fix

app/Http/Controllers/Api/LoginController.php

@@ -5,11 +5,13 @@ namespace App\Http\Controllers\Api;
 use App\Components\Helpers;
 use App\Http\Controllers\Controller;
 use App\Http\Models\User;
+use App\Http\Models\UserLabel;
 use App\Http\Models\UserSubscribe;
 use App\Http\Models\UserSubscribeLog;
 use Illuminate\Http\Request;
 use Response;
 use Cache;
+use Hash;
 use DB;
 
 /**
@@ -35,6 +37,12 @@ class LoginController extends Controller
         $password = trim($request->get('password'));
         $cacheKey = 'request_times_' . md5(getClientIp());
 
+        if (!$username || !$password) {
+            Cache::increment($cacheKey);
+
+            return Response::json(['status' => 'fail', 'data' => [], 'message' => '请输入用户名和密码']);
+        }
+
         // 连续请求失败15次，则封IP一小时
         if (Cache::has($cacheKey)) {
             if (Cache::get($cacheKey) >= 15) {
@@ -44,17 +52,13 @@ class LoginController extends Controller
             Cache::put($cacheKey, 1, 60);
         }
 
-        if (!$username || !$password) {
-            Cache::increment($cacheKey);
-
-            return Response::json(['status' => 'fail', 'data' => [], 'message' => '账号或密码错误']);
-        }
-
-        $user = User::query()->where('username', $username)->where('password', md5($password))->where('status', '>=', 0)->first();
+        $user = User::query()->where('username', $username)->where('status', '>=', 0)->first();
         if (!$user) {
             Cache::increment($cacheKey);
 
             return Response::json(['status' => 'fail', 'data' => [], 'message' => '账号不存在或已被禁用']);
+        } elseif (!Hash::check($password, $user->password)) {
+            return Response::json(['status' => 'fail', 'data' => [], 'message' => '用户名或密码错误']);
         }
 
         DB::beginTransaction();
@@ -74,17 +78,65 @@ class LoginController extends Controller
             }
 
             // 更新订阅链接访问次数
-            $subscribe->increment('times', 1);
+            //$subscribe->increment('times', 1);
 
             // 记录每次请求
-            $this->log($subscribe->id, getClientIp(), 'API访问');
-
-            // 处理用户信息
-            unset($user->password, $user->reg_ip, $user->remark, $user->usage, $user->remember_token, $user->created_at, $user->updated_at);
-            $data['user'] = $user;
+            //$this->log($subscribe->id, getClientIp(), 'API访问');
 
             // 订阅链接
-            $data['link'] = self::$systemConfig['subscribe_domain'] ? self::$systemConfig['subscribe_domain'] . '/s/' . $code : self::$systemConfig['website_url'] . '/s/' . $code;
+            $url = self::$systemConfig['subscribe_domain'] ? self::$systemConfig['subscribe_domain'] : self::$systemConfig['website_url'];
+
+            // 节点列表
+            $userLabelIds = UserLabel::query()->where('user_id', $user->id)->pluck('label_id');
+            if (empty($userLabelIds)) {
+                return Response::json(['status' => 'fail', 'message' => '', 'data' => []]);
+            }
+
+            $nodeList = DB::table('ss_node')
+                ->selectRaw('ss_node.*')
+                ->leftJoin('ss_node_label', 'ss_node.id', '=', 'ss_node_label.node_id')
+                ->whereIn('ss_node_label.label_id', $userLabelIds)
+                ->where('ss_node.status', 1)
+                ->groupBy('ss_node.id')
+                ->orderBy('ss_node.sort', 'desc')
+                ->orderBy('ss_node.id', 'asc')
+                ->get();
+
+            $c_nodes = collect();
+            foreach ($nodeList as $node) {
+                $temp_node = [
+                    'name'          => $node->name,
+                    'server'        => $node->server,
+                    'server_port'   => $user->port,
+                    'method'        => $user->method,
+                    'obfs'          => $user->obfs,
+                    'flags'         => $url . '/assets/images/country/' . $node->country_code . '.png',
+                    'obfsparam'     => '',
+                    'password'      => $user->passwd,
+                    'group'         => '',
+                    'protocol'      => $user->protocol,
+                    'protoparam'    => '',
+                    'protocolparam' => ''
+                ];
+                $c_nodes = $c_nodes->push($temp_node);
+            }
+
+            $data = [
+                'status'       => 1,
+                'class'        => 0,
+                'level'        => 2,
+                'expire_in'    => $user->expire_time,
+                'text'         => '',
+                'buy_link'     => '',
+                'money'        => '0.00',
+                'sspannelName' => 'ssrpanel',
+                'usedTraffic'  => flowAutoShow($user->u + $user->d),
+                'Traffic'      => flowAutoShow($user->transfer_enable),
+                'all'          => 1,
+                'residue'      => '',
+                'nodes'        => $c_nodes,
+                'link'         => $url . '/s/' . $code
+            ];
 
             DB::commit();
 

resources/views/admin/addNode.blade.php

@@ -16,7 +16,7 @@
                             <form action="{{url('admin/addNode')}}" method="post" class="form-horizontal" onsubmit="return do_submit();">
                                 <div class="form-body">
                                     <div class="alert alert-danger">
-                                        <strong>注意：</strong> 添加节点后自动生成的<code>ID</code>，即为该节点部署SSR后端时<code>usermysql.json</code>中的<code>node_id</code>的值；同时也是部署V2Ray后端时的<code>nodeId</code>的值；
+                                        <strong>注意：</strong> 添加节点后自动生成的<code>ID</code>，即为该节点部署SSR后端时<code>usermysql.json</code>中的<code>node_id</code>的值，同时也是部署V2Ray后端时的<code>nodeId</code>的值；
                                         V2Ray GO版节点部署<a href="https://github.com/ssrpanel/SSRPanel/wiki/V2Ray%E5%AE%8C%E6%95%B4%E9%85%8D%E7%BD%AE%E7%A4%BA%E4%BE%8B%EF%BC%88Go%E7%89%88%EF%BC%89" target="_blank">教程</a>；
                                         更改服务器的SSH端口<a href="https://github.com/ssrpanel/SSRPanel/wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%A6%81%E6%AD%A2PING%E3%80%81%E6%94%B9SSH%E7%AB%AF%E5%8F%A3%E5%8F%B7" target="_blank">教程</a>；
                                     </div>
@@ -412,7 +412,7 @@
                                                             <label for="v2_host" class="col-md-3 control-label">伪装域名</label>
                                                             <div class="col-md-8">
                                                                 <input type="text" class="form-control" name="v2_host" id="v2_host">
-                                                                <span class="help-block"> 伪装类型为http时多个伪装域名逗号隔开，ws只允许单个 </span>
+                                                                <span class="help-block"> 伪装类型为http时多个伪装域名逗号隔开，WebSocket只允许单个 </span>
                                                             </div>
                                                         </div>
                                                         <div class="form-group">

resources/views/admin/editNode.blade.php

@@ -38,7 +38,7 @@
                                                                     <span></span>
                                                                 </label>
                                                             </div>
-                                                            <span class="help-block"> NAT机需要<a href="https://github.com/ssrpanel/SSRPanel/wiki/NAT-VPS%E9%85%8D%E7%BD%AE%E6%95%99%E7%A8%8B" target="_blank">配置DDNS</a>，不做TCP阻断检测，务必填写域名 </span>
+                                                            <span class="help-block"> NAT机需要<a href="https://github.com/ssrpanel/SSRPanel/wiki/NAT-VPS%E9%85%8D%E7%BD%AE%E6%95%99%E7%A8%8B" target="_blank">配置DDNS</a>，TCP阻断检测无效，务必填写域名 </span>
                                                         </div>
                                                     </div>
                                                     <div class="form-group">
@@ -59,7 +59,7 @@
                                                     <div class="form-group">
                                                         <label for="ip" class="col-md-3 control-label"> IPV4地址 </label>
                                                         <div class="col-md-8">
-                                                            <input type="text" class="form-control" name="ip" value="{{$node->ip}}" id="ip" placeholder="服务器IPV4地址" required>
+                                                            <input type="text" class="form-control" name="ip" value="{{$node->ip}}" id="ip" placeholder="服务器IPV4地址" {{$node->is_nat ? 'readonly=readonly' : ''}} required>
                                                         </div>
                                                     </div>
                                                     <div class="form-group">
@@ -410,7 +410,7 @@
                                                             <label for="v2_host" class="col-md-3 control-label">伪装域名</label>
                                                             <div class="col-md-8">
                                                                 <input type="text" class="form-control" name="v2_host" value="{{$node->v2_host}}" id="v2_host">
-                                                                <span class="help-block"> 伪装类型为http时多个伪装域名逗号隔开，ws只允许单个 </span>
+                                                                <span class="help-block"> 伪装类型为http时多个伪装域名逗号隔开，WebSocket只允许单个 </span>
                                                             </div>
                                                         </div>
                                                         <div class="form-group">

routes/api.php

@@ -1,9 +1,8 @@
 <?php
 
 Route::group(['namespace' => 'Api'], function () {
-    Route::any('yzy/create', 'YzyController@create');
     Route::resource('yzy', 'YzyController');
-	Route::resource('alipay', 'AlipayController');
+    Route::resource('alipay', 'AlipayController');
 
     // 定制客户端
     Route::any('login', 'LoginController@login');