrl,$token);exit;`
			`header('Location:'.$callbackUrl);exit;`
			`}`

			`$link = APP_HOST.'#user/login&link='.rawurlencode($callbackUrl).'&callbackToken=1&msg='.$result;`
			`header('Location:'.$link);exit;`
			`}`

			`// 清除sso 登录cache缓存;`
			`public function logout(){`
			`$ssoKey = 'KOD_SSO_CACHE_KEY';`
			`$cachePath = BASIC_PATH.'data/temp/_cache/';`
			`$keys = isset($_COOKIE[$ssoKey]) ? $_COOKIE[$ssoKey] : '';`
			`if(!$keys){return;}`

			`$keyArr = explode(',',rawurldecode($keys));`
			`foreach ($keyArr as $key){`
			`$key = str_replace(array("/",'\\','?'),"_",$key);`
			`$cacheFile = $cachePath."cache_api_".$key.'.php';`
			`if($key && @file_exists($cacheFile)){`
			`@unlink($cacheFile);`
			`}`
			`}`
			`Cookie::remove($ssoKey,true);`
			`}`

			`private function urlRemoveKey($url,$key){`
			`$parse = parse_url($url);`
			`parse_str($parse['query'],$get);`
			`unset($get[$key]);`
			`$query = http_build_query($get);`
			`$query = $query ? '?'.$query : '';`
			`$port = (isset($parse['port']) && $parse['port'] != '80' ) ? ':'.$parse['port']:'';`
			`return $parse['scheme'].'://'.$parse['host'].$port.$parse['path'].$query;`
			`}`
			`}`