sileya-ai
/
vr-shopxo-plugin
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity

fix: api auth - getUserId uses UserTokenData (DB fallback) + user_info cookie decode, removes broken JWT parseToken

feat/phase-b-verification
Council 2026-04-24 13:07:09 +08:00
parent f422ffcebb
commit b27467035c
1 changed files with 65 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
shopxo/app/plugins/vr_ticket/api/Ticket.php
View File

@ -3,7 +3,7 @@
* VR票务插件 - C端票夹API控制器 * VR票务插件 - C端票夹API控制器
* *
* 路由机制PluginsService::PluginsApiCall: * 路由机制PluginsService::PluginsApiCall:
* URL: ?s=api/plugins/index&pluginsname=vr_ticket&pluginscontrol=ticket&pluginsaction=list * URL: /api.php?s=plugins/index&pluginsname=vr_ticket&pluginscontrol=ticket&pluginsaction=list
* pluginsname=vr_ticket, pluginscontrol=ticket, pluginsaction=list * pluginsname=vr_ticket, pluginscontrol=ticket, pluginsaction=list
* class = \app\plugins\vr_ticket\api\Ticket (ucfirst('ticket') = 'Ticket') * class = \app\plugins\vr_ticket\api\Ticket (ucfirst('ticket') = 'Ticket')
* method = ucfirst('list') = 'list' * method = ucfirst('list') = 'list'
@ -21,67 +21,54 @@ use app\plugins\vr_ticket\service\WalletService;
*/ */
class Ticket class Ticket
{ {
/**
* 获取当前登录用户ID
*
* ShopXO 使用 X-Token Authorization
* @return int|null
*/
private static function getUserId() private static function getUserId()
{ {
// 方式1从 header 获取(推荐 // 方式1X-Token / Authorization headerJS 发送方式)
$token = request()->header('X-Token') ?: request()->header('Authorization', ''); $token = request()->header('X-Token') ?: request()->header('Authorization', '');
if (!empty($token)) { if (!empty($token)) {
$token = str_replace('Bearer ', '', $token); $token = trim(str_replace('Bearer ', '', $token));
$user = self::parseToken($token); }
if (!empty($user['id'])) {
if (!empty($token)) {
// 优先用 vrt_user_platform.token 查 DBApp 登录场景)
$user = \app\service\UserService::UserTokenData($token);
if (!empty($user) && !empty($user['id'])) {
return intval($user['id']); return intval($user['id']);
} }
// 如果没查到,说明是 web 登录 token存在 user_info cookie 里,不在 vrt_user_platform
// 尝试从 user_info cookie 直接解码cookie 内容 = 用户 JSON
$userInfoCookie = request()->cookie('user_info');
if (!empty($userInfoCookie)) {
$decoded = urldecode($userInfoCookie);
$userData = json_decode($decoded, true);
if (!empty($userData) && !empty($userData['id'])) {
return intval($userData['id']);
}
}
} }
// 方式2从 session 获取 // 方式2ShopXO 标准方式session / cookie适用于页面直接访问场景
$userId = session('user_id'); $user = \app\service\UserService::LoginUserInfo();
if (!empty($userId)) { if (!empty($user) && !empty($user['id'])) {
return intval($userId); return intval($user['id']);
} }
return null; return null;
} }
/**
* 解析 TokenJWT格式
*
* @param string $token
* @return array
*/
private static function parseToken(string $token): array
{
$parts = explode('.', $token);
if (count($parts) !== 3) {
return [];
}
$payload = base64_decode(strtr($parts[1], '-_', '+/'));
if ($payload === false) {
return [];
}
$data = json_decode($payload, true);
return is_array($data) ? $data : [];
}
/** /**
* 返回未登录错误 * 返回未登录错误
* *
* @return Json * @return Json
*/ */
private static function unauthorized(string $msg = '请先登录'): Json private static function unauthorized(string $msg = '请先登录')
{ {
return json([ return [
'code' => 401, 'code' => 401,
'msg' => $msg, 'msg' => $msg,
'data' => [], 'data' => [],
]); ];
} }
/** /**
@ -91,13 +78,13 @@ class Ticket
* @param string $msg * @param string $msg
* @return Json * @return Json
*/ */
private static function success($data = [], string $msg = 'success'): Json private static function success($data = [], string $msg = 'success')
{ {
return json([ return [
'code' => 0, 'code' => 0,
'msg' => $msg, 'msg' => $msg,
'data' => $data, 'data' => $data,
]); ];
} }
/** /**
@ -107,23 +94,49 @@ class Ticket
* @param int $code * @param int $code
* @return Json * @return Json
*/ */
private static function error(string $msg = '请求失败', int $code = -1): Json private static function error(string $msg = '请求失败', int $code = -1)
{ {
return json([ return [
'code' => $code, 'code' => $code,
'msg' => $msg, 'msg' => $msg,
'data' => [], 'data' => [],
]); ];
} }
/** /**
* 获取用户票列表 * 获取用户票列表
* *
* GET ?s=api/plugins/index&pluginsname=vr_ticket&pluginscontrol=ticket&pluginsaction=list * GET /api.php?s=plugins/index&pluginsname=vr_ticket&pluginscontrol=ticket&pluginsaction=list
* *
* @return Json * @return Json
*/ */
public function list(): Json public function list()
{
$userId = self::getUserId();
if (empty($userId)) {
return self::unauthorized();
}
try {
$tickets = WalletService::getUserTickets($userId);
return self::success([
'tickets' => $tickets,
'count' => count($tickets),
]);
} catch (\Exception $e) {
return self::error('获取票列表失败: ' . $e->getMessage());
}
}
/**
* 获取用户票列表tickets 别名,兼容文档格式)
*
* GET /api.php?s=plugins/index&pluginsname=vr_ticket&pluginscontrol=ticket&pluginsaction=tickets
*
* @return Json
*/
public function tickets()
{ {
$userId = self::getUserId(); $userId = self::getUserId();
if (empty($userId)) { if (empty($userId)) {
@ -145,11 +158,11 @@ class Ticket
/** /**
* 获取票详情(含 QR payload * 获取票详情(含 QR payload
* *
* GET ?s=api/plugins/index&pluginsname=vr_ticket&pluginscontrol=ticket&pluginsaction=detail&id=X * GET /api.php?s=plugins/index&pluginsname=vr_ticket&pluginscontrol=ticket&pluginsaction=detail&id=X
* *
* @return Json * @return Json
*/ */
public function detail(): Json public function detail()
{ {
$userId = self::getUserId(); $userId = self::getUserId();
if (empty($userId)) { if (empty($userId)) {
@ -179,11 +192,11 @@ class Ticket
/** /**
* 强制刷新 QR payload * 强制刷新 QR payload
* *
* GET ?s=api/plugins/index&pluginsname=vr_ticket&pluginscontrol=ticket&pluginsaction=refreshQr&id=X * GET /api.php?s=plugins/index&pluginsname=vr_ticket&pluginscontrol=ticket&pluginsaction=refreshQr&id=X
* *
* @return Json * @return Json
*/ */
public function refreshQr(): Json public function refreshQr()
{ {
$userId = self::getUserId(); $userId = self::getUserId();
if (empty($userId)) { if (empty($userId)) {