Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
Kirin
/
ysj
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Puu: 06944cc4e1
Branchit Tagit
ysj
/
app
/
http
/
middleware
/
AllowOriginMiddleware.php

AllowOriginMiddleware.php 2.2 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. <?php
    2. 

  2. 

  3. 

  4. namespace app\http\middleware;
    5. 

  5. 

  6. 

  7. use app\models\system\Site;
    8. 

  8. use app\Request;
    9. 

  9. use crmeb\exceptions\AuthException;
    10. 

  10. use crmeb\exceptions\SiteException;
    11. 

  11. use crmeb\interfaces\MiddlewareInterface;
    12. 

  12. use think\facade\Config;
    13. 

  13. use think\Response;
    14. 

  14. 

  15. /**
    16. 

  16.  * 跨域中间件
    17. 

  17.  * Class AllowOriginMiddleware
    18. 

  18.  * @package app\http\middleware
    19. 

  19.  */
    20. 

  20. class AllowOriginMiddleware implements MiddlewareInterface
    21. 

  21. {
    22. 

  22.     /**
    23. 

  23.      * header头
    24. 

  24.      * @var array
    25. 

  25.      */
    26. 

  26.     protected $header = [
    27. 

  27.         'Access-Control-Allow-Origin' => '*',
    28. 

  28.         'Access-Control-Allow-Headers' => 'Appid, SignTime, Sign, Authori-zation, Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-Requested-With',
    29. 

  29.         'Access-Control-Allow-Methods' => 'GET,POST,PATCH,PUT,DELETE,OPTIONS,DELETE',
    30. 

  30.         'Access-Control-Max-Age' => '1728000'
    31. 

  31.     ];
    32. 

  32. 

  33.     /**
    34. 

  34.      * 允许跨域的域名
    35. 

  35.      * @var string
    36. 

  36.      */
    37. 

  37.     protected $cookieDomain;
    38. 

  38. 

  39.     /**
    40. 

  40.      * @param Request $request
    41. 

  41.      * @param \Closure $next
    42. 

  42.      * @return Response
    43. 

  43.      */
    44. 

  44.     public function handle(Request $request, \Closure $next)
    45. 

  45.     {
    46. 

  46.         $this->cookieDomain = Config::get('cookie.domain', '');
    47. 

  47.         $header = $this->header;
    48. 

  48.         $origin = $request->header('origin');
    49. 

  49. 

  50.         if ($origin && ('' != $this->cookieDomain && strpos($origin, $this->cookieDomain)))
    51. 

  51.             $header['Access-Control-Allow-Origin'] = $origin;
    52. 

  52. 

  53.         if ($request->method(true) == 'OPTIONS') {
    54. 

  54.             $response = Response::create('ok')->code(200)->header($header);
    55. 

  55.         } else {
    56. 

  56.             $appid = trim(ltrim($request->header('Appid'), 'UtilLa'));
    57. 

  57.             $time = $request->header('SignTime');
    58. 

  58.             $sign = $request->header('Sign');
    59. 

  59.             if (!$appid || !$time || !$sign) throw new SiteException('请求异常', 400);
    60. 

  60.             if (!$site_id = Site::checkSign($sign, $appid, $time, $request->action())) throw new SiteException(Site::getErrorInfo('签名验证失败'), 400);
    61. 

  61.             Request::macro('site_id', function () use ($site_id) {
    62. 

  62.                 return $site_id;
    63. 

  63.             });
    64. 

  64.             $response = $next($request)->header($header);
    65. 

  65.         }
    66. 

  66.         $request->filter(['htmlspecialchars', 'strip_tags', 'addslashes', 'trim']);
    67. 

  67.         return $response;
    68. 

  68.     }
    69. 

  69. }
    70.