coupon-admin/app/middleware/Csrf.php

<?php
namespace app\middleware;

use Closure;
use think\Request;

/**
 * CSRF校验
 */
class Csrf
{
    public function handle(Request $request, Closure $next)
    {
        if($request->isPost()){
            $check = $request->checkToken();
            if(false === $check) {
//                return $this->csrfError($request);
            }
        }
        return $next($request);
    }

    protected function csrfError($request, $msg = '非法请求, 用户身份认证失败!')
    {
        if($request->isAjax()) {
            return json(['code' => 401, 'msg' => $msg], 200);
        } else {
            $referer = $_SERVER['HTTP_REFERER'] ?? null;
            if (empty($referer)) {
                $url = '/';
            } else {
                $domain = $request->domain();
                $urlInfo = parse_url($referer);
                $scheme = $urlInfo['scheme'] ?? '';
                $requestSrc = '';
                if (!empty($scheme)) {
                    $requestSrc = $scheme.'://'.($urlInfo['host'] ?? '');
                }
                if($domain != $requestSrc) {
                    $url = '/';
                } else {
                    $url = 'javascript:history.back(-1);';
                }
            }
            $errorData = [
                'code'=> 401,
                'msg' => $msg,
                'data' => [],
                'wait' => 5,
                'url' => $url
            ];
            return view('error/400', $errorData);
            // 返回401视图 response type has html、json、jsonp、xml、file、view、redirect
        }
    }
}
初始化 2021-11-18 17:57:04 +08:00			`<?php`
			`namespace app\middleware;`

			`use Closure;`
			`use think\Request;`

			`/**`
			`* CSRF校验`
			`*/`
			`class Csrf`
			`{`
			`public function handle(Request $request, Closure $next)`
			`{`
			`if($request->isPost()){`
			`$check = $request->checkToken();`
			`if(false === $check) {`
			`// return $this->csrfError($request);`
			`}`
			`}`
			`return $next($request);`
			`}`

			`protected function csrfError($request, $msg = '非法请求, 用户身份认证失败!')`
			`{`
			`if($request->isAjax()) {`
			`return json(['code' => 401, 'msg' => $msg], 200);`
			`} else {`
			`$referer = $_SERVER['HTTP_REFERER'] ?? null;`
			`if (empty($referer)) {`
			`$url = '/';`
			`} else {`
			`$domain = $request->domain();`
			`$urlInfo = parse_url($referer);`
			`$scheme = $urlInfo['scheme'] ?? '';`
			`$requestSrc = '';`
			`if (!empty($scheme)) {`
			`$requestSrc = $scheme.'://'.($urlInfo['host'] ?? '');`
			`}`
			`if($domain != $requestSrc) {`
			`$url = '/';`
			`} else {`
			`$url = 'javascript:history.back(-1);';`
			`}`
			`}`
			`$errorData = [`
			`'code'=> 401,`
			`'msg' => $msg,`
			`'data' => [],`
			`'wait' => 5,`
			`'url' => $url`
			`];`
			`return view('error/400', $errorData);`
			`// 返回401视图 response type has html、json、jsonp、xml、file、view、redirect`
			`}`
			`}`
			`}`