增加 物联设备
This commit is contained in:
parent
80c0059d3a
commit
1cf94e215b
@ -1,11 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Application;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class AuthController extends Controller
|
||||
{
|
||||
//
|
||||
}
|
||||
146
app/Http/Controllers/Application/MqttAuthController.php
Normal file
146
app/Http/Controllers/Application/MqttAuthController.php
Normal file
@ -0,0 +1,146 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Application;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\Module;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
||||
class MqttAuthController extends Controller
|
||||
{
|
||||
//
|
||||
|
||||
public function authentication(Request $request)
|
||||
{
|
||||
//
|
||||
$client_id = $request->input('client_id');
|
||||
$username = $request->input('username');
|
||||
$password = $request->input('password');
|
||||
|
||||
|
||||
// 分割 username
|
||||
$usernames = explode('.', $username);
|
||||
|
||||
$module_id = $usernames[0] ?? null;
|
||||
$device_id = $usernames[1] ?? null;
|
||||
|
||||
|
||||
$module = Module::where('id', $module_id)->first();
|
||||
|
||||
if (!$module) {
|
||||
return $this->ignore();
|
||||
}
|
||||
|
||||
// 如果没有设置 device_id,那么就是模块自己的连接
|
||||
if (!$device_id) {
|
||||
// 让 api_token 可见
|
||||
$module->makeVisible('api_token');
|
||||
|
||||
// 比较 api_token
|
||||
if ($module->api_token == $password) {
|
||||
return $this->allow();
|
||||
} else {
|
||||
return $this->deny();
|
||||
}
|
||||
} else {
|
||||
// 如果设置了 device_id,那么就是设备的连接
|
||||
|
||||
// 此时,我们得联系模块,让模块去验证设备。
|
||||
|
||||
$response = $module->baseRequest('post', 'mqtt/authentication', [
|
||||
'client_id' => $client_id,
|
||||
'device_id' => $device_id,
|
||||
'password' => $password,
|
||||
]);
|
||||
|
||||
if ($response['status'] === 200) {
|
||||
return $this->allow();
|
||||
} else {
|
||||
return $this->deny();
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
public function authorization(Request $request)
|
||||
{
|
||||
// 禁止订阅保留的
|
||||
if ($request->input('topic') == '$SYS/#') {
|
||||
return $this->deny();
|
||||
}
|
||||
|
||||
$action = $request->input('action');
|
||||
$client_id = $request->input('client_id');
|
||||
$username = $request->input('username');
|
||||
$topic = $request->input('topic');
|
||||
|
||||
// 使用 / 分割 topic
|
||||
$topics = explode('/', $topic);
|
||||
|
||||
$usernames = explode('.', $username);
|
||||
|
||||
$module_id = $usernames[0] ?? null;
|
||||
$device_id = $usernames[1] ?? null;
|
||||
|
||||
$module = Module::where('id', $module_id)->first();
|
||||
|
||||
if (!$module) {
|
||||
// 不属于我们管理,跳过。
|
||||
// Log::debug('不属于我们管理,跳过。');
|
||||
return $this->ignore();
|
||||
}
|
||||
|
||||
|
||||
// 设备只能在自己的模块下发布消息
|
||||
if ($action == 'publish') {
|
||||
if ($topics[0] !== $module_id) {
|
||||
// Log::debug('设备只能在自己的模块下发布消息');
|
||||
return $this->deny();
|
||||
}
|
||||
}
|
||||
|
||||
if (count($usernames) === 1) {
|
||||
// 是模块自己的连接
|
||||
return $this->allow();
|
||||
}
|
||||
|
||||
// Log::debug('联系模块。');
|
||||
|
||||
// 联系模块,让模块去验证设备授权。
|
||||
$response = $module->baseRequest('post', 'mqtt/authorization', [
|
||||
'client_id' => $client_id,
|
||||
'device_id' => $device_id,
|
||||
'type' => $action,
|
||||
'topic' => $topic,
|
||||
]);
|
||||
|
||||
if ($response['status'] === 200) {
|
||||
return $this->allow();
|
||||
} else {
|
||||
return $this->deny();
|
||||
}
|
||||
}
|
||||
|
||||
private function deny()
|
||||
{
|
||||
return response([
|
||||
'result' => 'deny',
|
||||
], 200);
|
||||
}
|
||||
|
||||
private function ignore()
|
||||
{
|
||||
return response([
|
||||
'result' => 'ignore',
|
||||
], 200);
|
||||
}
|
||||
|
||||
private function allow()
|
||||
{
|
||||
return response([
|
||||
'result' => 'allow',
|
||||
'is_superuser' => false,
|
||||
], 200);
|
||||
}
|
||||
}
|
||||
@ -4,8 +4,8 @@
|
||||
|
||||
use GeneaLabs\LaravelModelCaching\Traits\Cachable;
|
||||
use GuzzleHttp\Exception\ConnectException;
|
||||
use Illuminate\Http\Client\Response;
|
||||
use Illuminate\Foundation\Auth\User as Authenticatable;
|
||||
use Illuminate\Http\Client\Response;
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
use Illuminate\Support\Facades\Http;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
@ -102,22 +102,27 @@ public function remote($func, $requests): array
|
||||
|
||||
public function request($method, $path, $requests): array
|
||||
{
|
||||
$user = auth()->user();
|
||||
return $this->baseRequest($method, "functions/{$path}", $requests);
|
||||
}
|
||||
|
||||
public function baseRequest($method, $path, $requests): array
|
||||
{
|
||||
$user = auth('sanctum')->user();
|
||||
|
||||
$http = Http::module($this->api_token, $this->url);
|
||||
|
||||
$http->withHeaders([
|
||||
'X-User-id' => $user->id,
|
||||
]);
|
||||
|
||||
$requests['user_id'] = $user->id;
|
||||
|
||||
if ($method == 'post') {
|
||||
// add user to requests
|
||||
$requests['user'] = $user;
|
||||
if ($user) {
|
||||
$http->withHeaders([
|
||||
'X-User-id' => $user->id,
|
||||
]);
|
||||
$requests['user_id'] = $user->id;
|
||||
if ($method == 'post') {
|
||||
// add user to requests
|
||||
$requests['user'] = $user;
|
||||
}
|
||||
}
|
||||
|
||||
$response = $http->{$method}("functions/{$path}", $requests);
|
||||
$response = $http->{$method}($path, $requests);
|
||||
|
||||
return $this->getResponse($response);
|
||||
}
|
||||
|
||||
@ -1,3 +1,8 @@
|
||||
<?php
|
||||
|
||||
// Route::post('')
|
||||
use App\Http\Controllers\Application\MqttAuthController;
|
||||
|
||||
// 登录
|
||||
Route::post('mqtt/authentication', [MqttAuthController::class, 'authentication'])->name('mqtt.authentication');
|
||||
// 授权
|
||||
Route::post('mqtt/authorization', [MqttAuthController::class, 'authorization'])->name('mqtt.authorization');
|
||||
|
||||
Loading…
Reference in New Issue
Block a user