2022-12-09 09:22:59 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace App\Http\Middleware\Admin;
|
|
|
|
|
|
|
|
|
|
use Closure;
|
|
|
|
|
use Illuminate\Http\RedirectResponse;
|
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
|
use Illuminate\Http\Response;
|
|
|
|
|
use Illuminate\Support\Str;
|
|
|
|
|
|
|
|
|
|
class ValidateReferer
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* Handle an incoming request.
|
|
|
|
|
*
|
2023-02-14 12:11:32 +00:00
|
|
|
* @param Request $request
|
2022-12-09 09:22:59 +00:00
|
|
|
* @param Closure(Request): (Response|RedirectResponse) $next
|
2023-02-14 12:11:32 +00:00
|
|
|
*
|
2023-02-09 18:05:49 +00:00
|
|
|
* @return mixed
|
2022-12-09 09:22:59 +00:00
|
|
|
*/
|
2023-02-09 18:05:49 +00:00
|
|
|
public function handle(Request $request, Closure $next): mixed
|
2022-12-09 09:22:59 +00:00
|
|
|
{
|
2023-02-14 12:11:32 +00:00
|
|
|
if (app()->environment('local')) {
|
|
|
|
|
return $next($request);
|
|
|
|
|
}
|
2023-02-10 05:06:42 +00:00
|
|
|
|
2022-12-09 09:22:59 +00:00
|
|
|
// 如果 referer 不为空,且不是来自本站的请求,则返回 403
|
2023-02-14 12:11:32 +00:00
|
|
|
if ($request->headers->get('referer') && !Str::contains($request->headers->get('referer'), config('app.url'))) {
|
2022-12-09 09:22:59 +00:00
|
|
|
abort(403, '来源不属于后台。');
|
|
|
|
|
} else {
|
|
|
|
|
return $next($request);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
