feat(auth): 更新认证逻辑，简化返回的 token 结构并优化请求日志记录

Author: robin-dongbin

app/Actions/CreateRequestLogAction.php

@@ -17,6 +17,7 @@ class CreateRequestLogAction
     ];
 
     public static array $hiddenRequestHeaders = [
+        'cookie',
         'apikey',
         'api_token',
         'Authorization',
@@ -34,23 +35,21 @@ public function handle(Request $request, Response $response): void
         $duration = $startTime ? floor((microtime(true) - $startTime) * 1000) : null;
         $memory = memory_get_peak_usage(true);
 
-        $model = new RequestLog;
-        $model->ip_address = $request->ip();
-        $model->method = $request->method();
-        $model->path = $request->path();
-        $model->duration = $duration;
-        $model->memory = $memory;
-        $model->headers = $this->headers($request->headers->all());
-        $model->payload = $this->payload($this->input($request));
-        $model->response_status = $response->getStatusCode();
-        $model->response_headers = $this->headers($response->headers->all());
-        $model->response = $this->response($response);
-
-        if ($user = $request->user()) {
-            $model->user()->associate($user);
-        }
-
-        $model->save();
+        $data = [
+            'ip_address' => $request->ip(),
+            'method' => $request->method(),
+            'path' => $request->path(),
+            'duration' => $duration,
+            'memory' => $memory,
+            'headers' => $this->headers($request->headers->all()),
+            'payload' => $this->payload($this->input($request)),
+            'response_status' => $response->getStatusCode(),
+            'response_headers' => $this->headers($response->headers->all()),
+            'response' => $this->response($response),
+            'user_id' => $request->user() ? $request->user()->getKey() : null,
+        ];
+
+        RequestLog::create($data);
     }
 
     protected function input(Request $request): array

app/Filters/UserFilter.php

@@ -10,7 +10,7 @@ class UserFilter implements Filter
     public function __invoke(Builder $query, $value, string $property)
     {
         return $query->whereHas($property, function (Builder $query) use ($value) {
-            $query->whereAny(['nickname', 'name'], $value);
+            $query->whereAny(['nickname', 'username'], $value);
         });
     }
 }

app/Http/Controllers/Api/Admin/AuthController.php

@@ -36,7 +36,7 @@ public function login(LoginRequest $request)
         $token = $user->createToken('admin')->plainTextToken;
 
         return UserResource::make($request->user())
-            ->additional(['meta' => ['token' => $token]]);
+            ->additional(['token' => $token]);
     }
 
     public function logout(Request $request)

app/Http/Controllers/Api/Admin/IpController.php

@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Api\Admin;
 
 use App\Actions\CreateIpAction;
+use App\Enums\IpStatus;
 use App\Http\Controllers\Api\Controller;
 use App\Http\Requests\IpRequest;
 use App\Http\Resources\Admin\IpResource;
@@ -33,7 +34,7 @@ public function index(Request $request)
         $ips = QueryBuilder::for(Ip::class)
             ->allowedFilters([
                 AllowedFilter::exact('address'),
-                AllowedFilter::exact('status')->default(1),
+                AllowedFilter::exact('status')->default(IpStatus::Active->value),
             ])
             ->allowedSorts(['id', 'created_at', 'updated_at'])
             ->allowedIncludes(['user', 'requestLogs'])

app/Http/Controllers/Api/V1/AuthController.php

@@ -26,7 +26,7 @@ public function login(LoginRequest $request)
         $token = $user->createToken('api')->plainTextToken;
 
         return UserResource::make($request->user())
-            ->additional(['meta' => ['token' => $token]]);
+            ->additional(['token' => $token]);
     }
 
     /**

app/Listeners/RequestHandledListener.php

@@ -20,12 +20,10 @@ public function handle(RequestHandled $event): void
 
     private function shouldLog(Request $request, Response $response): bool
     {
-        $adminPrefix = config('app.route_prefix.admin');
-
         if (strtoupper($request->method() === 'OPTIONS')) {
             return false;
         }
-        if ($request->is($adminPrefix.'/*', 'locales/*')) {
+        if (! $request->is('api/*')) {
             return false;
         }
 

tests/Feature/Http/Api/Admin/AuthenticationLogController/IndexTest.php

@@ -13,7 +13,7 @@
 
     $response = $this->getJson(route('admin.authentication-logs.index'));
 
-    $response->assertForbidden();
+    $response->assertUnauthorized();
 });
 
 test('returns a successful response', function () {
@@ -24,14 +24,14 @@
     $response = $this->getJson(route('admin.authentication-logs.index'));
 
     $response->assertOk();
-    $response->assertJson([
+    $response->assertJsonStructure([
         'data' => [
             [
-                'id' => $model->id,
-                'ip_address' => $model->ip_address,
-                'user_agent' => $model->user_agent,
-                'successful' => $model->successful,
-                'created_at' => $model->created_at->toISOString(),
+                'id',
+                'ip_address',
+                'user_agent',
+                'successful',
+                'created_at',
             ],
         ],
     ]);

tests/Feature/Http/Api/Admin/AuthenticationLogController/ShowTest.php

@@ -17,7 +17,7 @@
 
     $response = $this->getJson(route('admin.authentication-logs.show', $model));
 
-    $response->assertForbidden();
+    $response->assertUnauthorized();
 });
 
 test('returns a successful response', function () {
@@ -28,13 +28,13 @@
     $response = $this->getJson(route('admin.authentication-logs.show', $model));
 
     $response->assertOk();
-    $response->assertJson([
+    $response->assertJsonStructure([
         'data' => [
-            'id' => $model->id,
-            'ip_address' => $model->ip_address,
-            'user_agent' => $model->user_agent,
-            'successful' => $model->successful,
-            'created_at' => $model->created_at->toISOString(),
+            'id',
+            'ip_address',
+            'user_agent',
+            'successful',
+            'created_at',
         ],
     ]);
 });

tests/Feature/Http/Api/Admin/IpController/DestroyTest.php

@@ -17,7 +17,7 @@
 
     $response = $this->deleteJson(route('admin.ips.destroy', $model));
 
-    $response->assertForbidden();
+    $response->assertUnauthorized();
 });
 
 test('returns a successful response', function () {

tests/Feature/Http/Api/Admin/IpController/IndexTest.php

@@ -13,25 +13,25 @@
 
     $response = $this->getJson(route('admin.ips.index'));
 
-    $response->assertForbidden();
+    $response->assertUnauthorized();
 });
 
 test('returns a successful response', function () {
     $this->actingAsAdmin();
 
-    $model = Ip::factory()->create();
+    $model = Ip::factory()->active()->create();
 
     $response = $this->getJson(route('admin.ips.index'));
 
     $response->assertOk();
-    $response->assertJson([
+    $response->assertJsonStructure([
         'data' => [
             [
-                'id' => $model->id,
-                'address' => $model->address,
-                'location' => $model->location,
-                'status' => $model->status->value,
-                'remark' => $model->remark,
+                'id',
+                'address',
+                'location',
+                'status',
+                'remark',
             ],
         ],
     ]);