jlintw/llmbackend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix premission error

Browse source
This commit is contained in:
Jethro Lin 2024-12-04 12:47:30 +08:00
parent 0af7e10998
commit fdaccc918f
3 changed files with 30 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
app/Http/Middleware/AdminAuthenticate.php
View file

@ -4,6 +4,7 @@
namespace App\Http\Middleware; namespace App\Http\Middleware;
use App\Constants\ErrorCode;
use Closure; use Closure;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
@ -13,15 +14,24 @@ class AdminAuthenticate
{ {
public function handle(Request $request, Closure $next): Response public function handle(Request $request, Closure $next): Response
{ {
// 检查是否已登录
if (!Auth::guard('admin')->check()) { if (!Auth::guard('admin')->check()) {
return response()->json([ return response()->json([
'error' => 'unauthorized', 'error' => ErrorCode::UNAUTHORIZED,
'message' => '未授权,请先登录。', 'message' => '未授权,请先登录。',
], 401); ], Response::HTTP_UNAUTHORIZED);
} }
$admin = Auth::guard('admin')->user(); $admin = Auth::guard('admin')->user();
// 检查是否是管理员
if (!$admin || !in_array($admin->role, ['super', 'admin'])) {
return response()->json([
'error' => ErrorCode::FORBIDDEN,
'message' => '无权访问管理员资源。',
], Response::HTTP_FORBIDDEN);
}
// Add admin information to the request // Add admin information to the request
$request->merge(['admin' => $admin]); $request->merge(['admin' => $admin]);

17
app/Http/Middleware/ValidateAccessToken.php
View file

@ -4,6 +4,7 @@
namespace App\Http\Middleware; namespace App\Http\Middleware;
use App\Constants\ErrorCode;
use App\Services\Auth\TokenService; use App\Services\Auth\TokenService;
use Closure; use Closure;
use Illuminate\Http\Request; use Illuminate\Http\Request;
@ -17,22 +18,30 @@ public function __construct(
public function handle(Request $request, Closure $next): Response public function handle(Request $request, Closure $next): Response
{ {
// 禁止访问管理员路由
if (str_starts_with($request->path(), 'api/admin')) {
return response()->json([
'error' => ErrorCode::FORBIDDEN,
'message' => '客户用户无权访问管理员资源。',
], Response::HTTP_FORBIDDEN);
}
$bearerToken = $request->bearerToken(); $bearerToken = $request->bearerToken();
if (!$bearerToken) { if (!$bearerToken) {
return response()->json([ return response()->json([
'error' => 'unauthorized', 'error' => ErrorCode::UNAUTHORIZED,
'message' => '未授权,令牌无效或未提供。', 'message' => '未授权,令牌无效或未提供。',
], 401); ], Response::HTTP_UNAUTHORIZED);
} }
$tokenData = $this->tokenService->validateAccessToken($bearerToken); $tokenData = $this->tokenService->validateAccessToken($bearerToken);
if (!$tokenData) { if (!$tokenData) {
return response()->json([ return response()->json([
'error' => 'unauthorized', 'error' => ErrorCode::UNAUTHORIZED,
'message' => '访问令牌无效或已过期。', 'message' => '访问令牌无效或已过期。',
], 401); ], Response::HTTP_UNAUTHORIZED);
} }
// Add client information to the request for later use // Add client information to the request for later use

8
routes/api.php
View file

@ -15,11 +15,13 @@
Route::post('/llm/request', [LlmController::class, 'request']); Route::post('/llm/request', [LlmController::class, 'request']);
}); });
// Admin authentication routes // Admin routes
Route::middleware(['auth:sanctum', 'admin'])->prefix('admin')->group(function () { Route::prefix('admin')->group(function () {
// Admin auth routes (public)
Route::post('login', [AdminAuthController::class, 'login']); Route::post('login', [AdminAuthController::class, 'login']);
Route::middleware('auth.admin')->group(function () { // Protected admin routes
Route::middleware(['auth:sanctum', 'auth.admin'])->group(function () {
Route::post('logout', [AdminAuthController::class, 'logout']); Route::post('logout', [AdminAuthController::class, 'logout']);
Route::post('change-password', [AdminAuthController::class, 'changePassword']); Route::post('change-password', [AdminAuthController::class, 'changePassword']);