2 changed files with 54 additions and 0 deletions
@ -0,0 +1,14 @@ |
|||||
|
<?php |
||||
|
// 全局中间件定义文件 |
||||
|
return [ |
||||
|
|
||||
|
// Session初始化 |
||||
|
// \think\middleware\SessionInit::class, |
||||
|
|
||||
|
// 系统操作日志 |
||||
|
// \app\admin\middleware\SystemLog::class, |
||||
|
|
||||
|
// Csrf安全校验 |
||||
|
\app\api\middleware\CsrfMiddleware::class, |
||||
|
|
||||
|
]; |
||||
@ -0,0 +1,40 @@ |
|||||
|
<?php |
||||
|
namespace app\api\middleware; |
||||
|
|
||||
|
use app\Request; |
||||
|
use CsrfVerify\drive\ThinkphpCache; |
||||
|
use CsrfVerify\entity\CsrfVerifyEntity; |
||||
|
use CsrfVerify\interfaces\CsrfVerifyInterface; |
||||
|
use think\facade\Session; |
||||
|
|
||||
|
class CsrfMiddleware |
||||
|
{ |
||||
|
use \app\common\traits\JumpTrait; |
||||
|
|
||||
|
public function handle(Request $request, \Closure $next) |
||||
|
{ |
||||
|
if (env('EASYADMIN.IS_CSRF', true)) { |
||||
|
if (!in_array($request->method(), ['GET', 'HEAD', 'OPTIONS'])) { |
||||
|
|
||||
|
// 跨域校验 |
||||
|
$refererUrl = $request->header('REFERER', null); |
||||
|
$refererInfo = parse_url($refererUrl); |
||||
|
$host = $request->host(true); |
||||
|
if (!isset($refererInfo['host']) || $refererInfo['host'] != $host) { |
||||
|
$this->error('当前请求不合法!'); |
||||
|
} |
||||
|
|
||||
|
// CSRF校验 |
||||
|
$ckCsrfToken = $request->post('ckCsrfToken', null); |
||||
|
$data = !empty($ckCsrfToken) ? ['__token__' => $ckCsrfToken] : []; |
||||
|
|
||||
|
$check = $request->checkToken('__token__', $data); |
||||
|
if (!$check) { |
||||
|
$this->error('请求验证失败,请重新刷新页面!'); |
||||
|
} |
||||
|
|
||||
|
} |
||||
|
} |
||||
|
return $next($request); |
||||
|
} |
||||
|
} |
||||
Loading…
Reference in new issue