From f40c0ef6e7dcbfab0f6796ffbc79649d9a5c8715 Mon Sep 17 00:00:00 2001
From: wh <382379437@qq.com>
Date: Tue, 25 Mar 2025 13:47:17 +0800
Subject: [PATCH] update

---
 admin/application/admin/common.php            |  5 ++
 .../admin/controller/auth/Admin.php           |  7 ++
 .../admin/view/auth/admin/add.html            | 28 +++++++
 .../admin/view/auth/admin/edit.html           | 33 +++++++-
 admin/application/admin/view/firm/add.html    | 13 +--
 admin/application/admin/view/firm/edit.html   | 13 +--
 .../admin/view/firmcustomer/add.html          |  9 ++-
 .../admin/view/firmcustomer/edit.html         | 10 ++-
 .../api/controller/BaseApiAuthController.php  | 81 +++++++++++++++++++
 .../controller/BaseApiPublicController.php    | 17 ++++
 .../api/controller/Firmemployee.php           | 43 ++++++++++
 admin/application/api/logic/TokenLogic.php    |  3 +
 admin/application/common/model/ApiKey.php     | 24 ++++++
 .../common/service/AuthService.php            | 47 +++++++++++
 .../index/controller/Tasktimer.php            | 26 ++++++
 admin/public/assets/js/backend/auth/admin.js  |  1 +
 admin/public/assets/js/backend/firm.js        |  2 -
 .../api/middleware/AuthMiddleware.php         | 47 +++++++++++
 18 files changed, 377 insertions(+), 32 deletions(-)
 create mode 100644 admin/application/api/controller/BaseApiAuthController.php
 create mode 100644 admin/application/api/controller/BaseApiPublicController.php
 create mode 100644 admin/application/api/controller/Firmemployee.php
 create mode 100644 admin/application/common/model/ApiKey.php
 create mode 100644 admin/application/common/service/AuthService.php
 create mode 100644 admin/application/index/controller/Tasktimer.php
 create mode 100644 front/application/api/middleware/AuthMiddleware.php

diff --git a/admin/application/admin/common.php b/admin/application/admin/common.php
index 6645280..623e65c 100644
--- a/admin/application/admin/common.php
+++ b/admin/application/admin/common.php
@@ -10,6 +10,11 @@ if (!function_exists('build_select')) {
 
     /**
      * 生成下拉列表
+     *
+     * 示例：
+     * {:build_select('row[type]', $business_type, null, ['class'=>'form-control', 'required'=>''])}
+     *
+     * 从左到右 name,数组数据,是否选择,扩展数据(class或者验证等)
      * @param string $name
      * @param mixed $options
      * @param mixed $selected
diff --git a/admin/application/admin/controller/auth/Admin.php b/admin/application/admin/controller/auth/Admin.php
index 85f8fb4..b869ee1 100644
--- a/admin/application/admin/controller/auth/Admin.php
+++ b/admin/application/admin/controller/auth/Admin.php
@@ -4,6 +4,7 @@ namespace app\admin\controller\auth;
 
 use app\admin\model\AuthGroup;
 use app\admin\model\AuthGroupAccess;
+use app\api\logic\GewechatFriendsLogic;
 use app\common\controller\Backend;
 use fast\Random;
 use fast\Tree;
@@ -294,4 +295,10 @@ class Admin extends Backend
         $this->dataLimitField = 'id';
         return parent::selectpage();
     }
+
+    function getRelWxids(){
+        $friends = (new GewechatFriendsLogic())->getFriendDetailList();
+
+        return json(['data'=>$friends,'total'=>count($friends)]);
+    }
 }
diff --git a/admin/application/admin/view/auth/admin/add.html b/admin/application/admin/view/auth/admin/add.html
index 5a85e46..27df3fa 100644
--- a/admin/application/admin/view/auth/admin/add.html
+++ b/admin/application/admin/view/auth/admin/add.html
@@ -42,6 +42,26 @@
             {:build_radios('row[status]', ['normal'=>__('Normal'), 'hidden'=>__('Hidden')])}
         </div>
     </div>
+    <div class="form-group">
+        <label class="control-label col-xs-12 col-sm-2">{:__('关联微信')}:</label>
+        <div class="col-xs-12 col-sm-8">
+            <input id="c-rel_wxid" min="0" data-rule="required"
+                   data-source="Gewechatfriends/getFriendList" class="form-control selectpage"
+                   name="row[rel_wxid]" type="text" >
+        </div>
+    </div>
+    <div class="form-group">
+        <label class="control-label col-xs-12 col-sm-2">{:__('类型')}:</label>
+        <div class="col-xs-12 col-sm-8">
+            {:build_radios('row[employee_type]', ['1'=>'企业微信', '2'=>'个人微信'])}
+        </div>
+    </div>
+    <div class="form-group">
+        <label class="control-label col-xs-12 col-sm-2">{:__('角色')}:</label>
+        <div class="col-xs-12 col-sm-8">
+            {:build_radios('row[role]', ['admin'=>'系统管理员', 'firm'=>'企业员工'])}
+        </div>
+    </div>
 
     <div class="form-group">
         <label class="control-label col-xs-12 col-sm-2">{:__('选择企业')}:</label>
@@ -61,6 +81,14 @@
                    name="row[firmstore_id]" type="text" value="{:session_admin_firmstore_id()}">
         </div>
     </div>
+    <div class="form-group">
+        <label class="control-label col-xs-12 col-sm-2">{:__('职务')}:</label>
+        <div class="col-xs-12 col-sm-8">
+            <input id="c-firmduty_id" min="0" data-rule="required"
+                   data-source="firmduty/index" class="form-control selectpage"
+                   name="row[firmduty_id]" type="text" value="">
+        </div>
+    </div>
     <div class="form-group hidden layer-footer">
         <label class="control-label col-xs-12 col-sm-2"></label>
         <div class="col-xs-12 col-sm-8">
diff --git a/admin/application/admin/view/auth/admin/edit.html b/admin/application/admin/view/auth/admin/edit.html
index cea93c6..7573180 100644
--- a/admin/application/admin/view/auth/admin/edit.html
+++ b/admin/application/admin/view/auth/admin/edit.html
@@ -36,6 +36,26 @@
             <input type="password" class="form-control" id="password" name="row[password]" autocomplete="new-password" value="" data-rule="password" />
         </div>
     </div>
+    <div class="form-group">
+        <label class="control-label col-xs-12 col-sm-2">{:__('关联微信')}:</label>
+        <div class="col-xs-12 col-sm-8">
+            <input id="c-rel_wxid" min="0" data-rule="required"
+                   data-source="Gewechatfriends/getFriendList" class="form-control selectpage"
+                   name="row[rel_wxid]" type="text" value="{$row.rel_wxid}">
+        </div>
+    </div>
+    <div class="form-group">
+        <label class="control-label col-xs-12 col-sm-2">{:__('类型')}:</label>
+        <div class="col-xs-12 col-sm-8">
+            {:build_radios('row[employee_type]', ['1'=>'企业微信', '2'=>'个人微信'], $row.employee_type)}
+        </div>
+    </div>
+    <div class="form-group">
+        <label class="control-label col-xs-12 col-sm-2">{:__('角色')}:</label>
+        <div class="col-xs-12 col-sm-8">
+            {:build_radios('row[role]', ['admin'=>'系统管理员', 'firm'=>'企业管理员'],$row.role)}
+        </div>
+    </div>
     <div class="form-group">
         <label class="control-label col-xs-12 col-sm-2">{:__('选择企业')}:</label>
         <div class="col-xs-12 col-sm-8">
@@ -55,17 +75,26 @@
         </div>
     </div>
     <div class="form-group">
-        <label for="loginfailure" class="control-label col-xs-12 col-sm-2">{:__('Loginfailure')}:</label>
+        <label class="control-label col-xs-12 col-sm-2">{:__('职务')}:</label>
         <div class="col-xs-12 col-sm-8">
-            <input type="number" class="form-control" id="loginfailure" name="row[loginfailure]" value="{$row.loginfailure}" data-rule="required" />
+            <input id="c-firmduty_id" min="0" data-rule="required"
+                   data-source="firmduty/index" class="form-control selectpage"
+                   name="row[firmduty_id]" type="text" value="">
         </div>
     </div>
+<!--    <div class="form-group">-->
+<!--        <label for="loginfailure" class="control-label col-xs-12 col-sm-2">{:__('Loginfailure')}:</label>-->
+<!--        <div class="col-xs-12 col-sm-8">-->
+<!--            <input type="number" class="form-control" id="loginfailure" name="row[loginfailure]" value="{$row.loginfailure}" data-rule="required" />-->
+<!--        </div>-->
+<!--    </div>-->
     <div class="form-group">
         <label class="control-label col-xs-12 col-sm-2">{:__('Status')}:</label>
         <div class="col-xs-12 col-sm-8">
             {:build_radios('row[status]', ['normal'=>__('Normal'), 'hidden'=>__('Hidden')], $row['status'])}
         </div>
     </div>
+
     <div class="form-group hidden layer-footer">
         <label class="control-label col-xs-12 col-sm-2"></label>
         <div class="col-xs-12 col-sm-8">
diff --git a/admin/application/admin/view/firm/add.html b/admin/application/admin/view/firm/add.html
index 5391ae7..9b8f3fb 100644
--- a/admin/application/admin/view/firm/add.html
+++ b/admin/application/admin/view/firm/add.html
@@ -18,18 +18,7 @@
             <input id="c-address" class="form-control" name="row[address]" type="text" value="">
         </div>
     </div>
-    <div class="form-group">
-        <label class="control-label col-xs-12 col-sm-2">{:__('Phone')}:</label>
-        <div class="col-xs-12 col-sm-8">
-            <input id="c-phone" class="form-control" name="row[phone]" type="text" value="">
-        </div>
-    </div>
-    <div class="form-group">
-        <label class="control-label col-xs-12 col-sm-2">{:__('Person')}:</label>
-        <div class="col-xs-12 col-sm-8">
-            <input id="c-person" class="form-control" name="row[person]" type="text" value="">
-        </div>
-    </div>
+
     <div class="form-group">
         <label class="control-label col-xs-12 col-sm-2">{:__('Create_time')}:</label>
         <div class="col-xs-12 col-sm-8">
diff --git a/admin/application/admin/view/firm/edit.html b/admin/application/admin/view/firm/edit.html
index 1e37e5f..f93b85e 100644
--- a/admin/application/admin/view/firm/edit.html
+++ b/admin/application/admin/view/firm/edit.html
@@ -18,18 +18,7 @@
             <input id="c-address" class="form-control" name="row[address]" type="text" value="{$row.address|htmlentities}">
         </div>
     </div>
-    <div class="form-group">
-        <label class="control-label col-xs-12 col-sm-2">{:__('Phone')}:</label>
-        <div class="col-xs-12 col-sm-8">
-            <input id="c-phone" class="form-control" name="row[phone]" type="text" value="{$row.phone|htmlentities}">
-        </div>
-    </div>
-    <div class="form-group">
-        <label class="control-label col-xs-12 col-sm-2">{:__('Person')}:</label>
-        <div class="col-xs-12 col-sm-8">
-            <input id="c-person" class="form-control" name="row[person]" type="text" value="{$row.person|htmlentities}">
-        </div>
-    </div>
+
     <div class="form-group">
         <label class="control-label col-xs-12 col-sm-2">{:__('Create_time')}:</label>
         <div class="col-xs-12 col-sm-8">
diff --git a/admin/application/admin/view/firmcustomer/add.html b/admin/application/admin/view/firmcustomer/add.html
index 66be1d9..115ef60 100644
--- a/admin/application/admin/view/firmcustomer/add.html
+++ b/admin/application/admin/view/firmcustomer/add.html
@@ -76,13 +76,18 @@
     <div class="form-group">
         <label class="control-label col-xs-12 col-sm-2">{:__('Firmemployee_id')}:</label>
         <div class="col-xs-12 col-sm-8">
-            <input id="c-firmemployee_id" data-rule="required" data-source="firmemployee/index" class="form-control selectpage" name="row[firmemployee_id]" type="text" value="">
+            <input id="c-firmemployee_id" data-rule="required" data-source="admin/index"
+                   data-field="nickname"
+                   class="form-control selectpage" name="row[firmemployee_id]" type="text" value="">
         </div>
     </div>
     <div class="form-group">
         <label class="control-label col-xs-12 col-sm-2">{:__('Responsible_pm')}:</label>
         <div class="col-xs-12 col-sm-8">
-            <input id="c-responsible_pm" data-rule="required" data-source="firmemployee/index" class="form-control selectpage" name="row[responsible_pm]" type="text" value="">
+            <input id="c-responsible_pm" data-rule="required"
+                   data-source="admin/index" class="form-control selectpage"
+                   data-field="nickname"
+                   name="row[responsible_pm]" type="text" value="">
         </div>
     </div>
     <div class="form-group">
diff --git a/admin/application/admin/view/firmcustomer/edit.html b/admin/application/admin/view/firmcustomer/edit.html
index 5d38b10..18e9992 100644
--- a/admin/application/admin/view/firmcustomer/edit.html
+++ b/admin/application/admin/view/firmcustomer/edit.html
@@ -66,13 +66,19 @@
     <div class="form-group">
         <label class="control-label col-xs-12 col-sm-2">{:__('Firmemployee_id')}:</label>
         <div class="col-xs-12 col-sm-8">
-            <input id="c-firmemployee_id" data-rule="required" data-source="firmemployee/index" class="form-control selectpage" name="row[firmemployee_id]" type="text" value="{$row.firmemployee_id|htmlentities}">
+            <input id="c-firmemployee_id" data-rule="required"
+                   data-source="admin/index" class="form-control selectpage"
+                   data-field="nickname"
+                   name="row[firmemployee_id]" type="text" value="{$row.firmemployee_id|htmlentities}">
         </div>
     </div>
     <div class="form-group">
         <label class="control-label col-xs-12 col-sm-2">{:__('Responsible_pm')}:</label>
         <div class="col-xs-12 col-sm-8">
-            <input id="c-responsible_pm" data-rule="required" data-source="firmemployee/index" class="form-control selectpage" name="row[responsible_pm]" type="text" value="{$row.responsible_pm|htmlentities}">
+            <input id="c-responsible_pm" data-rule="required" data-source="admin/index"
+                   data-field="nickname"
+                   class="form-control selectpage" name="row[responsible_pm]" type="text"
+                   value="{$row.responsible_pm|htmlentities}">
         </div>
     </div>
     <div class="form-group">
diff --git a/admin/application/api/controller/BaseApiAuthController.php b/admin/application/api/controller/BaseApiAuthController.php
new file mode 100644
index 0000000..1f15842
--- /dev/null
+++ b/admin/application/api/controller/BaseApiAuthController.php
@@ -0,0 +1,81 @@
+<?php
+/*
+ * description：
+ * author：wh
+ * email：
+ * createTime：{2025/3/25} {10:19} 
+ */
+
+namespace app\api\controller;
+
+
+use app\common\model\ApiKey;
+use app\common\service\AuthService;
+use think\Controller;
+use think\Request;
+use wanghua\general_utility_tools_php\tool\Tools;
+
+class BaseApiAuthController extends Controller
+{
+    public function __construct(Request $request = null)
+    {
+        parent::__construct($request);
+
+
+        $r = $this->requestAuth($request);
+        if(false === $r){
+            echo json_encode(['code'=>500,'msg'=>'认证失败,请重新登录']);die;
+        }
+        //if(false == $this->defaultAuth()){
+        //    echo json_encode(['code'=>500,'msg'=>'鉴权失败，缺失必要参数']);die;
+        //}
+    }
+
+    //请求认证
+    function requestAuth($request){
+        return true;
+        // 获取Authorization头
+        $authHeader = $request->header('authorization');
+
+        if (!$authHeader) {
+            echo json_encode(['code' => 401, 'error' => 'Missing Authorization header']);die;
+        }
+        // 解析Bearer Token
+        if (!preg_match('/Bearer\s(\S+)/', $authHeader, $matches)) {
+            //return json(['code' => 401, 'error' => 'Invalid token format'], 401);
+            echo json_encode(['code' => 401, 'error' => 'Invalid token format']);die;
+        }
+
+        $apiKey = $matches[1];
+        return (new AuthService($apiKey))->verifyApiKey();
+    }
+
+    /**
+     * desc：默认鉴权
+     * author：wh
+     * @return bool
+     */
+    function defaultAuth(){
+        $params = input();
+        if(empty($params['nonce'])){
+            //Tools::log_to_write_txt(['服务被拒绝，鉴权参数缺失:nonce。params'=>input()]);
+            return false;
+        }
+        if(empty($params['timestamp'])){
+            //Tools::log_to_write_txt(['服务被拒绝，鉴权参数缺失:timestamp。params'=>input()]);
+            return false;
+        }
+        if(empty($params['sign'])){
+            //Tools::log_to_write_txt(['服务被拒绝，鉴权参数缺失:sign。params'=>input()]);
+            return false;
+        }
+        $sign = $params['sign'];
+        unset($params['sign']);
+        if(Tools::signature($params) != $sign){
+            //Tools::log_to_write_txt(['签名失败，服务被拒绝.'=>input()]);
+            return false;
+        }
+        return true;
+    }
+
+}
\ No newline at end of file
diff --git a/admin/application/api/controller/BaseApiPublicController.php b/admin/application/api/controller/BaseApiPublicController.php
new file mode 100644
index 0000000..0d66e7b
--- /dev/null
+++ b/admin/application/api/controller/BaseApiPublicController.php
@@ -0,0 +1,17 @@
+<?php
+/*
+ * description：
+ * author：wh
+ * email：
+ * createTime：{2025/3/25} {10:19} 
+ */
+
+namespace app\api\controller;
+
+
+use think\Controller;
+
+class BaseApiPublicController extends Controller
+{
+
+}
\ No newline at end of file
diff --git a/admin/application/api/controller/Firmemployee.php b/admin/application/api/controller/Firmemployee.php
new file mode 100644
index 0000000..61e3169
--- /dev/null
+++ b/admin/application/api/controller/Firmemployee.php
@@ -0,0 +1,43 @@
+<?php
+/*
+ * description：
+ * author：wh
+ * email：
+ * createTime：{2025/3/25} {10:00} 
+ */
+
+namespace app\api\controller;
+
+
+use think\Controller;
+use think\Db;
+use wanghua\general_utility_tools_php\Mmodel;
+use wanghua\general_utility_tools_php\tool\Tools;
+
+class Firmemployee extends BaseApiAuthController
+{
+
+    /**
+     * desc：获取工作人员列表
+     *
+     * /api/firmemployee/getList
+     * author：wh
+     */
+    function getList(){
+        return Mmodel::catchJson(function (){
+            $firm_sign = input('firm_sign');//企业标识
+            if(empty($firm_sign)){
+                return Tools::set_fail('企业标识不能为空');
+            }
+
+            $info = Db::table('fa_admin')
+                ->where('role','firm')
+                ->where('firm_id',$firm_sign)
+                ->select();
+
+            return Tools::set_ok('ok',[
+                'staff_list'=>array_column($info,'rel_wxid')
+            ]);
+        });
+    }
+}
\ No newline at end of file
diff --git a/admin/application/api/logic/TokenLogic.php b/admin/application/api/logic/TokenLogic.php
index 123ed4d..e73dee6 100644
--- a/admin/application/api/logic/TokenLogic.php
+++ b/admin/application/api/logic/TokenLogic.php
@@ -26,6 +26,9 @@ class TokenLogic extends BaseLogic
     {
         $url = 'https://wechat-api-test.excn.vip/vip_groups/auth_info';
         $res = \wanghua\general_utility_tools_php\http\Curl::curl_post($url, []);
+        if(empty($res['data'])){
+            throw new \Exception('获取token失败');
+        }
         $res_data = json_decode($res['data'], true);
         return [
             'token' => $res_data['gewe-token'],
diff --git a/admin/application/common/model/ApiKey.php b/admin/application/common/model/ApiKey.php
new file mode 100644
index 0000000..50fb555
--- /dev/null
+++ b/admin/application/common/model/ApiKey.php
@@ -0,0 +1,24 @@
+<?php
+namespace app\common\model;
+
+use think\Model;
+
+class ApiKey extends Model
+{
+    protected $name = 'api_keys';
+
+    // 自动时间戳
+    //protected $autoWriteTimestamp = true;
+    //protected $updateTime = false;
+
+    // 读取器处理JSON字段
+    public function getPermissionsAttr($value)
+    {
+        return json_decode($value, true);
+    }
+
+    public function getIpWhitelistAttr($value)
+    {
+        return json_decode($value, true);
+    }
+}
\ No newline at end of file
diff --git a/admin/application/common/service/AuthService.php b/admin/application/common/service/AuthService.php
new file mode 100644
index 0000000..3c86ac5
--- /dev/null
+++ b/admin/application/common/service/AuthService.php
@@ -0,0 +1,47 @@
+<?php
+namespace app\common\service;
+
+use think\Db;
+use app\common\model\ApiKey;
+
+class AuthService
+{
+    protected $keyInfo;
+    public function __construct($apiKey)
+    {
+        $this->keyInfo = ApiKey::where('api_key', $apiKey)
+            ->cache("api_key_{$apiKey}", 300) // 缓存5分钟
+            ->find();
+    }
+    public function verifyApiKey()
+    {
+        // 查询数据库（带缓存）
+        $keyInfo = $this->keyInfo;
+
+        if (!$keyInfo) {
+            return false;
+        }
+
+        // 检查密钥状态
+        if (!$keyInfo->is_active || $keyInfo->expires_at < time()) {
+            return false;
+        }
+
+        // 记录最后使用时间
+        Db::name('api_keys')
+            ->where('id', $keyInfo->id)
+            ->update(['last_used_at' => time()]);
+
+        return true;
+    }
+
+    public function getDeveloperInfo()
+    {
+        // 根据业务需求返回开发者信息
+        return [
+            'developer_id' => $this->keyInfo->app_name,
+            'app_id'       => $this->keyInfo->id,
+            //'permissions'  => json_decode($this->keyInfo->permissions, true)
+        ];
+    }
+}
\ No newline at end of file
diff --git a/admin/application/index/controller/Tasktimer.php b/admin/application/index/controller/Tasktimer.php
new file mode 100644
index 0000000..8c09501
--- /dev/null
+++ b/admin/application/index/controller/Tasktimer.php
@@ -0,0 +1,26 @@
+<?php
+/*
+ * description：
+ * author：wh
+ * email：
+ * createTime：{2025/3/24} {17:23} 
+ */
+
+namespace app\index\controller;
+
+
+use think\Controller;
+use wanghua\general_utility_tools_php\Mmodel;
+
+//定时任务
+class Tasktimer extends Controller
+{
+
+    //按分钟执行
+    function runMinutes(){
+
+        Mmodel::catchJson(function (){
+
+        });
+    }
+}
\ No newline at end of file
diff --git a/admin/public/assets/js/backend/auth/admin.js b/admin/public/assets/js/backend/auth/admin.js
index 0901410..4777b49 100644
--- a/admin/public/assets/js/backend/auth/admin.js
+++ b/admin/public/assets/js/backend/auth/admin.js
@@ -33,6 +33,7 @@ define(['jquery', 'bootstrap', 'backend', 'table', 'form'], function ($, undefin
                         {field: 'id', title: 'ID'},
                         {field: 'username', title: __('Username')},
                         {field: 'nickname', title: __('Nickname')},
+                        {field: 'role', title: __('角色'), searchList: {"admin":__('系统管理员'),"firm":__('企业管理员')}, formatter: Table.api.formatter.label },
                         {field: 'groups_text', title: __('Group'), operate:false, formatter: Table.api.formatter.label},
                         {field: 'email', title: __('Email')},
                         {field: 'mobile', title: __('Mobile')},
diff --git a/admin/public/assets/js/backend/firm.js b/admin/public/assets/js/backend/firm.js
index ff3c2b5..7be2059 100644
--- a/admin/public/assets/js/backend/firm.js
+++ b/admin/public/assets/js/backend/firm.js
@@ -29,8 +29,6 @@ define(['jquery', 'bootstrap', 'backend', 'table', 'form'], function ($, undefin
                         {field: 'name', title: __('Name'), operate: 'LIKE', table: table, class: 'autocontent', formatter: Table.api.formatter.content},
                         {field: 'full_name', title: __('Full_name'), operate: 'LIKE', table: table, class: 'autocontent', formatter: Table.api.formatter.content},
                         {field: 'address', title: __('Address'), operate: 'LIKE', table: table, class: 'autocontent', formatter: Table.api.formatter.content},
-                        {field: 'phone', title: __('Phone'), operate: 'LIKE', table: table, class: 'autocontent', formatter: Table.api.formatter.content},
-                        {field: 'person', title: __('Person'), operate: 'LIKE', table: table, class: 'autocontent', formatter: Table.api.formatter.content},
                         {field: 'create_time', title: __('Create_time'), operate:'RANGE', addclass:'datetimerange', autocomplete:false, formatter: Table.api.formatter.datetime},
                         {field: 'operate', title: __('Operate'), table: table, events: Table.api.events.operate, formatter: Table.api.formatter.operate}
                     ]
diff --git a/front/application/api/middleware/AuthMiddleware.php b/front/application/api/middleware/AuthMiddleware.php
new file mode 100644
index 0000000..67c288a
--- /dev/null
+++ b/front/application/api/middleware/AuthMiddleware.php
@@ -0,0 +1,47 @@
+<?php
+namespace app\api\middleware;
+
+use app\common\service\AuthService;
+use think\Db;
+
+class AuthMiddleware
+{
+    public function handle($request, \Closure $next)
+    {
+        // 获取Authorization头
+        $authHeader = $request->header('authorization');
+
+        if (!$authHeader) {
+            return json(['code' => 401, 'error' => 'Missing Authorization header'], 401);
+        }
+
+        // 解析Bearer Token
+        if (!preg_match('/Bearer\s(\S+)/', $authHeader, $matches)) {
+            return json(['code' => 401, 'error' => 'Invalid token format'], 401);
+        }
+
+        $apiKey = $matches[1];
+        $authService = new AuthService($apiKey);
+
+        // 验证密钥有效性
+        if (!$authService->verifyApiKey()) {
+            return json(['code' => 403, 'error' => 'Invalid API key'], 403);
+        }
+
+        // 将开发者信息注入请求对象
+        $request->developer = $authService->getDeveloperInfo();
+
+        //默认不限流
+
+        // 在中间件最后记录
+        Db::name('api_logs')->insert([
+            'api_key'    => $apiKey,
+            'endpoint'   => $request->url(),
+            'ip'         => $request->ip(),
+            //'created_at' => time()
+        ]);
+
+
+        return $next($request);
+    }
+}
\ No newline at end of file