mirrors/buildadmin
1
0
Fork 0
mirror of https://gitee.com/wonderful-code/buildadmin synced 2024-11-22 15:24:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
085ac9c626
buildadmin/app/common/event/Security.php
妙码生花 01e9fb6ae3 refactor:优化细节、完善类型定义
2023-06-26 02:36:53 +08:00

134 lines
5.2 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
namespace app\common\event;
use Throwable;
use think\Request;
use think\facade\Db;
use think\facade\Log;
use app\admin\library\Auth;
use app\admin\model\SensitiveDataLog;
use app\admin\model\DataRecycle;
use app\admin\model\DataRecycleLog;
use app\admin\model\SensitiveData;
class Security
{
protected array $listenAction = ['edit', 'del'];
public function handle(Request $request): bool
{
$action = $request->action(true);
if (!in_array($action, $this->listenAction) || (!$request->isPost() && !$request->isDelete())) {
return true;
}
if ($action == 'del') {
$dataIds = $request->param('ids');
try {
$recycle = DataRecycle::where('status', '1')
->where('controller_as', $request->controllerPath)
->find();
if (!$recycle) {
return true;
}
$recycleData = Db::name($recycle['data_table'])
->whereIn($recycle['primary_key'], $dataIds)
->select()
->toArray();
$recycleDataArr = [];
$auth = Auth::instance();
$adminId = $auth->isLogin() ? $auth->id : 0;
foreach ($recycleData as $recycleDatum) {
$recycleDataArr[] = [
'admin_id' => $adminId,
'recycle_id' => $recycle['id'],
'data' => json_encode($recycleDatum, JSON_UNESCAPED_UNICODE),
'data_table' => $recycle['data_table'],
'primary_key' => $recycle['primary_key'],
'ip' => $request->ip(),
'useragent' => substr($request->server('HTTP_USER_AGENT'), 0, 255),
];
}
if (!$recycleDataArr) {
return true;
}
// saveAll 方法自带事务
$dataRecycleLogModel = new DataRecycleLog;
if (!$dataRecycleLogModel->saveAll($recycleDataArr)) {
Log::record('[ DataSecurity ] Failed to recycle data:' . var_export($recycleDataArr, true), 'warning');
}
} catch (Throwable $e) {
Log::record('[ DataSecurity ]' . $e->getMessage(), 'warning');
}
return true;
}
try {
$sensitiveData = SensitiveData::where('status', '1')
->where('controller_as', $request->controllerPath)
->find();
if (!$sensitiveData) {
return true;
}
$sensitiveData = $sensitiveData->toArray();
$dataId = $request->param('id');
$editData = Db::name($sensitiveData['data_table'])
->field(array_keys($sensitiveData['data_fields']))
->where($sensitiveData['primary_key'], $dataId)
->find();
if (!$editData) {
return true;
}
$auth = Auth::instance();
$adminId = $auth->isLogin() ? $auth->id : 0;
$newData = $request->post();
foreach ($sensitiveData['data_fields'] as $field => $title) {
if (isset($editData[$field]) && isset($newData[$field]) && $editData[$field] != $newData[$field]) {
/*
* 其他跳过规则可添加至此处
* 1. 如果字段名中包含 password修改值为空则忽略修改值不为空则密码记录为 ******
*/
if (stripos('password', $field) !== false) {
if (!$newData[$field]) {
continue;
} else {
$newData[$field] = "******";
}
}
$sensitiveDataLog[] = [
'admin_id' => $adminId,
'sensitive_id' => $sensitiveData['id'],
'data_table' => $sensitiveData['data_table'],
'primary_key' => $sensitiveData['primary_key'],
'data_field' => $field,
'data_comment' => $title,
'id_value' => $dataId,
'before' => $editData[$field],
'after' => $newData[$field],
'ip' => $request->ip(),
'useragent' => substr($request->server('HTTP_USER_AGENT'), 0, 255),
];
}
}
if (!isset($sensitiveDataLog) || !$sensitiveDataLog) {
return true;
}
$sensitiveDataLogModel = new SensitiveDataLog;
if (!$sensitiveDataLogModel->saveAll($sensitiveDataLog)) {
Log::record('[ DataSecurity ] Sensitive data recording failed:' . var_export($sensitiveDataLog, true), 'warning');
}
} catch (Throwable $e) {
Log::record('[ DataSecurity ]' . $e->getMessage(), 'warning');
}
return true;
}
}
Reference in New Issue View Git Blame Copy Permalink