diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php index fabc5c7..e501f04 100644 --- a/app/Http/Controllers/AuthController.php +++ b/app/Http/Controllers/AuthController.php @@ -16,6 +16,7 @@ use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Hash; +use Illuminate\Support\Facades\Redis; class AuthController extends Controller { @@ -38,6 +39,17 @@ class AuthController extends Controller // 用户存在,验证密码 if (Hash::check($password, $user->password)) { // Bcrypt 验证通过 + + // 检测是否被封禁 (管理员豁免:假设大于等于 15 为系统管理/总管) + if ($user->user_level < 15) { + if ($user->user_level < 0) { + return response()->json(['status' => 'error', 'message' => '您的账号已被管理员封禁,无法登录。'], 403); + } + if (Redis::sismember('banned_ips', $ip)) { + return response()->json(['status' => 'error', 'message' => '您所在的 IP 地址已被管理员封禁,限制访问。'], 403); + } + } + $this->performLogin($user, $ip); return response()->json(['status' => 'success', 'message' => '登录成功']); @@ -49,6 +61,16 @@ class AuthController extends Controller $user->password = Hash::make($password); $user->save(); + // 检测是否被封禁 (管理员豁免) + if ($user->user_level < 15) { + if ($user->user_level < 0) { + return response()->json(['status' => 'error', 'message' => '您的账号已被管理员封禁,无法登录。'], 403); + } + if (Redis::sismember('banned_ips', $ip)) { + return response()->json(['status' => 'error', 'message' => '您所在的 IP 地址已被管理员封禁,限制访问。'], 403); + } + } + $this->performLogin($user, $ip); return response()->json(['status' => 'success', 'message' => '登录成功,且安全策略已自动升级']); @@ -69,6 +91,11 @@ class AuthController extends Controller $sex = 0; } + // 新注册用户:只检测 IP 封禁 (新号不存在账号封禁) + if (Redis::sismember('banned_ips', $ip)) { + return response()->json(['status' => 'error', 'message' => '您所在的 IP 地址已被管理员封禁,禁止注册新账号。'], 403); + } + $newUser = User::create([ 'username' => $username, 'password' => Hash::make($password),