firstOrFail(); // 隐藏关键信息，只返回公开资料 return response()->json([ 'status' => 'success', 'data' => [ 'username' => $user->username, 'sex' => $user->sex, 'headface' => $user->headface, 'usersf' => $user->usersf, 'user_level' => $user->user_level, 'exp_num' => $user->exp_num ?? 0, 'jjb' => $user->jjb ?? 0, 'qianming' => $user->qianming, 'sign' => $user->sign ?? '这个人很懒，什么都没留下。', 'created_at' => $user->created_at->format('Y-m-d'), ], ]); } /** * 修改个人资料 (对应 USERSET.ASP) */ public function updateProfile(UpdateProfileRequest $request): JsonResponse { $user = Auth::user(); $data = $request->validated(); $user->update($data); return response()->json(['status' => 'success', 'message' => '资料更新成功。']); } /** * 修改密码 (对应 chpasswd.asp) */ public function changePassword(ChangePasswordRequest $request): JsonResponse { $user = Auth::user(); $oldPasswordInput = $request->input('old_password'); // 双模式密码校验逻辑（沿用 AuthController 中策略） $isOldPasswordCorrect = false; // 优先验证 Bcrypt if (Hash::check($oldPasswordInput, $user->password)) { $isOldPasswordCorrect = true; } // 降级验证旧版 MD5 elseif (md5($oldPasswordInput) === $user->password) { $isOldPasswordCorrect = true; } if (! $isOldPasswordCorrect) { return response()->json(['status' => 'error', 'message' => '当前密码输入不正确。'], 422); } // 验证通过，覆盖为新的 Bcrypt 加密串 $user->password = Hash::make($request->input('new_password')); $user->save(); return response()->json(['status' => 'success', 'message' => '密码已成功修改。下次请使用新密码登录。']); } /** * 通用权限校验：检查操作者是否有权操作目标用户 * * @param object $operator 操作者 * @param string $targetUsername 目标用户名 * @param int $roomId 房间ID * @param string $levelKey sysparam中的等级键名（如 level_kick） * @param string $actionName 操作名称（用于错误提示） * @return array{room: Room, target: User}|JsonResponse */ private function checkPermission(object $operator, string $targetUsername, int $roomId, string $levelKey, string $actionName): array|JsonResponse { $room = Room::findOrFail($roomId); $requiredLevel = (int) Sysparam::getValue($levelKey, '15'); // 鉴权：操作者要是房间房主或达到所需等级 if ($room->master !== $operator->username && $operator->user_level < $requiredLevel) { return response()->json(['status' => 'error', 'message' => "权限不足（需要{$requiredLevel}级），无法执行{$actionName}操作。"], 403); } $targetUser = User::where('username', $targetUsername)->first(); if (! $targetUser) { return response()->json(['status' => 'error', 'message' => '目标用户不存在。'], 404); } // 防误伤：不能操作等级 >= 自己的人 if ($targetUser->user_level >= $operator->user_level) { return response()->json(['status' => 'error', 'message' => "权限不足，无法对同级或高级用户执行{$actionName}。"], 403); } return ['room' => $room, 'target' => $targetUser]; } /** * 踢出房间 (对应 KILLUSER.ASP) * 所需等级由 sysparam level_kick 配置 */ public function kick(Request $request, string $username): JsonResponse { $operator = Auth::user(); $roomId = $request->input('room_id'); if (! $roomId) { return response()->json(['status' => 'error', 'message' => '缺少房间参数。'], 422); } $result = $this->checkPermission($operator, $username, $roomId, 'level_kick', '踢出'); if ($result instanceof JsonResponse) { return $result; } // 广播踢出事件 broadcast(new UserKicked($roomId, $result['target']->username, "管理员 [{$operator->username}] 将 [{$result['target']->username}] 踢出了聊天室。")); return response()->json(['status' => 'success', 'message' => "已成功将 {$result['target']->username} 踢出房间。"]); } /** * 禁言 (对应原版限制功能) * 所需等级由 sysparam level_mute 配置 * 禁言信息存入 Redis，TTL 到期自动解除 */ public function mute(Request $request, string $username): JsonResponse { $operator = Auth::user(); $roomId = $request->input('room_id'); $duration = (int) $request->input('duration', 5); if (! $roomId) { return response()->json(['status' => 'error', 'message' => '缺少房间参数。'], 422); } $result = $this->checkPermission($operator, $username, $roomId, 'level_mute', '禁言'); if ($result instanceof JsonResponse) { return $result; } // 写入 Redis 禁言标记，TTL = 禁言分钟数 * 60 Redis::setex("mute:{$roomId}:{$username}", $duration * 60, json_encode([ 'operator' => $operator->username, 'reason' => '管理员禁言', 'until' => now()->addMinutes($duration)->toDateTimeString(), ])); // 广播禁言事件 broadcast(new UserMuted($roomId, $username, $duration)); return response()->json(['status' => 'success', 'message' => "已对 {$username} 实施禁言 {$duration} 分钟。"]); } /** * 封号（禁止登录） * 所需等级由 sysparam level_ban 配置 * 将用户等级设为 -1 表示封禁 */ public function ban(Request $request, string $username): JsonResponse { $operator = Auth::user(); $roomId = $request->input('room_id'); if (! $roomId) { return response()->json(['status' => 'error', 'message' => '缺少房间参数。'], 422); } $result = $this->checkPermission($operator, $username, $roomId, 'level_ban', '封号'); if ($result instanceof JsonResponse) { return $result; } // 封号：设置等级为 -1 $result['target']->user_level = -1; $result['target']->save(); // 踢出聊天室 broadcast(new UserKicked($roomId, $username, "管理员 [{$operator->username}] 已封禁用户 [{$username}] 的账号。")); return response()->json(['status' => 'success', 'message' => "用户 {$username} 已被封号。"]); } /** * 封IP（记录IP到黑名单并踢出） * 所需等级由 sysparam level_banip 配置 */ public function banIp(Request $request, string $username): JsonResponse { $operator = Auth::user(); $roomId = $request->input('room_id'); if (! $roomId) { return response()->json(['status' => 'error', 'message' => '缺少房间参数。'], 422); } $result = $this->checkPermission($operator, $username, $roomId, 'level_banip', '封IP'); if ($result instanceof JsonResponse) { return $result; } $targetIp = $result['target']->last_ip; if ($targetIp) { // 将IP加入 Redis 黑名单（永久） Redis::sadd('banned_ips', $targetIp); } // 同时封号 $result['target']->user_level = -1; $result['target']->save(); // 踢出聊天室 broadcast(new UserKicked($roomId, $username, "管理员 [{$operator->username}] 已封禁用户 [{$username}] 的IP地址。")); $ipInfo = $targetIp ? "（IP: {$targetIp}）" : '（未记录IP）'; return response()->json(['status' => 'success', 'message' => "用户 {$username} 已被封号并封IP{$ipInfo}。"]); } }