From 46bd26318675314ca7447cae16635af152744ce9 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Mon, 31 Aug 2020 14:28:57 +0800
Subject: [PATCH] 新增API基类Token验证 优化后台选项卡判断

---
 application/admin/command/Crud/stubs/html/heading-html.stub |  4 ++--
 application/common/controller/Api.php                       | 17 +++++++++++++++++
 application/common/controller/Backend.php                   |  2 +-
 application/common/controller/Frontend.php                  |  2 +-
 4 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/application/admin/command/Crud/stubs/html/heading-html.stub b/application/admin/command/Crud/stubs/html/heading-html.stub
index 354f6ae..9392c80 100644
--- a/application/admin/command/Crud/stubs/html/heading-html.stub
+++ b/application/admin/command/Crud/stubs/html/heading-html.stub
@@ -2,9 +2,9 @@
     <div class="panel-heading">
         {:build_heading(null,FALSE)}
         <ul class="nav nav-tabs" data-field="{%field%}">
-            <li class="{:input('get.{%field%}') ? '' : 'active'}"><a href="#t-all" data-value="" data-toggle="tab">{:__('All')}</a></li>
+            <li class="{:$Think.get.{%field%} === null ? 'active' : ''}"><a href="#t-all" data-value="" data-toggle="tab">{:__('All')}</a></li>
             {foreach name="{%fieldName%}List" item="vo"}
-            <li class="{:input('get.{%field%}') == $key ? 'active' : ''}"><a href="#t-{$key}" data-value="{$key}" data-toggle="tab">{$vo}</a></li>
+            <li class="{:$Think.get.{%field%} === (string)$key ? 'active' : ''}"><a href="#t-{$key}" data-value="{$key}" data-toggle="tab">{$vo}</a></li>
             {/foreach}
         </ul>
     </div>
diff --git a/application/common/controller/Api.php b/application/common/controller/Api.php
index 2867a5d..54cbcc0 100644
--- a/application/common/controller/Api.php
+++ b/application/common/controller/Api.php
@@ -12,6 +12,7 @@ use think\Loader;
 use think\Request;
 use think\Response;
 use think\Route;
+use think\Validate;
 
 /**
  * API控制器基类
@@ -304,4 +305,20 @@ class Api
 
         return true;
     }
+
+    /**
+     * 刷新Token
+     */
+    protected function token()
+    {
+        $token = $this->request->param('__token__');
+
+        //验证Token
+        if (!Validate::make()->check(['__token__' => $token], ['__token__' => 'require|token'])) {
+            $this->error(__('Token verification error'), ['__token__' => $this->request->token()]);
+        }
+
+        //刷新Token
+        $this->request->token();
+    }
 }
diff --git a/application/common/controller/Backend.php b/application/common/controller/Backend.php
index 6e3b4da..2f9ecf7 100644
--- a/application/common/controller/Backend.php
+++ b/application/common/controller/Backend.php
@@ -531,7 +531,7 @@ class Backend extends Controller
      */
     protected function token()
     {
-        $token = $this->request->post('__token__');
+        $token = $this->request->param('__token__');
 
         //验证Token
         if (!Validate::make()->check(['__token__' => $token], ['__token__' => 'require|token'])) {
diff --git a/application/common/controller/Frontend.php b/application/common/controller/Frontend.php
index 593e360..f76fda0 100644
--- a/application/common/controller/Frontend.php
+++ b/application/common/controller/Frontend.php
@@ -142,7 +142,7 @@ class Frontend extends Controller
      */
     protected function token()
     {
-        $token = $this->request->post('__token__');
+        $token = $this->request->param('__token__');
 
         //验证Token
         if (!Validate::make()->check(['__token__' => $token], ['__token__' => 'require|token'])) {
--
libgit2 0.24.0