From 3925ecaeb210c0c4802ce717da33f4580c93d41d Mon Sep 17 00:00:00 2001
From: lkddi <lkddi@163.com>
Date: Fri, 27 Feb 2026 09:30:14 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=BC=BA=EF=BC=9A=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E5=A2=9E=E5=8A=A0=E5=B0=81=E5=8F=B7=E5=92=8C?=
 =?UTF-8?q?=E5=B0=81IP=E6=8B=A6=E6=88=AA=E6=A3=80=E6=B5=8B=EF=BC=8C?=
 =?UTF-8?q?=E5=B9=B6=E4=B8=BA=E7=AE=A1=E7=90=86=E5=91=98=E6=8F=90=E4=BE=9B?=
 =?UTF-8?q?=E5=BC=BA=E7=99=BB=E8=B1=81=E5=85=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Controllers/AuthController.php | 27 +++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
index fabc5c7..e501f04 100644
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -16,6 +16,7 @@ use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Redis;
 
 class AuthController extends Controller
 {
@@ -38,6 +39,17 @@ class AuthController extends Controller
             // 用户存在，验证密码
             if (Hash::check($password, $user->password)) {
                 // Bcrypt 验证通过
+
+                // 检测是否被封禁 (管理员豁免：假设大于等于 15 为系统管理/总管)
+                if ($user->user_level < 15) {
+                    if ($user->user_level < 0) {
+                        return response()->json(['status' => 'error', 'message' => '您的账号已被管理员封禁，无法登录。'], 403);
+                    }
+                    if (Redis::sismember('banned_ips', $ip)) {
+                        return response()->json(['status' => 'error', 'message' => '您所在的 IP 地址已被管理员封禁，限制访问。'], 403);
+                    }
+                }
+
                 $this->performLogin($user, $ip);
 
                 return response()->json(['status' => 'success', 'message' => '登录成功']);
@@ -49,6 +61,16 @@ class AuthController extends Controller
                 $user->password = Hash::make($password);
                 $user->save();
 
+                // 检测是否被封禁 (管理员豁免)
+                if ($user->user_level < 15) {
+                    if ($user->user_level < 0) {
+                        return response()->json(['status' => 'error', 'message' => '您的账号已被管理员封禁，无法登录。'], 403);
+                    }
+                    if (Redis::sismember('banned_ips', $ip)) {
+                        return response()->json(['status' => 'error', 'message' => '您所在的 IP 地址已被管理员封禁，限制访问。'], 403);
+                    }
+                }
+
                 $this->performLogin($user, $ip);
 
                 return response()->json(['status' => 'success', 'message' => '登录成功，且安全策略已自动升级']);
@@ -69,6 +91,11 @@ class AuthController extends Controller
             $sex = 0;
         }
 
+        // 新注册用户：只检测 IP 封禁 (新号不存在账号封禁)
+        if (Redis::sismember('banned_ips', $ip)) {
+            return response()->json(['status' => 'error', 'message' => '您所在的 IP 地址已被管理员封禁，禁止注册新账号。'], 403);
+        }
+
         $newUser = User::create([
             'username' => $username,
             'password' => Hash::make($password),