76147bae94
一切皆为插件的开发者工具运行时框架
🧩 核心特性:
- 插件热插拔 (importlib 动态加载)
- 依赖自动解析 (拓扑排序 + 循环检测)
- 企业级稳定 (熔断/降级/重试/隔离)
- 事件驱动 (发布/订阅事件总线)
- 完整配置 (YAML 配置 + 热重载)
287 lines
8.6 KiB
PHP
287 lines
8.6 KiB
PHP
<?php
|
|
/**
|
|
* OSS Community 认证 API
|
|
* 处理登录和注册请求
|
|
*/
|
|
|
|
session_start();
|
|
require_once __DIR__ . '/../includes/Database.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
// 获取操作类型
|
|
$action = $_GET['action'] ?? '';
|
|
|
|
// check 和 logout 允许 GET 请求,其他只允许 POST
|
|
if (in_array($action, ['check', 'logout', 'current-user']) && $_SERVER['REQUEST_METHOD'] === 'GET') {
|
|
// 允许 GET
|
|
} elseif ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
http_response_code(405);
|
|
echo json_encode(['success' => false, 'message' => '请求方法不允许']);
|
|
exit;
|
|
}
|
|
|
|
if ($action === 'login') {
|
|
handleLogin();
|
|
} elseif ($action === 'register') {
|
|
handleRegister();
|
|
} elseif ($action === 'logout') {
|
|
handleLogout();
|
|
} elseif ($action === 'check') {
|
|
handleCheck();
|
|
} elseif ($action === 'my-post-count') {
|
|
handleMyPostCount();
|
|
} elseif ($action === 'current-user') {
|
|
handleCurrentUser();
|
|
} else {
|
|
http_response_code(400);
|
|
echo json_encode(['success' => false, 'message' => '无效的操作类型']);
|
|
}
|
|
|
|
/**
|
|
* 处理登录
|
|
*/
|
|
function handleLogin() {
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
|
|
if (empty($input['username']) || empty($input['password'])) {
|
|
echo json_encode(['success' => false, 'message' => '用户名和密码不能为空']);
|
|
return;
|
|
}
|
|
|
|
$username = trim($input['username']);
|
|
$password = $input['password'];
|
|
$remember = $input['remember'] ?? false;
|
|
|
|
try {
|
|
$db = Database::getInstance();
|
|
|
|
// 查询用户(支持用户名或邮箱登录)
|
|
$user = $db->fetchOne(
|
|
"SELECT id, username, email, password_hash, role, avatar FROM users WHERE username = ? OR email = ?",
|
|
[$username, $username]
|
|
);
|
|
|
|
if (!$user) {
|
|
echo json_encode(['success' => false, 'message' => '用户名或密码错误']);
|
|
return;
|
|
}
|
|
|
|
// 验证密码
|
|
if (!password_verify($password, $user['password_hash'])) {
|
|
echo json_encode(['success' => false, 'message' => '用户名或密码错误']);
|
|
return;
|
|
}
|
|
|
|
// 设置 session
|
|
$_SESSION['user_id'] = $user['id'];
|
|
$_SESSION['username'] = $user['username'];
|
|
$_SESSION['role'] = $user['role'];
|
|
$_SESSION['avatar'] = $user['avatar'];
|
|
|
|
// 如果勾选记住我,设置更长的 session 生命周期
|
|
if ($remember) {
|
|
ini_set('session.gc_maxlifetime', 30 * 24 * 60 * 60); // 30天
|
|
session_set_cookie_params(30 * 24 * 60 * 60);
|
|
}
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'message' => '登录成功',
|
|
'user' => [
|
|
'id' => $user['id'],
|
|
'username' => $user['username'],
|
|
'role' => $user['role'],
|
|
'avatar' => $user['avatar']
|
|
]
|
|
]);
|
|
} catch (Exception $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'message' => '服务器错误:' . $e->getMessage()]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* 处理注册
|
|
*/
|
|
function handleRegister() {
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
|
|
if (empty($input['username']) || empty($input['email']) || empty($input['password'])) {
|
|
echo json_encode(['success' => false, 'message' => '所有字段都不能为空']);
|
|
return;
|
|
}
|
|
|
|
$username = trim($input['username']);
|
|
$email = trim($input['email']);
|
|
$password = $input['password'];
|
|
|
|
// 验证用户名格式
|
|
if (!preg_match('/^[a-zA-Z0-9_]{3,50}$/', $username)) {
|
|
echo json_encode(['success' => false, 'message' => '用户名只能包含字母、数字和下划线,长度 3-50 个字符']);
|
|
return;
|
|
}
|
|
|
|
// 验证邮箱格式
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
echo json_encode(['success' => false, 'message' => '邮箱格式不正确']);
|
|
return;
|
|
}
|
|
|
|
// 验证密码长度
|
|
if (strlen($password) < 6) {
|
|
echo json_encode(['success' => false, 'message' => '密码长度至少 6 个字符']);
|
|
return;
|
|
}
|
|
|
|
try {
|
|
$db = Database::getInstance();
|
|
|
|
// 检查用户名是否已存在
|
|
$existingUser = $db->fetchOne("SELECT id FROM users WHERE username = ?", [$username]);
|
|
if ($existingUser) {
|
|
echo json_encode(['success' => false, 'message' => '用户名已被使用']);
|
|
return;
|
|
}
|
|
|
|
// 检查邮箱是否已存在
|
|
$existingEmail = $db->fetchOne("SELECT id FROM users WHERE email = ?", [$email]);
|
|
if ($existingEmail) {
|
|
echo json_encode(['success' => false, 'message' => '邮箱已被注册']);
|
|
return;
|
|
}
|
|
|
|
// 密码哈希
|
|
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
|
|
|
|
// 插入新用户
|
|
$db->query(
|
|
"INSERT INTO users (username, email, password_hash, role) VALUES (?, ?, ?, 'member')",
|
|
[$username, $email, $passwordHash]
|
|
);
|
|
|
|
$userId = $db->lastInsertId();
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'message' => '注册成功',
|
|
'user' => [
|
|
'id' => $userId,
|
|
'username' => $username,
|
|
'role' => 'member'
|
|
]
|
|
]);
|
|
} catch (Exception $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'message' => '服务器错误:' . $e->getMessage()]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* 处理登出
|
|
*/
|
|
function handleLogout() {
|
|
session_destroy();
|
|
echo json_encode(['success' => true, 'message' => '已成功退出']);
|
|
}
|
|
|
|
/**
|
|
* 检查登录状态
|
|
*/
|
|
function handleCheck() {
|
|
if (isset($_SESSION['user_id'])) {
|
|
echo json_encode([
|
|
'success' => true,
|
|
'logged_in' => true,
|
|
'user' => [
|
|
'id' => $_SESSION['user_id'],
|
|
'username' => $_SESSION['username'],
|
|
'role' => $_SESSION['role'] ?? 'member',
|
|
'avatar' => $_SESSION['avatar'] ?? ''
|
|
]
|
|
]);
|
|
} else {
|
|
echo json_encode([
|
|
'success' => true,
|
|
'logged_in' => false
|
|
]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* 获取用户文章数量
|
|
*/
|
|
function handleMyPostCount() {
|
|
if (!isset($_SESSION['user_id'])) {
|
|
echo json_encode(['success' => false, 'message' => '未登录']);
|
|
return;
|
|
}
|
|
|
|
try {
|
|
$db = Database::getInstance();
|
|
$count = $db->fetchOne(
|
|
"SELECT COUNT(*) as count FROM posts WHERE user_id = ?",
|
|
[$_SESSION['user_id']]
|
|
)['count'];
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'count' => (int)$count
|
|
]);
|
|
} catch (Exception $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'message' => '服务器错误:' . $e->getMessage()]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* 获取当前登录用户信息(用于轮询)
|
|
*/
|
|
function handleCurrentUser() {
|
|
if (!isset($_SESSION['user_id'])) {
|
|
echo json_encode(['success' => false, 'message' => '未登录']);
|
|
return;
|
|
}
|
|
|
|
try {
|
|
$db = Database::getInstance();
|
|
$user = $db->fetchOne(
|
|
"SELECT id, username, email, avatar, role, title, bio, created_at FROM users WHERE id = ?",
|
|
[$_SESSION['user_id']]
|
|
);
|
|
|
|
if (!$user) {
|
|
echo json_encode(['success' => false, 'message' => '用户不存在']);
|
|
return;
|
|
}
|
|
|
|
// 获取统计数据
|
|
$stats = $db->fetchOne(
|
|
"SELECT
|
|
(SELECT COUNT(*) FROM posts WHERE user_id = ?) as post_count,
|
|
(SELECT COUNT(*) FROM replies WHERE user_id = ?) as reply_count",
|
|
[$user['id'], $user['id']]
|
|
);
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'user' => $user,
|
|
'stats' => [
|
|
'post_count' => (int)$stats['post_count'],
|
|
'reply_count' => (int)$stats['reply_count']
|
|
],
|
|
'permissions' => [
|
|
'can_manage_users' => in_array($user['role'], ['admin']),
|
|
'can_manage_posts' => in_array($user['role'], ['admin', 'moderator']),
|
|
'can_pin_posts' => in_array($user['role'], ['admin', 'moderator']),
|
|
'can_lock_posts' => in_array($user['role'], ['admin', 'moderator']),
|
|
'can_delete_any_post' => in_array($user['role'], ['admin']),
|
|
'can_manage_titles' => in_array($user['role'], ['admin'])
|
|
]
|
|
]);
|
|
} catch (Exception $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'message' => '服务器错误:' . $e->getMessage()]);
|
|
}
|
|
}
|