From 2d663eebcbd1efbe136c15c7b1c60a684ef932a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=85=94=E5=A7=AC=E6=A1=91?= <monkeyblacktech97@gmail.com>
Date: Tue, 12 Jan 2021 14:36:36 +0800
Subject: [PATCH] =?UTF-8?q?Fix=20=E7=AE=A1=E7=90=86=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?=E9=A1=B5=E9=9D=A2=E5=A4=9A=E9=87=8D=E8=BD=AC=E8=B7=B3=E8=A1=8C?=
 =?UTF-8?q?=E4=B8=BA=E5=8F=8A=E9=A1=B5=E9=9D=A2=E7=AE=A1=E5=88=B6=E5=BE=AE?=
 =?UTF-8?q?=E5=8A=A0=E5=BC=BA=EF=BC=9B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

只有有权限者才能使用管理登录页面真正登录！
---
 app/Http/Controllers/AuthController.php | 10 ++++++++-
 app/Http/Kernel.php                     |  3 +--
 app/Http/Middleware/isAdminLogin.php    | 27 -------------------------
 app/Http/Middleware/isLogin.php         |  4 ++++
 routes/web.php                          |  5 +++--
 5 files changed, 17 insertions(+), 32 deletions(-)
 delete mode 100644 app/Http/Middleware/isAdminLogin.php

diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
index 90b0ea9e..89ff2a8d 100644
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -41,7 +41,7 @@ class AuthController extends Controller
     {
         // 根据权限跳转
         if (Auth::check()) {
-            if (Auth::getUser()->hasPermissionTo('admin.index') || Auth::getUser()->hasRole('Super Admin')) {
+            if (Auth::getUser()->can('admin.index')) {
                 return Redirect::route('admin.index');
             }
 
@@ -75,6 +75,14 @@ class AuthController extends Controller
             return Redirect::back()->withInput()->withErrors(trans('auth.error.login_error'));
         }
 
+        if ($request->routeIs('admin.login.post') && $user->cannot('admin.index')) {
+            // 管理页面登录
+            // 非权限者清场
+            Auth::logout();
+
+            return Redirect::route('login');
+        }
+
         // 校验普通用户账号状态
         if ($user->status === -1) {
             Auth::logout(); // 强制销毁会话，因为Auth::attempt的时候会产生会话
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 6353996d..bacb4df1 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -6,7 +6,6 @@ use App\Http\Middleware\Affiliate;
 use App\Http\Middleware\Authenticate;
 use App\Http\Middleware\CheckForMaintenanceMode;
 use App\Http\Middleware\EncryptCookies;
-use App\Http\Middleware\isAdminLogin;
 use App\Http\Middleware\isForbidden;
 use App\Http\Middleware\isLogin;
 use App\Http\Middleware\isMaintenance;
@@ -78,7 +77,7 @@ class Kernel extends HttpKernel
 
         'admin' => [
             isForbidden::class,
-            isAdminLogin::class,
+            isLogin::class,
             Permission::class,
         ],
 
diff --git a/app/Http/Middleware/isAdminLogin.php b/app/Http/Middleware/isAdminLogin.php
deleted file mode 100644
index f5d05080..00000000
--- a/app/Http/Middleware/isAdminLogin.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use Closure;
-use Illuminate\Http\Request;
-use Redirect;
-
-class isAdminLogin
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @param  Request  $request
-     * @param  Closure  $next
-     *
-     * @return mixed
-     */
-    public function handle(Request $request, Closure $next)
-    {
-        if (auth()->guest()) {
-            return Redirect::route('admin.login');
-        }
-
-        return $next($request);
-    }
-}
diff --git a/app/Http/Middleware/isLogin.php b/app/Http/Middleware/isLogin.php
index 3d69e4d2..47963ae5 100644
--- a/app/Http/Middleware/isLogin.php
+++ b/app/Http/Middleware/isLogin.php
@@ -19,6 +19,10 @@ class isLogin
     public function handle(Request $request, Closure $next)
     {
         if (auth()->guest()) {
+            if ($request->routeIs('admin.*')) {
+                return Redirect::route('admin.login');
+            }
+
             return Redirect::route('login');
         }
 
diff --git a/routes/web.php b/routes/web.php
index f247a20d..fb068280 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -13,7 +13,7 @@ Route::get('callback/checkout', 'Gateway\PayPal@getCheckout')->name('paypal.chec
 // 登录相关
 Route::middleware(['isForbidden', 'affiliate', 'isMaintenance'])->group(function () {
     Route::get('lang/{locale}', 'AuthController@switchLang')->name('lang'); // 语言切换
-    Route::get('login', 'AuthController@showLoginForm')->middleware('isSecurity')->name('login'); // 登录
+    Route::get('login', 'AuthController@showLoginForm')->middleware('isSecurity')->name('login'); // 登录页面
     Route::post('login', 'AuthController@login')->middleware('isSecurity'); // 登录
     Route::get('logout', 'AuthController@logout')->name('logout'); // 退出
     Route::get('register', 'AuthController@showRegistrationForm')->name('register'); // 注册
@@ -28,4 +28,5 @@ Route::middleware(['isForbidden', 'affiliate', 'isMaintenance'])->group(function
     Route::get('create/uuid', '\Illuminate\Support\Str@uuid')->name('createUUID'); // 生成UUID
     Route::get('getPort', '\App\Components\Helpers@getPort')->name('getPort'); // 获取端口
 });
-Route::match(['get', 'post'], 'admin/login', 'AuthController@login')->name('admin.login')->middleware('isForbidden', 'isSecurity'); // 管理登录
+Route::get('admin/login', 'AuthController@showLoginForm')->name('admin.login')->middleware('isForbidden', 'isSecurity'); // 管理登录页面
+Route::post('admin/login', 'AuthController@login')->middleware('isSecurity')->name('admin.login.post'); // 管理登录