From 60bc23c3b882821a1637bb81859be8c16e38a350 Mon Sep 17 00:00:00 2001
From: Jing Li <lym125@gmail.com>
Date: Sun, 7 Apr 2024 12:53:45 +0800
Subject: [PATCH] =?UTF-8?q?[api]=20=E7=99=BB=E5=BD=95/=E7=99=BB=E5=87=BA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Exceptions/RuntimeException.php           | 28 ++++++++
 .../Api/Auth/AccessTokenController.php        | 68 +++++++++++++++++++
 app/Http/Controllers/Api/Controller.php       | 17 +++++
 app/Models/Employee.php                       | 15 +++-
 app/Providers/AppServiceProvider.php          |  1 +
 config/auth.php                               | 16 ++++-
 routes/api.php                                | 20 ++----
 7 files changed, 147 insertions(+), 18 deletions(-)
 create mode 100644 app/Exceptions/RuntimeException.php
 create mode 100644 app/Http/Controllers/Api/Auth/AccessTokenController.php
 create mode 100644 app/Http/Controllers/Api/Controller.php

diff --git a/app/Exceptions/RuntimeException.php b/app/Exceptions/RuntimeException.php
new file mode 100644
index 0000000..847a68d
--- /dev/null
+++ b/app/Exceptions/RuntimeException.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Exceptions;
+
+use Throwable;
+
+class RuntimeException extends \RuntimeException
+{
+    /**
+     * HTTP 响应状态码
+     */
+    protected $httpStatusCode = 400;
+
+    public function __construct(string $message = 'Bad request', int $code = 10000, ?Throwable $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+
+    public function getHttpStatusCode(): int
+    {
+        return $this->httpStatusCode;
+    }
+
+    public function setHttpStatusCode(int $httpStatusCode): void
+    {
+        $this->httpStatusCode = $httpStatusCode;
+    }
+}
diff --git a/app/Http/Controllers/Api/Auth/AccessTokenController.php b/app/Http/Controllers/Api/Auth/AccessTokenController.php
new file mode 100644
index 0000000..2924cb1
--- /dev/null
+++ b/app/Http/Controllers/Api/Auth/AccessTokenController.php
@@ -0,0 +1,68 @@
+<?php
+
+namespace App\Http\Controllers\Api\Auth;
+
+use App\Exceptions\RuntimeException;
+use App\Http\Controllers\Api\Controller;
+use App\Models\AdminUser;
+use App\Models\Employee;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Validation\ValidationException;
+
+class AccessTokenController extends Controller
+{
+    public function store(Request $request): array
+    {
+        $validated = $request->validate(
+            rules: [
+                'username' => ['bail', 'required'],
+                'password' => ['bail', 'required'],
+            ],
+            attributes: [
+                'username' => '账号',
+                'password' => '密码',
+            ],
+        );
+
+        $adminUser = AdminUser::where('username', $validated['username'])->first();
+
+        if (! Hash::check($validated['password'], (string) $adminUser?->password)) {
+            throw ValidationException::withMessages([
+                'username' => ['账号或密码错误'],
+            ]);
+        }
+
+        $employee = Employee::where('admin_user_id', $adminUser->id)->first();
+
+        if (is_null($employee)) {
+            throw new RuntimeException('员工未找到');
+        }
+
+        if ($employee->isResigned()) {
+            throw new RuntimeException('员工已离职');
+        }
+
+        $employee->tokens()->delete();
+
+        /** @var \Laravel\Sanctum\NewAccessToken */
+        $accessToken = $employee->createToken(
+            name: 'api',
+            expiresAt: now()->addDays(15),
+        );
+
+        return [
+            'token' => $accessToken->plainTextToken,
+        ];
+    }
+
+    public function destroy(Request $request)
+    {
+        /** @var Employee */
+        if ($employee = $this->guard()->user()) {
+            $employee->tokens()->delete();
+        }
+
+        return response()->noContent();
+    }
+}
diff --git a/app/Http/Controllers/Api/Controller.php b/app/Http/Controllers/Api/Controller.php
new file mode 100644
index 0000000..e7abfde
--- /dev/null
+++ b/app/Http/Controllers/Api/Controller.php
@@ -0,0 +1,17 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use Illuminate\Routing\Controller as BaseController;
+use Illuminate\Support\Facades\Auth;
+
+class Controller extends BaseController
+{
+    /**
+     * @return \Illuminate\Contracts\Auth\Guard|\Illuminate\Contracts\Auth\StatefulGuard
+     */
+    protected function guard()
+    {
+        return Auth::guard('api');
+    }
+}
diff --git a/app/Models/Employee.php b/app/Models/Employee.php
index ea04693..26fc542 100644
--- a/app/Models/Employee.php
+++ b/app/Models/Employee.php
@@ -6,16 +6,19 @@ use App\Admin\Filters\EmployeeFilter;
 use App\Enums\EmployeeStatus;
 use App\Traits\HasDateTimeFormatter;
 use EloquentFilter\Filterable;
+use Illuminate\Auth\Authenticatable;
+use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
 use Illuminate\Database\Eloquent\Casts\Attribute;
 use Illuminate\Database\Eloquent\Model;
+use Laravel\Sanctum\HasApiTokens;
 use Slowlyo\OwlAdmin\Models\AdminUser;
 
 /**
  * 员工
  */
-class Employee extends Model
+class Employee extends Model implements AuthenticatableContract
 {
-    use Filterable, HasDateTimeFormatter;
+    use Authenticatable, HasApiTokens, Filterable, HasDateTimeFormatter;
 
     const JOB_KEY = 'job';
 
@@ -76,6 +79,14 @@ class Employee extends Model
         return $q->where('employee_status', EmployeeStatus::Online);
     }
 
+    /**
+     * 确认当前员工是否已离职
+     */
+    public function isResigned(): bool
+    {
+        return $this->employee_status === EmployeeStatus::Offline;
+    }
+
     protected function employeeStatusText(): Attribute
     {
         return new Attribute(
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 9c5b897..136bbe5 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -31,6 +31,7 @@ class AppServiceProvider extends ServiceProvider
         Relation::enforceMorphMap(
             collect([
                 \App\Models\AdminUser::class,
+                \App\Models\Employee::class,
                 \App\Models\EmployeeSignRepair::class,
                 \App\Models\HolidayApply::class,
                 \App\Models\OvertimeApply::class,
diff --git a/config/auth.php b/config/auth.php
index 9548c15..d9511da 100644
--- a/config/auth.php
+++ b/config/auth.php
@@ -38,7 +38,12 @@ return [
     'guards' => [
         'web' => [
             'driver' => 'session',
-            'provider' => 'users',
+            'provider' => 'admin_users',
+        ],
+
+        'api' => [
+            'driver' => 'sanctum',
+            'provider' => 'employees',
         ],
     ],
 
@@ -60,9 +65,14 @@ return [
     */
 
     'providers' => [
-        'users' => [
+        'admin_users' => [
             'driver' => 'eloquent',
-            'model' => App\Models\User::class,
+            'model' => App\Models\AdminUser::class,
+        ],
+
+        'employees' => [
+            'driver' => 'eloquent',
+            'model' => App\Models\Employee::class,
         ],
 
         // 'users' => [
diff --git a/routes/api.php b/routes/api.php
index 889937e..2e51b40 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -1,19 +1,13 @@
 <?php
 
-use Illuminate\Http\Request;
+use App\Http\Controllers\Api\Auth\AccessTokenController;
 use Illuminate\Support\Facades\Route;
 
-/*
-|--------------------------------------------------------------------------
-| API Routes
-|--------------------------------------------------------------------------
-|
-| Here is where you can register API routes for your application. These
-| routes are loaded by the RouteServiceProvider and all of them will
-| be assigned to the "api" middleware group. Make something great!
-|
-*/
+Route::post('/auth/login', [AccessTokenController::class, 'store']);
+Route::delete('/auth/logout', [AccessTokenController::class, 'destroy']);
 
-Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
-    return $request->user();
+Route::group([
+    'middleware' => ['auth:api'],
+], function () {
+    //
 });