<?php
namespace app\middleware;

use Closure;
use think\Request;

/**
 * CSRF校验
 */
class Csrf
{
    public function handle(Request $request, Closure $next)
    {
        if($request->isPost()){
            $check = $request->checkToken();
            if(false === $check) {
//                return $this->csrfError($request);
            }
        }
        return $next($request);
    }

    protected function csrfError($request, $msg = '非法请求, 用户身份认证失败!')
    {
        if($request->isAjax()) {
            return json(['code' => 401, 'msg' => $msg], 200);
        } else {
            $referer = $_SERVER['HTTP_REFERER'] ?? null;
            if (empty($referer)) {
                $url = '/';
            } else {
                $domain = $request->domain();
                $urlInfo = parse_url($referer);
                $scheme = $urlInfo['scheme'] ?? '';
                $requestSrc = '';
                if (!empty($scheme)) {
                    $requestSrc = $scheme.'://'.($urlInfo['host'] ?? '');
                }
                if($domain != $requestSrc) {
                    $url = '/';
                } else {
                    $url = 'javascript:history.back(-1);';
                }
            }
            $errorData = [
                'code'=> 401,
                'msg' => $msg,
                'data' => [],
                'wait' => 5,
                'url' => $url
            ];
            return view('error/400', $errorData);
            // 返回401视图 response type has html、json、jsonp、xml、file、view、redirect
        }
    }
}