改进 Token 授权

2023-02-17 21:18:58 +08:00 · 2023-02-17 21:18:58 +08:00 · 0336cae537
commit 0336cae537
parent 05c79188cc
2 changed files with 22 additions and 14 deletions
--- a/app/Http/Controllers/Web/AuthController.php
+++ b/app/Http/Controllers/Web/AuthController.php
@ -38,15 +38,13 @@ public function index(Request $request): View|RedirectResponse
                        return redirect()->route('real_name.create')->with('status', '重定向已被打断，需要先实人认证。');
                    }

-                    $requestHost = parse_url($request->header('referer'), PHP_URL_HOST);
-
-                    $token = $request->user()->createToken('Dashboard', [
-                        'domain-access:'.$requestHost,
-                    ])->plainTextToken;
+                    $token = $request->user()->createToken('Dashboard')->plainTextToken;

                    return redirect($callback.'?token='.$token);
                }

+                session(['referer.domain' => parse_url($request->header('referer'), PHP_URL_HOST)]);
+
                return redirect()->route('confirm_redirect');
            } else {
                // url.intended 存放当前页面 URL
@ -63,7 +61,9 @@ public function confirm_redirect(Request $request): View
    {
        $callback = $request->callback ?? session('callback');

-        return view('confirm_redirect', compact('callback'));
+        $referer_host = session('referer.domain');
+
+        return view('confirm_redirect', compact('callback', 'referer_host'));
    }

    public function update(Request $request): RedirectResponse
@ -91,11 +91,6 @@ public function newToken(Request $request): RedirectResponse
        $abilities = [];

        if ($request->has('domain')) {
-            // 检测是不是一个合格的域名
-            if (! preg_match('/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/', $request->input('domain'))) {
-                return back()->with('error', '域名格式不正确。');
-            }
-
            $abilities = ['domain-access:'.$request->input('domain')];
        }

--- a/resources/views/confirm_redirect.blade.php
+++ b/resources/views/confirm_redirect.blade.php
@ -8,16 +8,25 @@

        @if(session('token'))

-            <h3>带你去目标站点...</h3>
+            <div style="height: 80vh; display: flex" class="justify-content-center align-items-center">
+                <div>
+                    <i class="bi bi-back" style="font-size: 10rem"></i>
+                    <br/>
+                    <p class="text-center fs-3">
+                        正在返回
+                    </p>
+                </div>
+            </div>

            @php
                session()->forget('callback');
+                session()->forget('referer.domain');
            @endphp

            <script>
                setTimeout(function () {
                    window.location.href = "{{ $callback . '?token=' . session('token')}}";
-                }, 1000);
+                }, 100);
            </script>
        @else

@ -26,11 +35,15 @@

            <p>您点击"好"后，您将前往这个地址: <code>{{ $callback }}</code>。</p>

-
            <form action="{{ route('token.new') }}" name="newToken" method="POST">
                @csrf
                <input type="hidden" name="name" placeholder="Token 名字"
                       value="自动登录 - {{ date('Y-m-d H:i:s') }}"/>
+
+                @if($referer_host)
+                    <input type="hidden" name="domain" value="{{ $referer_host }}"/>
+                @endif
+
                <button type="submit" class="btn btn-primary">授权</button>

                <a href="/" class="btn btn-danger">不</a>