55 lines
1.6 KiB
PHP
55 lines
1.6 KiB
PHP
|
<?php
|
||
|
|
namespace app\middleware;
|
||
|
|
|
||
|
|
use Closure;
|
||
|
|
|
||
|
|
/**
|
||
|
|
* CSRF校验
|
||
|
|
*/
|
||
|
|
class Csrf
|
||
|
|
{
|
||
|
|
public function handle($request, Closure $next)
|
||
|
|
{
|
||
|
|
if($request->isPost()){
|
||
|
|
$check = $request->checkToken('__token__');
|
||
|
|
if(false === $check) {
|
||
|
|
return $this->csrfError($request);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
return $next($request);
|
||
|
|
}
|
||
|
|
|
||
|
|
protected function csrfError($request, $msg = '非法请求, 用户身份认证失败!')
|
||
|
|
{
|
||
|
|
if($request->isAjax()) {
|
||
|
|
return json(['code' => 401, 'msg' => $msg], 200);
|
||
|
|
} else {
|
||
|
|
$referer = $_SERVER['HTTP_REFERER'] ?? null;
|
||
|
|
if (empty($referer)) {
|
||
|
|
$url = '/';
|
||
|
|
} else {
|
||
|
|
$domain = $request->domain();
|
||
|
|
$urlInfo = parse_url($referer);
|
||
|
|
$scheme = $urlInfo['scheme'] ?? '';
|
||
|
|
$requestSrc = '';
|
||
|
|
if (!empty($scheme)) {
|
||
|
|
$requestSrc = $scheme.'://'.($urlInfo['host'] ?? '');
|
||
|
|
}
|
||
|
|
if($domain != $requestSrc) {
|
||
|
|
$url = '/';
|
||
|
|
} else {
|
||
|
|
$url = 'javascript:history.back(-1);';
|
||
|
|
}
|
||
|
|
}
|
||
|
|
$errorData = [
|
||
|
|
'code'=> 401,
|
||
|
|
'msg' => $msg,
|
||
|
|
'data' => [],
|
||
|
|
'wait' => 5,
|
||
|
|
'url' => $url
|
||
|
|
];
|
||
|
|
return view('error/400', $errorData);
|
||
|
|
// 返回401视图 response type has html、json、jsonp、xml、file、view、redirect
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|