<?php
// +----------------------------------------------------------------------
// | likeadmin快速开发前后端分离管理后台（PHP版）
// +----------------------------------------------------------------------
// | 欢迎阅读学习系统程序代码，建议反馈是我们前进的动力
// | 开源版本可自由商用，可去除界面版权logo
// | gitee下载：https://gitee.com/likeshop_gitee/likeadmin
// | github下载：https://github.com/likeshop-github/likeadmin
// | 访问官网：https://www.likeadmin.cn
// | likeadmin团队 版权所有 拥有最终解释权
// +----------------------------------------------------------------------
// | author: likeadminTeam
// +----------------------------------------------------------------------


namespace app\adminapi\validate;


use app\common\enum\AdminTerminalEnum;
use app\common\model\auth\Admin;
use app\common\model\user\{User,UserInfo};
use app\common\cache\AdminAccountSafeCache;
use app\common\service\{ConfigService,UtilsService};
use app\common\enum\YesNoEnum;
use app\common\validate\BaseValidate;
use think\facade\Config;

/**
 * 登录验证
 * Class LoginAgentValidate
 * @package app\adminapi\validate
 */
class LoginAgentValidate extends BaseValidate
{
    protected $rule = [
        'terminal' => 'require|in:' . AdminTerminalEnum::PC . ',' . AdminTerminalEnum::MOBILE,
        'account' => 'require',
        'password' => 'require|password',
    ];

    protected $message = [
        'account.require' => '请输入账号',
        'password.require' => '请输入密码'
    ];

    /**
     * @notes @notes 密码验证
     * @param $password
     * @param $other
     * @param $data
     * @return bool|string
     * @throws \think\db\exception\DataNotFoundException
     * @throws \think\db\exception\DbException
     * @throws \think\db\exception\ModelNotFoundException
     * @author 令狐冲
     * @date 2021/7/2 14:00
     */
    public function password($password, $other, $data)
    {
        // 登录限制
        $config = [
            'login_restrictions' => ConfigService::get('admin_login', 'login_restrictions'),
            'password_error_times' => ConfigService::get('admin_login', 'password_error_times'),
            'limit_login_time' => ConfigService::get('admin_login', 'limit_login_time'),
            'google_auth' => ConfigService::get('website', 'agent_google_auth'),
        ];

        $adminAccountSafeCache = new AdminAccountSafeCache();
        if ($config['login_restrictions'] == 1) {
            $adminAccountSafeCache->count = $config['password_error_times'];
            $adminAccountSafeCache->minute = $config['limit_login_time'];
        }

        //后台账号安全机制，连续输错后锁定，防止账号密码暴力破解
        if ($config['login_restrictions'] == 1 && !$adminAccountSafeCache->isSafe()) {
            return '密码连续' . $adminAccountSafeCache->count . '次输入错误，请' . $adminAccountSafeCache->minute . '分钟后重试';
        }
        
        $where = [];
        
        $login_way = $data['login_way'];//0邮箱1手机号
        if($login_way == 1){
            $where = ['country_code' => $data['country_code']];
        }
        

        $userInfo = User::where($where)
            ->where(['account|mobile' => $data['account'],'is_agent' => 1])
            ->field(['id,password,is_disable,is_open,agent_id'])
            ->findOrEmpty();
            
        if ($userInfo->isEmpty()) {
            return '用户不存在';//用户不存在
        }
        
        if ($userInfo['is_open'] === YesNoEnum::NO) {
            return '用户未启用';//用户未启用
        }

        if ($userInfo['is_disable'] === YesNoEnum::YES) {
            return '用户已禁用';//用户已禁用
        }
        
        $user_info = UserInfo::where(['user_id' => $userInfo['id']])->findOrEmpty();
        
        if($config['google_auth'] == 1){
            if(!$user_info->isEmpty() && $user_info['google_key']){
                if(!$data['code']){
                    $adminAccountSafeCache->record();
                    return '请输入谷歌验证码';
                }
                
                $valid = UtilsService::get_google_verify($user_info['google_key'],$data['code']);
                if(!$valid) {
                    $adminAccountSafeCache->record();
                    return '验证码错误';
                }
            }else{
                $adminAccountSafeCache->record();
                return '验证码错误';
            }
        }

        $passwordSalt = Config::get('project.unique_identification');
        if ($userInfo['password'] !== create_password($password, $passwordSalt)) {
            $adminAccountSafeCache->record();
            return '密码错误';//密码错误
        }
        
        $adminInfo = Admin::where('id', '=', $userInfo['agent_id'])
            ->where(['is_agent' => 1])
            ->findOrEmpty();

        if ($adminInfo->isEmpty()) {
            return '参数异常';//参数异常
        }

        $adminAccountSafeCache->relieve();
        return true;
    }

}