Home Explore Help
Register Sign In
duanyangfeng
/
sina-video
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5bb80ac7ad
Branches Tags
sina-video
/
app
/
middleware
/
Safe.php

Safe.php 3.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 
  1. <?php
    2. 

  2. 

  3. declare(strict_types=1);
    4. 

  4. 

  5. namespace app\middleware;
    6. 

  6. 

  7. use Closure;
    8. 

  8. use think\facade\Cache;
    9. 

  9. use think\facade\Log;
    10. 

  10. use think\Request;
    11. 

  11. use think\Response;
    12. 

  12. 

  13. class Safe
    14. 

  14. {
    15. 

  15.     public static $user = [];
    16. 

  16.     public static $body = [];
    17. 

  17.     /**
    18. 

  18.      * 处理请求
    19. 

  19.      *
    20. 

  20.      * @param Request $request
    21. 

  21.      * @param Closure $next
    22. 

  22.      * @return Response
    23. 

  23.      */
    24. 

  24.     public function handle(Request $request, Closure $next)
    25. 

  25.     {
    26. 

  26.         $referer = $_SERVER['HTTP_REFERER'] ?? '';
    27. 

  27.         // 非调试模式 开启referer检测
    28. 

  28.         if (empty(env('app_debug'))) {
    29. 

  29.             if (strpos($referer, env('weibo.referer')) === false) {
    30. 

  30.                 abort(
    31. 

  31.                     json(
    32. 

  32.                         [
    33. 

  33.                             'code' => 403,
    34. 

  34.                             'message' => 'not login.',
    35. 

  35.                         ]
    36. 

  36.                     )
    37. 

  37.                 );
    38. 

  38.                 return null;
    39. 

  39.             }
    40. 

  40.         }
    41. 

  41.         if (strpos(\think\facade\Request::url(), '/checkLogin') !== false) {
    42. 

  42.             return $next($request);
    43. 

  43.         }
    44. 

  44.         $token = $request->post('token', '');
    45. 

  45.         if (empty($token)) {
    46. 

  46.             abort(
    47. 

  47.                 json(
    48. 

  48.                     [
    49. 

  49.                         'code' => 403,
    50. 

  50.                         'message' => 'not login.',
    51. 

  51.                     ]
    52. 

  52.                 )
    53. 

  53.             );
    54. 

  54.             return null;
    55. 

  55.         }
    56. 

  56.         $user = json_decode(Cache::get('u:' . $token), true);
    57. 

  57.         if (empty($user)) {
    58. 

  58.             abort(
    59. 

  59.                 json(
    60. 

  60.                     [
    61. 

  61.                         'code' => 403,
    62. 

  62.                         'message' => 'not login.',
    63. 

  63.                     ]
    64. 

  64.                 )
    65. 

  65.             );
    66. 

  66.             return null;
    67. 

  67.         }
    68. 

  68.         // 简单检查token合法性,防止抓包拿到token放到代码里面跑
    69. 

  69.         $loginToken = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['HTTP_ACCEPT_ENCODING'] . $_SERVER['HTTP_ACCEPT_LANGUAGE'] . $_SERVER['HTTP_REFERER'] . get_client_ip(0) . $user['uid']);
    70. 

  70.         if ($loginToken != $token) {
    71. 

  71.             abort(
    72. 

  72.                 json(
    73. 

  73.                     [
    74. 

  74.                         'code' => 403,
    75. 

  75.                         'message' => 'bad user.',
    76. 

  76.                     ]
    77. 

  77.                 )
    78. 

  78.             );
    79. 

  79.             return null;
    80. 

  80.         }
    81. 

  81.         static::$user = $user;
    82. 

  82.         $body = $request->post('body');
    83. 

  83.         if (!empty($body)) {
    84. 

  84.             $tag = $request->post('tag');
    85. 

  85.             if (empty($tag)) {
    86. 

  86.                 abort(
    87. 

  87.                     json(
    88. 

  88.                         [
    89. 

  89.                             'code' => 500,
    90. 

  90.                             'message' => '参数错误.',
    91. 

  91.                         ]
    92. 

  92.                     )
    93. 

  93.                 );
    94. 

  94.                 return null;
    95. 

  95.             }
    96. 

  96.             $jsonText = openssl_decrypt(hex2bin($body), 'aes-256-gcm', hex2bin($user['aes_key']), 1, hex2bin($user['aes_iv']), hex2bin($tag));
    97. 

  97.             if (empty($jsonText)) {
    98. 

  98.                 abort(
    99. 

  99.                     json(
    100. 

  100.                         [
    101. 

  101.                             'code' => 500,
    102. 

  102.                             'message' => '参数错误.',
    103. 

  103.                         ]
    104. 

  104.                     )
    105. 

  105.                 );
    106. 

  106.                 return null;
    107. 

  107.             }
    108. 

  108.             Log::info("requestBody:" . $jsonText);
    109. 

  109.             static::$body = json_decode($jsonText, true);
    110. 

  110.             return $next($request);
    111. 

  111.         }
    112. 

  112.         return $next($request);
    113. 

  113.     }
    114. 

  114. }
    115.