1.改进V2RAY

2.修正在线支付优惠券BUG
3.禁止演示环境修改管理员密码

.env.example

@@ -1,3 +1,4 @@
+APP_DEMO=false
 APP_NAME=SSRPanel
 APP_ENV=local
 APP_KEY=

_ide_helper.php

@@ -1,14 +1,13 @@
 <?php
 /**
  * A helper file for Laravel 5, to provide autocomplete information to your IDE
- * Generated for Laravel 5.4.30 on 2017-12-08.
+ * Generated for Laravel 5.4.36 on 2018-08-16 17:31:31.
+ *
+ * This file should not be included in your code, only analyzed by your IDE!
  *
  * @author Barry vd. Heuvel <[email protected]>
  * @see https://github.com/barryvdh/laravel-ide-helper
  */
-namespace  {
-    exit("This file should not be included, only analyzed by your IDE");
-}
 
 namespace Illuminate\Support\Facades { 
 
@@ -416,7 +415,7 @@ namespace Illuminate\Support\Facades {
          * Register a deferred provider and service.
          *
          * @param string $provider
-         * @param string $service
+         * @param string|null $service
          * @return void 
          * @static 
          */ 
@@ -6521,7 +6520,7 @@ namespace Illuminate\Support\Facades {
         }
         
         /**
-         * Returns the client IP address.
+         * Get the client IP address.
          *
          * @return string 
          * @static 
@@ -6532,7 +6531,7 @@ namespace Illuminate\Support\Facades {
         }
         
         /**
-         * Returns the client IP addresses.
+         * Get the client IP addresses.
          *
          * @return array 
          * @static 
@@ -6542,6 +6541,17 @@ namespace Illuminate\Support\Facades {
             return \Illuminate\Http\Request::ips();
         }
         
+        /**
+         * Get the client user agent.
+         *
+         * @return string 
+         * @static 
+         */ 
+        public static function userAgent()
+        {
+            return \Illuminate\Http\Request::userAgent();
+        }
+        
         /**
          * Merge new input into the current request's input array.
          *
@@ -6797,7 +6807,7 @@ namespace Illuminate\Support\Facades {
          * @param array $cookies The COOKIE parameters
          * @param array $files The FILES parameters
          * @param array $server The SERVER parameters
-         * @param string|resource $content The raw body data
+         * @param string|resource|null $content The raw body data
          * @static 
          */ 
         public static function initialize($query = array(), $request = array(), $attributes = array(), $cookies = array(), $files = array(), $server = array(), $content = null)
@@ -6830,7 +6840,7 @@ namespace Illuminate\Support\Facades {
          * @param array $cookies The request cookies ($_COOKIE)
          * @param array $files The request files ($_FILES)
          * @param array $server The server parameters ($_SERVER)
-         * @param string $content The raw body data
+         * @param string|resource|null $content The raw body data
          * @return static 
          * @static 
          */ 
@@ -7032,8 +7042,8 @@ namespace Illuminate\Support\Facades {
          * 
          * Order of precedence: PATH (routing placeholders or custom attributes), GET, BODY
          *
-         * @param string $key the key
-         * @param mixed $default the default value if the parameter key does not exist
+         * @param string $key The key
+         * @param mixed $default The default value if the parameter key does not exist
          * @return mixed 
          * @static 
          */ 
@@ -7477,7 +7487,7 @@ namespace Illuminate\Support\Facades {
          * Gets the mime type associated with the format.
          *
          * @param string $format The format
-         * @return string The associated mime type (null if not found)
+         * @return string|null The associated mime type (null if not found)
          * @static 
          */ 
         public static function getMimeType($format)
@@ -7668,6 +7678,24 @@ namespace Illuminate\Support\Facades {
             return \Illuminate\Http\Request::isMethodCacheable();
         }
         
+        /**
+         * Returns the protocol version.
+         * 
+         * If the application is behind a proxy, the protocol version used in the
+         * requests between the client and the proxy and between the proxy and the
+         * server might be different. This returns the former (from the "Via" header)
+         * if the proxy is trusted (see "setTrustedProxies()"), otherwise it returns
+         * the latter (from the "SERVER_PROTOCOL" server parameter).
+         *
+         * @return string 
+         * @static 
+         */ 
+        public static function getProtocolVersion()
+        {
+            //Method inherited from \Symfony\Component\HttpFoundation\Request            
+            return \Illuminate\Http\Request::getProtocolVersion();
+        }
+        
         /**
          * Returns the request body content.
          *
@@ -10040,6 +10068,18 @@ namespace Illuminate\Support\Facades {
             return \Illuminate\Filesystem\FilesystemAdapter::exists($path);
         }
         
+        /**
+         * Get the full path for the file at the given "short" path.
+         *
+         * @param string $path
+         * @return string 
+         * @static 
+         */ 
+        public static function path($path)
+        {
+            return \Illuminate\Filesystem\FilesystemAdapter::path($path);
+        }
+        
         /**
          * Get the contents of a file.
          *
@@ -10235,6 +10275,20 @@ namespace Illuminate\Support\Facades {
             return \Illuminate\Filesystem\FilesystemAdapter::url($path);
         }
         
+        /**
+         * Get a temporary URL for the file at the given path.
+         *
+         * @param string $path
+         * @param \DateTimeInterface $expiration
+         * @param array $options
+         * @return string 
+         * @static 
+         */ 
+        public static function temporaryUrl($path, $expiration, $options = array())
+        {
+            return \Illuminate\Filesystem\FilesystemAdapter::temporaryUrl($path, $expiration, $options);
+        }
+        
         /**
          * Get an array of all files in a directory.
          *
@@ -11701,12 +11755,13 @@ namespace Mews\Captcha\Facades {
          * Create captcha image
          *
          * @param string $config
+         * @param boolean $api
          * @return \Mews\Captcha\ImageManager->response 
          * @static 
          */ 
-        public static function create($config = 'default')
+        public static function create($config = 'default', $api = false)
         {
-            return \Mews\Captcha\Captcha::create($config);
+            return \Mews\Captcha\Captcha::create($config, $api);
         }
         
         /**
@@ -11721,6 +11776,18 @@ namespace Mews\Captcha\Facades {
             return \Mews\Captcha\Captcha::check($value);
         }
         
+        /**
+         * Captcha check
+         *
+         * @param $value
+         * @return bool 
+         * @static 
+         */ 
+        public static function check_api($value, $key)
+        {
+            return \Mews\Captcha\Captcha::check_api($value, $key);
+        }
+        
         /**
          * Generate captcha image source
          *
@@ -11737,12 +11804,14 @@ namespace Mews\Captcha\Facades {
          * Generate captcha image html tag
          *
          * @param null $config
+         * @param array $attrs HTML attributes supplied to the image tag where key is the attribute
+         * and the value is the attribute value
          * @return string 
          * @static 
          */ 
-        public static function img($config = null)
+        public static function img($config = null, $attrs = array())
         {
-            return \Mews\Captcha\Captcha::img($config);
+            return \Mews\Captcha\Captcha::img($config, $attrs);
         }
          
     }
@@ -12295,6 +12364,38 @@ namespace Jenssegers\Agent\Facades {
  
 }
 
+namespace Mews\Purifier\Facades { 
+
+    class Purifier {
+        
+        /**
+         * 
+         *
+         * @param $dirty
+         * @param null $config
+         * @return mixed 
+         * @static 
+         */ 
+        public static function clean($dirty, $config = null)
+        {
+            return \Mews\Purifier\Purifier::clean($dirty, $config);
+        }
+        
+        /**
+         * Get HTMLPurifier instance.
+         *
+         * @return \HTMLPurifier 
+         * @static 
+         */ 
+        public static function getInstance()
+        {
+            return \Mews\Purifier\Purifier::getInstance();
+        }
+         
+    }
+ 
+}
+
 
 namespace  { 
 
@@ -12411,7 +12512,7 @@ namespace  {
             /**
              * Add an "or where" clause to the query.
              *
-             * @param string|\Closure $column
+             * @param string|array|\Closure $column
              * @param string $operator
              * @param mixed $value
              * @return \Illuminate\Database\Eloquent\Builder|static 
@@ -12888,7 +12989,7 @@ namespace  {
              * Execute the query and get the first result.
              *
              * @param array $columns
-             * @return mixed 
+             * @return \Illuminate\Database\Eloquent\Model|static|null 
              * @static 
              */ 
             public static function first($columns = array())
@@ -12910,6 +13011,18 @@ namespace  {
                 return \Illuminate\Database\Eloquent\Builder::when($value, $callback, $default);
             }
          
+            /**
+             * Pass the query to a given callback.
+             *
+             * @param \Closure $callback
+             * @return \Illuminate\Database\Query\Builder 
+             * @static 
+             */ 
+            public static function tap($callback)
+            {    
+                return \Illuminate\Database\Eloquent\Builder::tap($callback);
+            }
+         
             /**
              * Apply the callback's query changes if the given "value" is false.
              *
@@ -12968,6 +13081,18 @@ namespace  {
                 return \Illuminate\Database\Eloquent\Builder::doesntHave($relation, $boolean, $callback);
             }
          
+            /**
+             * Add a relationship count / exists condition to the query with an "or".
+             *
+             * @param string $relation
+             * @return \Illuminate\Database\Eloquent\Builder|static 
+             * @static 
+             */ 
+            public static function orDoesntHave($relation)
+            {    
+                return \Illuminate\Database\Eloquent\Builder::orDoesntHave($relation);
+            }
+         
             /**
              * Add a relationship count / exists condition to the query with where clauses.
              *
@@ -13011,6 +13136,19 @@ namespace  {
                 return \Illuminate\Database\Eloquent\Builder::whereDoesntHave($relation, $callback);
             }
          
+            /**
+             * Add a relationship count / exists condition to the query with where clauses and an "or".
+             *
+             * @param string $relation
+             * @param \Closure $callback
+             * @return \Illuminate\Database\Eloquent\Builder|static 
+             * @static 
+             */ 
+            public static function orWhereDoesntHave($relation, $callback = null)
+            {    
+                return \Illuminate\Database\Eloquent\Builder::orWhereDoesntHave($relation, $callback);
+            }
+         
             /**
              * Add subselect queries to count the relations.
              *
@@ -13217,18 +13355,6 @@ namespace  {
                 return \Illuminate\Database\Query\Builder::crossJoin($table, $first, $operator, $second);
             }
          
-            /**
-             * Pass the query to a given callback.
-             *
-             * @param \Closure $callback
-             * @return \Illuminate\Database\Query\Builder 
-             * @static 
-             */ 
-            public static function tap($callback)
-            {    
-                return \Illuminate\Database\Query\Builder::tap($callback);
-            }
-         
             /**
              * Merge an array of where clauses and bindings.
              *
@@ -13289,7 +13415,7 @@ namespace  {
              * Add a raw or where clause to the query.
              *
              * @param string $sql
-             * @param array $bindings
+             * @param mixed $bindings
              * @return \Illuminate\Database\Query\Builder|static 
              * @static 
              */ 
@@ -14364,6 +14490,8 @@ namespace  {
     class Captcha extends \Mews\Captcha\Facades\Captcha {}
 
     class Agent extends \Jenssegers\Agent\Facades\Agent {}
+
+    class Purifier extends \Mews\Purifier\Facades\Purifier {}
  
 }
 

app/Http/Controllers/Api/LoginController.php

@@ -26,13 +26,13 @@ class LoginController extends Controller
         $password = trim($request->get('password'));
         $cacheKey = 'request_times_' . md5($request->getClientIp());
 
-        // 10分钟内请求失败15次，则封IP一小时
+        // 连续请求失败10次，则封IP一小时
         if (Cache::has($cacheKey)) {
             if (Cache::get($cacheKey) >= 15) {
-                return Response::json(['status' => 'fail', 'data' => [], 'message' => '频繁访问失败，禁止访问1小时']);
+                return Response::json(['status' => 'fail', 'data' => [], 'message' => '请求失败超限，禁止访问1小时']);
             }
         } else {
-            Cache::put($cacheKey, 1, 10);
+            Cache::put($cacheKey, 1, 60);
         }
 
         if (!$username || !$password) {

app/Http/Controllers/Muv2/NodeController.php

@@ -25,9 +25,7 @@ class NodeController extends Controller
 
         $node = SsNode::query()->where('id', $nodeId)->first(); // 节点是否存在
         if (!$node) {
-            return Response::json([
-                "ret" => 0
-            ], 400);
+            return Response::json(["ret" => 0], 400);
         }
 
         // 找出该节点的标签
@@ -36,8 +34,8 @@ class NodeController extends Controller
         // 找出有相同标签的用户
         $userLabels = UserLabel::query()->whereIn('label_id', $nodeLabels)->pluck('user_id');
 
-        //提取用户信息
-        $userIds = User::query()->where('enable', 1)->whereIn('id', $userLabels)->where('id', '<>', $this->systemConfig['free_node_users_id'])->pluck('id')->toArray();
+        // 提取用户信息
+        $userIds = User::query()->whereIn('status', [0, 1])->where('enable', 1)->whereIn('id', $userLabels)->where('id', '<>', $this->systemConfig['free_node_users_id'])->pluck('id')->toArray();
         $users = User::query()->where('id', '<>', $this->systemConfig['free_node_users_id'])->select(
             "id", "username", "passwd", "t", "u", "d", "transfer_enable",
             "port", "protocol", "obfs", "enable", "expire_time as expire_time_d", "method",
@@ -117,13 +115,13 @@ class NodeController extends Controller
         $log->log_time = time();
 
         if (!$log->save()) {
-            return response()->json([
+            return Response::json([
                 "ret" => 0,
-                "msg" => "update failed",
+                "msg" => "update failed"
             ]);
         }
 
-        return response()->json([
+        return Response::json([
             "ret" => 1,
             "msg" => "ok",
         ]);
@@ -143,13 +141,13 @@ class NodeController extends Controller
         $log->log_time = time();
 
         if (!$log->save()) {
-            return response()->json([
+            return Response::json([
                 "ret" => 0,
                 "msg" => "update failed",
             ]);
         }
 
-        return response()->json([
+        return Response::json([
             "ret" => 1,
             "msg" => "ok",
         ]);
@@ -179,7 +177,7 @@ class NodeController extends Controller
             $this->addUserTrafficLog($vo['user_id'], $nodeId, $vo['u'], $vo['d'], $node->traffic_rate);
         }
 
-        return response()->json([
+        return Response::json([
             'ret' => 1,
             "msg" => "ok",
         ]);

app/Http/Controllers/Muv2/UserController.php

@@ -7,6 +7,7 @@ use App\Http\Models\SsNode;
 use App\Http\Models\User;
 use App\Http\Models\UserTrafficLog;
 use Illuminate\Http\Request;
+use Response;
 
 class UserController extends Controller
 {
@@ -24,9 +25,7 @@ class UserController extends Controller
             $user['expire_time'] = strval((new \DateTime($user['expire_time_d']))->getTimestamp()); // datetime 转timestamp
         }
 
-        return response()->json([
-            "data" => $users
-        ]);
+        return Response::json(["data" => $users]);
     }
 
     // 更新流量到user表
@@ -45,18 +44,13 @@ class UserController extends Controller
         $user->d = $user->d + ($d * $node->traffic_rate);
 
         if (!$user->save()) {
-            return response()->json([
-                "msg" => "update failed",
-            ], 400);
+            return Response::json(["msg" => "update failed",], 400);
         }
 
         // 记录流量日志
         $this->addUserTrafficLog($userId, $nodeId, $u, $d, $node->traffic_rate);
 
-        return response()->json([
-            'ret' => 1,
-            "msg" => "ok",
-        ]);
+        return Response::json(['ret' => 1, "msg" => "ok",]);
     }
 
     // 写入流量日志

app/Http/Controllers/PaymentController.php

@@ -113,7 +113,10 @@ class PaymentController extends Controller
 
             // 优惠券置为已使用
             if (!empty($coupon)) {
-                Coupon::query()->where('id', $coupon->id)->update(['status' => 1]);
+                if ($coupon->usage == 1) {
+                    $coupon->status = 1;
+                    $coupon->save();
+                }
 
                 $this->addCouponLog($coupon->id, $goods_id, $order->oid, '在线支付使用');
             }

app/Http/Controllers/RegisterController.php

@@ -71,7 +71,8 @@ class RegisterController extends Controller
 
             // 校验域名邮箱是否在敏感词中
             $sensitiveWords = $this->sensitiveWords();
-            if (in_array($username, $sensitiveWords)) {
+            $usernameSuffix = explode('@', $username); // 提取邮箱后缀
+            if (in_array($usernameSuffix, $sensitiveWords)) {
                 Session::flash('errorMsg', '邮箱含有敏感词，请重新输入');
 
                 return Redirect::back()->withInput();

app/Http/Controllers/UserController.php

@@ -201,6 +201,13 @@ class UserController extends Controller
                     return Redirect::to('user/profile#tab_1');
                 }
 
+                // 演示环境禁止改管理员密码
+                if (env('APP_DEMO') && $user['id'] == 1) {
+                    Session::flash('errorMsg', '演示环境禁止修改管理员密码');
+
+                    return Redirect::to('user/profile#tab_1');
+                }
+
                 $ret = User::query()->where('id', $user['id'])->update(['password' => $new_password]);
                 if (!$ret) {
                     Session::flash('errorMsg', '修改失败');

app/Http/Middleware/Muv2.php

@@ -4,35 +4,29 @@ namespace App\Http\Middleware;
 
 use App\Http\Models\SsNode;
 use Closure;
+use Response;
 use Redirect;
 
 class Muv2
 {
-    /**
-     * Handle an incoming request.
-     *
-     * @param  \Illuminate\Http\Request $request
-     * @param  \Closure                 $next
-     *
-     * @return mixed
-     */
     public function handle($request, Closure $next)
     {
-        // 验证mukey
+        // 验证MU_KEY
         $muKey = $request->header("Token", '');
-        if ($muKey != $_ENV['MU_KEY']) { // TODO:改造成每个节点都有一个mukey
-            return response()->json([
+        if ($muKey != $_ENV['MU_KEY']) {
+            return Response::json([
                 'ret' => 0,
-                'msg' => 'token or source is invalid'
+                'msg' => 'Invalid Token.'
             ], 401);
         }
 
         // 验证IP是否在节点IP列表当中
-        $node = SsNode::query()->where('ip', $_SERVER["REMOTE_ADDR"])->orWhere('ipv6', $_SERVER["REMOTE_ADDR"])->first();
-        if (!$node && $_SERVER["REMOTE_ADDR"] != '127.0.0.1') {
-            return response()->json([
+        $ip = $request->getClientIp();
+        $node = SsNode::query()->where('ip', $ip)->orWhere('ipv6', $ip)->first();
+        if (!$node && $ip != '127.0.0.1') {
+            return Response::json([
                 'ret' => 0,
-                'msg' => 'token or source is invalid'
+                'msg' => 'Invalid Token.'
             ], 401);
         }
 

app/Http/Middleware/VerifyCsrfToken.php

@@ -12,6 +12,6 @@ class VerifyCsrfToken extends BaseVerifier
      * @var array
      */
     protected $except = [
-        "payment/*", "Muv2/*"
+        "payment/*", "mu/v2/*"
     ];
 }

app/Http/V2ray/Generator.php

@@ -9,7 +9,6 @@ use App\Http\V2Ray\EmptyClass;
 //https://www.v2ray.com/ui_client/service.html
 class Generator
 {
-
     private $arr = [
         "log"            => [
             "access"   => "/var/log/access.log",
@@ -66,7 +65,6 @@ class Generator
         ]
     ];
 
-
     public function addUser($uuid, $level, $alertId, $email)
     {
         $user = [

composer.json

@@ -17,6 +17,7 @@
         "openlss/lib-array2xml": "^0.5.1",
         "overtrue/laravel-lang": "~3.0",
         "paypal/rest-api-sdk-php": "*",
+        "phpoffice/phpspreadsheet": "^1.4",
         "youzan/open-sdk": "^1.0"
     },
     "require-dev": {
@@ -60,5 +61,11 @@
         "preferred-install": "dist",
         "sort-packages": true,
         "optimize-autoloader": true
+    },
+    "repositories": {
+        "packagist": {
+            "type": "composer",
+            "url": "https://packagist.laravel-china.org"
+        }
     }
 }

config/tinker.php

@@ -0,0 +1,18 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Alias Blacklist
+    |--------------------------------------------------------------------------
+    |
+    | Typically, Tinker automatically aliases classes as you require them in
+    | Tinker. However, you may wish to never alias certain classes, which
+    | you may accomplish by listing the classes in the following array.
+    |
+    */
+
+    'dont_alias' => [],
+
+];

readme.md

@@ -46,7 +46,7 @@ PHP 7.1 （必须）
 MYSQL 5.5 （推荐5.6+）
 内存 1G+ 
 磁盘空间 10G+
-PHP必须开启curl、gd、fileinfo、openssl、mbstring组件
+PHP必须开启zip、xml、curl、gd、gd2、fileinfo、openssl、mbstring组件
 安装完成后记得编辑.env中 APP_DEBUG 改为 false
 ````
 

routes/web.php

@@ -129,11 +129,11 @@ Route::group(['middleware' => ['forbidden', 'user', 'affiliate']], function () {
 });
 
 // V2Ray
-Route::group(['namespaces' => 'Muv2', 'prefix' => 'mu/v2', 'middleware' => ['Muv2']], function () {
+Route::group(['namespace' => 'Muv2', 'prefix' => 'mu/v2', 'middleware' => ['Muv2']], function () {
     Route::get('users', 'UserController@index');
     Route::post('users/{id}/traffic', 'UserController@addTraffic');
     Route::post('nodes/{id}/online_count', 'NodeController@onlineUserLog');
-    Route::post('nodes/{id}/info', 'NodeController@info');
+    Route::any('nodes/{id}/info', 'NodeController@info');
     Route::get('nodes/{id}/users', 'NodeController@users');
     Route::get('nodes/{id}/v2rayUsers', 'NodeController@v2rayUsers');
     Route::post('nodes/{id}/traffic', 'NodeController@postTraffic');