save
This commit is contained in:
@@ -0,0 +1,52 @@
|
||||
<?php
|
||||
|
||||
namespace app\controller;
|
||||
|
||||
use support\Request;
|
||||
use support\Redis;
|
||||
use support\Db;
|
||||
|
||||
class Account
|
||||
{
|
||||
public function loginCallback(Request $request)
|
||||
{
|
||||
$rd=$request->input('rd','null');
|
||||
$sum=$request->input('sum','null');
|
||||
$uid=$request->input('id','null');
|
||||
if($rd=='null'||$sum=='null'||$sum!=md5($rd.$uid.getenv('aeskey'))){
|
||||
return view('404');
|
||||
}
|
||||
$session = $request->session();
|
||||
$session->set('ACCOUNT_CALLBACK_rd', $rd);
|
||||
$session->set('ACCOUNT', $uid);
|
||||
$user = Db::table('User')->where('ID', $uid)->first();
|
||||
$requireFields = array();
|
||||
$i=0;
|
||||
foreach($user as $key=>$value){
|
||||
if(in_array($key, ['name','sex','email','phone','address','sfz','birthday','avatar','realname'])&&($value==null||$value==''||$value=='null')){
|
||||
array_push($requireFields,$key);
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
if($i>0){
|
||||
return view('account/extend', ['userid'=>$user->ID,'username'=>$user->name,'requireFields'=>$requireFields]);
|
||||
}else{
|
||||
$session->set('ACCOUNT_ve', 1);
|
||||
$session->forget(['ACCOUNT_CALLBACK_rd']);
|
||||
return redirect($rd);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
public function view(Request $request)
|
||||
{
|
||||
return view('index/view', ['name' => 'webman']);
|
||||
}
|
||||
|
||||
public function json(Request $request)
|
||||
{
|
||||
return json(['code' => 0, 'msg' => 'ok']);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -18,7 +18,8 @@ class LayAuth
|
||||
}
|
||||
$app=$appquery->first();
|
||||
$provider= Db::table('Provider')->where('ID', $app->provider)->first();
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider]);
|
||||
$redirecturl='https://'.getenv('weburl').'/auth/lay/'.$appid.'/callback';
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'redirecturl'=>$redirecturl]);
|
||||
|
||||
}
|
||||
|
||||
@@ -30,11 +31,12 @@ class LayAuth
|
||||
}
|
||||
$app=$appquery->first();
|
||||
$provider= Db::table('Provider')->where('ID', $app->provider)->first();
|
||||
$redirecturl='https://'.getenv('weburl').'/auth/lay/'.$appid.'/callback';
|
||||
switch ($gateway) {
|
||||
case "qywx":
|
||||
$code = $request->input('code','null');
|
||||
if($code=='null'){
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'special'=>'登陆信息无效']);
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'special'=>'登陆信息无效','redirecturl'=>$redirecturl]);
|
||||
}
|
||||
$tokenfile=base_path().'/token/qywx/innerQYWX.token';
|
||||
if(file_exists($tokenfile)){
|
||||
@@ -59,7 +61,7 @@ class LayAuth
|
||||
}
|
||||
$lookup= Http::get('https://qyapi.weixin.qq.com/cgi-bin/auth/getuserinfo?access_token='.$fulltoken.'&code='.$code)->json();
|
||||
if($lookup->errcode!=0){
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'special'=>'登陆信息无效']);
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'special'=>'登陆信息无效','redirecturl'=>$redirecturl]);
|
||||
}else{
|
||||
$userid=$lookup->userid;
|
||||
$userinfo=Http::get('https://qyapi.weixin.qq.com/cgi-bin/user/get?access_token='.$fulltoken.'&userid='.$userid)->json();
|
||||
@@ -74,10 +76,10 @@ class LayAuth
|
||||
}
|
||||
break;
|
||||
default:
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'special'=>'验证方式无效或不存在']);
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'special'=>'验证方式无效或不存在','redirecturl'=>$redirecturl]);
|
||||
}
|
||||
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'special'=>'验证方式无效或不存在']);
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'special'=>'验证方式无效或不存在','redirecturl'=>$redirecturl]);
|
||||
}
|
||||
|
||||
public function check(Request $request,$appid)
|
||||
|
||||
@@ -25,9 +25,76 @@ class OAuth
|
||||
if($redirect=='null'){
|
||||
$redirect=$app->redirect;
|
||||
}
|
||||
return redirect($redirect.'?code=123456&state='.$request->get('state',''));
|
||||
$scope=$request->get('scope','openid');
|
||||
$scope=explode("+",$scope);
|
||||
$allow_scope=json_decode($app->scope,true);
|
||||
$scope=array_intersect($scope,$allow_scope);
|
||||
$session = $request->session();
|
||||
$session->set($appid.'_oauth_redirect', $redirect);
|
||||
$session->set($appid.'_oauth_scope', $scope);
|
||||
|
||||
$redirecturl='https://'.getenv('weburl').'/auth/oauth/back/'.$appid;
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'redirecturl'=>$redirecturl]);
|
||||
|
||||
#return redirect($redirect.'?code=123456&state='.$request->get('state',''));
|
||||
#return view('auth', ['app'=>$app,'provider'=>$provider]);
|
||||
}
|
||||
public function callback(Request $request,$appid,$gateway)
|
||||
{
|
||||
$appquery= Db::table('App')->where('oauthid', $appid);
|
||||
if($appquery->doesntExist()){
|
||||
return view('404');
|
||||
}
|
||||
$app=$appquery->first();
|
||||
$provider= Db::table('Provider')->where('ID', $app->provider)->first();
|
||||
$redirecturl='https://'.getenv('weburl').'/auth/oauth/back/'.$appid;
|
||||
|
||||
switch ($gateway) {
|
||||
case "qywx":
|
||||
$code = $request->input('code','null');
|
||||
if($code=='null'){
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'special'=>'登陆信息无效','redirecturl'=>$redirecturl]);
|
||||
}
|
||||
$tokenfile=base_path().'/token/qywx/innerQYWX.token';
|
||||
if(file_exists($tokenfile)){
|
||||
$tokencontent=json_decode(file_get_contents($tokenfile));
|
||||
$fulltoken=$tokencontent->token;
|
||||
$ddl=$tokencontent->ddl;
|
||||
if($ddl-time()<180){
|
||||
$reapply=true;
|
||||
}else{
|
||||
$reapply=false;
|
||||
}
|
||||
}else{
|
||||
$reapply=true;
|
||||
}
|
||||
if($reapply==true){
|
||||
$apply=$response = Http::get('https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid='.getenv('appid').'&corpsecret='.getenv('token'))->json();
|
||||
$fulltoken=$apply->access_token;
|
||||
$ddl=time()+$apply->expires_in;
|
||||
$file=fopen($tokenfile,"w");
|
||||
fwrite($file, json_encode(array('token'=>$fulltoken,'ddl'=>$ddl)));
|
||||
fclose($file);
|
||||
}
|
||||
$lookup= Http::get('https://qyapi.weixin.qq.com/cgi-bin/auth/getuserinfo?access_token='.$fulltoken.'&code='.$code)->json();
|
||||
if($lookup->errcode!=0){
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'special'=>'登陆信息无效','redirecturl'=>$redirecturl]);
|
||||
}
|
||||
$userid=$lookup->userid;
|
||||
$userinfo=Http::get('https://qyapi.weixin.qq.com/cgi-bin/user/get?access_token='.$fulltoken.'&userid='.$userid)->json();
|
||||
$username=$userinfo->name;
|
||||
$userposition=$userinfo->position;
|
||||
$WT=json_encode(['id'=>$userid,'name'=>$username,'position'=>$userposition,'time'=>time()]);
|
||||
$key = getenv('aeskey');
|
||||
$iv = getenv('aesiv');
|
||||
$WT = encryptAES($WT, $key, $iv);
|
||||
$dest=$app->redirect;
|
||||
return view('success', ['app'=>$app,'provider'=>$provider,'dest'=>$dest,'userinfo'=>$userinfo])->cookie('WT', $WT,time()+9600,'/','.laysense.cn');
|
||||
break;
|
||||
default:
|
||||
return view('auth', ['app'=>$app,'provider'=>$provider,'special'=>'验证方式无效或不存在','redirecturl'=>$redirecturl]);
|
||||
}
|
||||
}
|
||||
|
||||
public function configfile(Request $request)
|
||||
{
|
||||
@@ -40,11 +107,11 @@ class OAuth
|
||||
"response_types_supported" => ["code"],
|
||||
"subject_types_supported" => ["public"],
|
||||
"id_token_signing_alg_values_supported" => ["RS256"],
|
||||
"scopes_supported" => ["openid", "profile", "email", "phone"],
|
||||
"scopes_supported" => ["openid", "profile", "email", "phone", "avatar","basic","detail","everything"],
|
||||
"token_endpoint_auth_methods_supported" => ["client_secret_basic"],
|
||||
"claims_supported" => ["sub", "iss", "name", "email", "phone"],
|
||||
"claims_supported" => ["sub", "iss", "name", "email", "phone","LaysenseRole","avatar","phone","address","age","sex","birthday"],
|
||||
"code_challenge_methods_supported" => ["plain", "S256"],
|
||||
"grant_types_supported" => ["authorization_code", "refresh_token"],
|
||||
"grant_types_supported" => ["authorization_code"],
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -58,7 +125,6 @@ class OAuth
|
||||
'iat' => time(),
|
||||
'nbf' => time()+7200,
|
||||
'exp' => time()+7200,
|
||||
'LaysenseRole' => 'Member',
|
||||
];
|
||||
$jwt = JWT::encode($payload, $key, 'HS256');
|
||||
|
||||
@@ -78,6 +144,7 @@ class OAuth
|
||||
{
|
||||
return json([
|
||||
"sub" => 'ywnsya',
|
||||
'iss' => 'https://auth.laysense.cn/',
|
||||
"name" => 'LaySense',
|
||||
"email" => 'ywnsya@126.com',
|
||||
"phone" => '18018526850',
|
||||
|
||||
@@ -0,0 +1,151 @@
|
||||
<?php
|
||||
|
||||
namespace app\controller;
|
||||
|
||||
use support\Request;
|
||||
use Ramsey\Uuid\Uuid;
|
||||
use support\Redis;
|
||||
use support\Db;
|
||||
use tekintian\TekinQR;
|
||||
use yzh52521\EasyHttp\Http;
|
||||
use yzh52521\EasyHttp\Response;
|
||||
use yzh52521\EasyHttp\RequestException;
|
||||
|
||||
class QywxOauth
|
||||
{
|
||||
public function index(Request $request)
|
||||
{
|
||||
$rd=$request->input('rd','null');
|
||||
$sum=$request->input('sum','null');
|
||||
|
||||
if($rd=='null'||$sum=='null'||$sum!=md5($rd.getenv('aeskey'))){
|
||||
return view('404');
|
||||
}
|
||||
$session = $request->session();
|
||||
$session->set('QYWX_OAUTH_rd', $rd);
|
||||
$app=$request->header('X-Requested-With','null');
|
||||
if($app=='com.tencent.wework'){
|
||||
$redirecturl='https://'.getenv('weburl').'/qywxoauth/info';
|
||||
$url="https://open.weixin.qq.com/connect/oauth2/authorize?appid=".getenv('appid')."&redirect_uri=".$redirecturl."&response_type=code&scope=snsapi_privateinfo&state=STATE&agentid=".getenv('agentid')."#wechat_redirect";
|
||||
return redirect($url);
|
||||
}
|
||||
$uuid = Uuid::uuid7()->toString();
|
||||
Redis::set($uuid, 'null');
|
||||
Redis::expire($uuid, 300);
|
||||
|
||||
$redirecturl='https://'.getenv('weburl').'/qywxoauth/answer/'.$uuid;
|
||||
$url="https://open.weixin.qq.com/connect/oauth2/authorize?appid=".getenv('appid')."&redirect_uri=".$redirecturl."&response_type=code&scope=snsapi_privateinfo&state=STATE&agentid=".getenv('agentid')."#wechat_redirect";
|
||||
$qr = TekinQR::getQRImg($url, 10, base_path().'/public/qywx.png', 1);
|
||||
|
||||
return view('qywx/wait', ['url'=>$url,'uuid'=>$uuid,'qr'=>$qr,'to'=>'https://'.getenv('weburl').'/qywxoauth/info']);
|
||||
}
|
||||
|
||||
public function answer(Request $request,$uuid)
|
||||
{
|
||||
if($uuid=='null'||!Uuid::isValid($uuid)){
|
||||
return view('404');
|
||||
}
|
||||
if(!Redis::exists($uuid)){
|
||||
return view('qywx/expire');
|
||||
}
|
||||
$code=$request->input('code','null');
|
||||
if($code=='null'){
|
||||
return view('404');
|
||||
}
|
||||
Redis::set($uuid, $code);
|
||||
Redis::expire($uuid, 10);
|
||||
|
||||
return view('qywx/success');
|
||||
}
|
||||
|
||||
public function ask(Request $request,$uuid)
|
||||
{
|
||||
if($uuid=='null'||!Uuid::isValid($uuid)){
|
||||
return json(['code' => 501, 'msg' => 'invaild uuid']);
|
||||
}
|
||||
if(!Redis::exists($uuid)){
|
||||
return json(['code' => 500, 'msg' => 'UUID expired']);
|
||||
}
|
||||
for($i=0;$i<150;$i++){
|
||||
if(!Redis::exists($uuid)){
|
||||
return json(['code' => 500, 'msg' => 'UUID expired']);
|
||||
}
|
||||
if(Redis::get($uuid)!='null'){
|
||||
return json(['code' => 200, 'msg' => 'ok','rcode'=>Redis::get($uuid)]);
|
||||
break;
|
||||
}
|
||||
sleep(2);
|
||||
}
|
||||
return json(['code' => 503, 'msg' => 'TimeOut']);
|
||||
/**
|
||||
$code=Redis::get($uuid);
|
||||
if($code=='null'){
|
||||
return json(['code' => 201, 'msg' => 'wait for answer']);
|
||||
}
|
||||
return json(['code' => 200, 'msg' => 'ok','code'=>$code]);
|
||||
**/
|
||||
}
|
||||
public function info(Request $request)
|
||||
{
|
||||
$code=$request->input('code','null');
|
||||
if($code=='null'){
|
||||
return view('404');
|
||||
}
|
||||
$tokenfile=base_path().'/token/qywx/innerQYWX.token';
|
||||
if(file_exists($tokenfile)){
|
||||
$tokencontent=json_decode(file_get_contents($tokenfile));
|
||||
$fulltoken=$tokencontent->token;
|
||||
$ddl=$tokencontent->ddl;
|
||||
if($ddl-time()<180){
|
||||
$reapply=true;
|
||||
}else{
|
||||
$reapply=false;
|
||||
}
|
||||
}else{
|
||||
$reapply=true;
|
||||
}
|
||||
if($reapply==true){
|
||||
$apply=$response = Http::get('https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid='.getenv('appid').'&corpsecret='.getenv('token'))->json();
|
||||
$fulltoken=$apply->access_token;
|
||||
$ddl=time()+$apply->expires_in;
|
||||
$file=fopen($tokenfile,"w");
|
||||
fwrite($file, json_encode(array('token'=>$fulltoken,'ddl'=>$ddl)));
|
||||
fclose($file);
|
||||
}
|
||||
$lookup= Http::get('https://qyapi.weixin.qq.com/cgi-bin/auth/getuserinfo?access_token='.$fulltoken.'&code='.$code)->json();
|
||||
if($lookup->errcode!=0){
|
||||
return view('404');
|
||||
}
|
||||
$userid=$lookup->userid;
|
||||
$usertoken=$lookup->user_ticket;
|
||||
$userinfo=Http::asJson()->post('https://qyapi.weixin.qq.com/cgi-bin/auth/getuserdetail?access_token='.$fulltoken,['user_ticket' => "$usertoken"])->json();
|
||||
$userbasic=Http::get('https://qyapi.weixin.qq.com/cgi-bin/user/get?access_token='.$fulltoken.'&userid='.$userid)->json();
|
||||
if($userinfo->errcode!=0 || $userbasic->errcode!=0){
|
||||
return view('404');
|
||||
}
|
||||
$userinfo->name=$userbasic->name;
|
||||
$userinfo->postion=$userbasic->position;
|
||||
$userinfo->id=$userinfo->userid;
|
||||
if($userinfo->email==''||$userinfo->biz_mail==''){
|
||||
$mail=$userinfo->email.$userinfo->biz_mail;
|
||||
$userinfo->email=$mail;
|
||||
$userinfo->biz_mail=$mail;
|
||||
}
|
||||
Db::table('User')
|
||||
->updateOrInsert(
|
||||
['ID' => $userid.'@laysense'],
|
||||
['public' => 0,'name' => $userinfo->name,'sex'=>$userinfo->gender,'position' => $userinfo->postion,'avatar' => $userinfo->avatar,'email' => $userinfo->email,'phone' => $userinfo->mobile,'biz_mail'=>$userinfo->biz_mail,'address'=>$userinfo->address,'role'=>1]
|
||||
);
|
||||
$session = $request->session();
|
||||
$rd=$session->get('QYWX_OAUTH_rd','null');
|
||||
if($rd=='null'){
|
||||
return view('404');
|
||||
}
|
||||
$sum=md5($rd.$userid.'@laysense'.getenv('aeskey'));
|
||||
$session->forget(['QYWX_OAUTH_rd']);
|
||||
|
||||
|
||||
return redirect('/account/loginCallback?rd='.$rd.'&sum='.$sum.'&id='.$userid.'@laysense');
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user