refactor(middleware): split V2 server middleware to drop node_type
This commit is contained in:
xboard
@@ -77,6 +77,7 @@ class Kernel extends HttpKernel
|
||||
'staff' => \App\Http\Middleware\Staff::class,
|
||||
'log' => \App\Http\Middleware\RequestLog::class,
|
||||
'server' => \App\Http\Middleware\Server::class,
|
||||
'server.v2' => \App\Http\Middleware\ServerV2::class,
|
||||
'abilities' => \Laravel\Sanctum\Http\Middleware\CheckAbilities::class,
|
||||
'ability' => \Laravel\Sanctum\Http\Middleware\CheckForAnyAbility::class,
|
||||
];
|
||||
|
||||
@@ -4,29 +4,16 @@ namespace App\Http\Middleware;
|
||||
|
||||
use App\Exceptions\ApiException;
|
||||
use App\Models\Server as ServerModel;
|
||||
use App\Models\ServerMachine;
|
||||
use App\Services\ServerService;
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
/**
|
||||
* @deprecated use {@see ServerV2}
|
||||
*/
|
||||
class Server
|
||||
{
|
||||
public function handle(Request $request, Closure $next, ?string $nodeType = null)
|
||||
{
|
||||
// 优先尝试 machine token 认证,兜底走旧的 server token 认证
|
||||
if ($request->filled('machine_id')) {
|
||||
$this->authenticateByMachine($request, $nodeType);
|
||||
} else {
|
||||
$this->authenticateByServerToken($request, $nodeType);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* 旧模式:全局 server_token + node_id
|
||||
*/
|
||||
private function authenticateByServerToken(Request $request, ?string $nodeType): void
|
||||
{
|
||||
$request->validate([
|
||||
'token' => [
|
||||
@@ -64,55 +51,7 @@ class Server
|
||||
}
|
||||
|
||||
$request->attributes->set('node_info', $serverInfo);
|
||||
}
|
||||
|
||||
/**
|
||||
* 新模式:machine_id + machine token + node_id
|
||||
*
|
||||
* machine 认证后,node_id 必须属于该 machine 下的已启用节点。
|
||||
* 下游控制器拿到的 node_info 与旧模式完全一致。
|
||||
*/
|
||||
private function authenticateByMachine(Request $request, ?string $nodeType): void
|
||||
{
|
||||
$isHandshake = $request->is('*/server/handshake') || $request->is('api/v2/server/handshake');
|
||||
|
||||
$request->validate([
|
||||
'machine_id' => 'required|integer',
|
||||
'token' => 'required|string',
|
||||
'node_id' => $isHandshake ? 'nullable|integer' : 'required|integer',
|
||||
]);
|
||||
|
||||
$machine = ServerMachine::where('id', $request->input('machine_id'))
|
||||
->where('token', $request->input('token'))
|
||||
->first();
|
||||
|
||||
if (!$machine) {
|
||||
throw new ApiException('Machine not found or invalid token', 401);
|
||||
}
|
||||
|
||||
if (!$machine->is_active) {
|
||||
throw new ApiException('Machine is disabled', 403);
|
||||
}
|
||||
|
||||
$nodeId = (int) $request->input('node_id');
|
||||
$serverInfo = null;
|
||||
|
||||
if ($nodeId > 0) {
|
||||
$serverInfo = ServerModel::where('id', $nodeId)
|
||||
->where('machine_id', $machine->id)
|
||||
->where('enabled', true)
|
||||
->first();
|
||||
|
||||
if (!$serverInfo) {
|
||||
throw new ApiException('Node not found on this machine');
|
||||
}
|
||||
|
||||
$request->attributes->set('node_info', $serverInfo);
|
||||
}
|
||||
|
||||
// 更新机器心跳
|
||||
$machine->forceFill(['last_seen_at' => now()->timestamp])->saveQuietly();
|
||||
|
||||
$request->attributes->set('machine_info', $machine);
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,97 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Exceptions\ApiException;
|
||||
use App\Models\Server as ServerModel;
|
||||
use App\Models\ServerMachine;
|
||||
use App\Services\ServerService;
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
/**
|
||||
* V2 server middleware: machine-token or server-token auth, no node_type.
|
||||
*/
|
||||
class ServerV2
|
||||
{
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
if ($request->filled('machine_id')) {
|
||||
$this->authenticateByMachine($request);
|
||||
} else {
|
||||
$this->authenticateByServerToken($request);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
private function authenticateByServerToken(Request $request): void
|
||||
{
|
||||
$isHandshake = $request->is('*/server/handshake') || $request->is('api/v2/server/handshake');
|
||||
|
||||
$request->validate([
|
||||
'token' => [
|
||||
'string', 'required',
|
||||
function ($attribute, $value, $fail) {
|
||||
if ($value !== admin_setting('server_token')) {
|
||||
$fail("Invalid {$attribute}");
|
||||
}
|
||||
},
|
||||
],
|
||||
'node_id' => $isHandshake ? 'nullable' : 'required',
|
||||
]);
|
||||
|
||||
$nodeId = $request->input('node_id');
|
||||
if ($nodeId === null || $nodeId === '') {
|
||||
return;
|
||||
}
|
||||
|
||||
$serverInfo = ServerService::getServer($nodeId);
|
||||
if (!$serverInfo) {
|
||||
throw new ApiException('Server does not exist');
|
||||
}
|
||||
|
||||
$request->attributes->set('node_info', $serverInfo);
|
||||
}
|
||||
|
||||
private function authenticateByMachine(Request $request): void
|
||||
{
|
||||
$isHandshake = $request->is('*/server/handshake') || $request->is('api/v2/server/handshake');
|
||||
|
||||
$request->validate([
|
||||
'machine_id' => 'required|integer',
|
||||
'token' => 'required|string',
|
||||
'node_id' => $isHandshake ? 'nullable|integer' : 'required|integer',
|
||||
]);
|
||||
|
||||
$machine = ServerMachine::where('id', $request->input('machine_id'))
|
||||
->where('token', $request->input('token'))
|
||||
->first();
|
||||
|
||||
if (!$machine) {
|
||||
throw new ApiException('Machine not found or invalid token', 401);
|
||||
}
|
||||
|
||||
if (!$machine->is_active) {
|
||||
throw new ApiException('Machine is disabled', 403);
|
||||
}
|
||||
|
||||
$nodeId = (int) $request->input('node_id');
|
||||
if ($nodeId > 0) {
|
||||
$serverInfo = ServerModel::where('id', $nodeId)
|
||||
->where('machine_id', $machine->id)
|
||||
->where('enabled', true)
|
||||
->first();
|
||||
|
||||
if (!$serverInfo) {
|
||||
throw new ApiException('Node not found on this machine');
|
||||
}
|
||||
|
||||
$request->attributes->set('node_info', $serverInfo);
|
||||
}
|
||||
|
||||
$machine->forceFill(['last_seen_at' => now()->timestamp])->saveQuietly();
|
||||
|
||||
$request->attributes->set('machine_info', $machine);
|
||||
}
|
||||
}
|
||||
@@ -14,7 +14,7 @@ class ServerRoute
|
||||
{
|
||||
$router->group([
|
||||
'prefix' => 'server',
|
||||
'middleware' => 'server'
|
||||
'middleware' => 'server.v2'
|
||||
], function ($route) {
|
||||
$route->match(['GET', 'POST'], 'handshake', [ServerController::class, 'handshake']);
|
||||
$route->post('report', [ServerController::class, 'report']);
|
||||
|
||||
Reference in New Issue
Block a user