mirror of
https://gitee.com/ulthon/ulthon_admin.git
synced 2026-07-06 10:02:49 +08:00
调整admin下的类库代码,将主要逻辑调整到extend下
This commit is contained in:
@@ -2,36 +2,8 @@
|
||||
|
||||
namespace app\admin\middleware;
|
||||
|
||||
use think\Request;
|
||||
use base\admin\middleware\CsrfMiddlewareClass;
|
||||
|
||||
class CsrfMiddleware
|
||||
class CsrfMiddleware extends CsrfMiddlewareClass
|
||||
{
|
||||
use \app\common\traits\JumpTrait;
|
||||
|
||||
public function handle(Request $request, \Closure $next)
|
||||
{
|
||||
if (env('adminsystem.IS_CSRF', true)) {
|
||||
if (!in_array($request->method(), ['GET', 'HEAD', 'OPTIONS'])) {
|
||||
// 跨域校验
|
||||
$refererUrl = $request->header('REFERER', null);
|
||||
$refererInfo = parse_url($refererUrl);
|
||||
$host = $request->host(true);
|
||||
if (!isset($refererInfo['host']) || $refererInfo['host'] != $host) {
|
||||
$this->error('当前请求不合法!');
|
||||
}
|
||||
|
||||
// CSRF校验
|
||||
// @todo 兼容CK编辑器上传功能
|
||||
$ckCsrfToken = $request->post('ckCsrfToken', null);
|
||||
$data = !empty($ckCsrfToken) ? ['__token__' => $ckCsrfToken] : [];
|
||||
|
||||
$check = $request->checkToken('__token__', $data);
|
||||
if (!$check) {
|
||||
$this->error('请求验证失败,请重新刷新页面!');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user