| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 |
- <?php
- declare(strict_types=1);
- namespace app\middleware;
- use Closure;
- use think\facade\Cache;
- use think\facade\Log;
- use think\Request;
- use think\Response;
- class Safe
- {
- public static $user = [];
- public static $body = [];
- /**
- * 处理请求
- *
- * @param Request $request
- * @param Closure $next
- * @return Response
- */
- public function handle(Request $request, Closure $next)
- {
- if (strpos(\think\facade\Request::url(), '/checkLogin') !== false) {
- return $next($request);
- }
- $token = $request->get('token', $request->post('token', ''));
- if (empty($token)) {
- abort(
- json(
- [
- 'code' => 403,
- 'message' => 'not login.',
- ]
- )
- );
- return null;
- }
- $user = json_decode(Cache::get('u:' . $token), true);
- if (empty($user)) {
- abort(
- json(
- [
- 'code' => 403,
- 'message' => 'not login.',
- ]
- )
- );
- return null;
- }
- // 简单检查token合法性,防止抓包拿到token放到代码里面跑
- $loginToken = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['HTTP_ACCEPT_ENCODING'] . $_SERVER['HTTP_ACCEPT_LANGUAGE'] . get_client_ip(0)) . $user['uid'];
- if ($loginToken != $token) {
- abort(
- json(
- [
- 'code' => 403,
- 'message' => 'bad user.',
- ]
- )
- );
- return null;
- }
- static::$user = $user;
- $body = $request->post('body');
- if (!empty($body)) {
- $tag = $request->post('tag');
- if (empty($tag)) {
- abort(
- json(
- [
- 'code' => 500,
- 'message' => '参数错误.',
- ]
- )
- );
- return null;
- }
- $jsonText = openssl_decrypt(hex2bin($body), 'aes-256-gcm', hex2bin($user['aes_key']), 1, hex2bin($user['aes_iv']), hex2bin($tag));
- if (empty($jsonText)) {
- abort(
- json(
- [
- 'code' => 500,
- 'message' => '参数错误.',
- ]
- )
- );
- return null;
- }
- Log::info("requestBody:" . $jsonText);
- static::$body = json_decode($jsonText, true);
- return $next($request);
- }
- return $next($request);
- }
- }
|
