From e06c590496815e503eb6e7d94bc91f733346fa67 Mon Sep 17 00:00:00 2001
From: Jing Li <lym125@gmail.com>
Date: Sun, 3 Apr 2022 14:42:43 +0800
Subject: [PATCH] =?UTF-8?q?=E8=B4=A6=E5=8F=B7=E7=8A=B6=E6=80=81=E6=A3=80?=
 =?UTF-8?q?=E6=9F=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Http/Controllers/Auth/LoginController.php |  2 ++
 .../Api/Http/Middleware/CheckUserStatus.php   | 25 +++++++++++++++++++
 app/Endpoint/Api/routes.php                   |  5 +++-
 app/Models/User.php                           | 14 +++++++++++
 4 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 app/Endpoint/Api/Http/Middleware/CheckUserStatus.php

diff --git a/app/Endpoint/Api/Http/Controllers/Auth/LoginController.php b/app/Endpoint/Api/Http/Controllers/Auth/LoginController.php
index b26e995e..e4b63c4b 100644
--- a/app/Endpoint/Api/Http/Controllers/Auth/LoginController.php
+++ b/app/Endpoint/Api/Http/Controllers/Auth/LoginController.php
@@ -38,6 +38,8 @@ class LoginController extends Controller
 
         $user = $this->{$method}($request);
 
+        $user->checkStatus();
+
         if ($type === 'password') {
             if ($user->old_password) {
                 $user->password = $request->input('password');
diff --git a/app/Endpoint/Api/Http/Middleware/CheckUserStatus.php b/app/Endpoint/Api/Http/Middleware/CheckUserStatus.php
new file mode 100644
index 00000000..017ad02f
--- /dev/null
+++ b/app/Endpoint/Api/Http/Middleware/CheckUserStatus.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Endpoint\Api\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class CheckUserStatus
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        if ($user = $request->user()) {
+            $user->checkStatus();
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Endpoint/Api/routes.php b/app/Endpoint/Api/routes.php
index c4b351f4..ebb68180 100644
--- a/app/Endpoint/Api/routes.php
+++ b/app/Endpoint/Api/routes.php
@@ -96,7 +96,10 @@ Route::group([
         Route::post('unbind-user/{provider}', [Auth\SocialiteAuthController::class, 'unbindUser']);
     });
 
-    Route::middleware(['auth:api'])->group(function () {
+    Route::middleware([
+        'auth:api',
+        \App\Endpoint\Api\Http\Middleware\CheckUserStatus::class,
+    ])->group(function () {
         // 我的信息
         Route::get('me', [UserController::class, 'show']);
         Route::put('me', [UserController::class, 'update']);
diff --git a/app/Models/User.php b/app/Models/User.php
index 4e481af9..c99f856e 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -2,6 +2,7 @@
 
 namespace App\Models;
 
+use App\Exceptions\BizException;
 use Dcat\Admin\Traits\HasDateTimeFormatter;
 use Illuminate\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
@@ -523,4 +524,17 @@ class User extends Model implements AuthorizableContract, AuthenticatableContrac
 
         return $user;
     }
+
+    public function checkStatus()
+    {
+        if (in_array($this->status, [static::STATUS_ACTIVE, static::STATUS_INACTIVATED])) {
+            return;
+        } elseif ($this->status === static::STATUS_FROZEN) {
+            abort(403, '账号已冻结');
+        } elseif ($this->status === static::STATUS_DISABLED) {
+            abort(403, '账号已禁用');
+        }
+
+        abort(403, '账号状态异常');
+    }
 }