ivampiresp/Lae
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

改进 Token 授权

Browse Source
This commit is contained in:
iVampireSP.com 2023-02-17 21:18:58 +08:00
parent 05c79188cc
commit 0336cae537
No known key found for this signature in database
GPG Key ID: 2F7B001CA27A8132
2 changed files with 22 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Controllers/Web/AuthController.php
View File

@ -38,15 +38,13 @@ public function index(Request $request): View|RedirectResponse
return redirect()->route('real_name.create')->with('status', '重定向已被打断,需要先实人认证。'); return redirect()->route('real_name.create')->with('status', '重定向已被打断,需要先实人认证。');
} }
$requestHost = parse_url($request->header('referer'), PHP_URL_HOST); $token = $request->user()->createToken('Dashboard')->plainTextToken;
$token = $request->user()->createToken('Dashboard', [
'domain-access:'.$requestHost,
])->plainTextToken;
return redirect($callback.'?token='.$token); return redirect($callback.'?token='.$token);
} }
session(['referer.domain' => parse_url($request->header('referer'), PHP_URL_HOST)]);
return redirect()->route('confirm_redirect'); return redirect()->route('confirm_redirect');
} else { } else {
// url.intended 存放当前页面 URL // url.intended 存放当前页面 URL
@ -63,7 +61,9 @@ public function confirm_redirect(Request $request): View
{ {
$callback = $request->callback ?? session('callback'); $callback = $request->callback ?? session('callback');
return view('confirm_redirect', compact('callback')); $referer_host = session('referer.domain');
return view('confirm_redirect', compact('callback', 'referer_host'));
} }
public function update(Request $request): RedirectResponse public function update(Request $request): RedirectResponse
@ -91,11 +91,6 @@ public function newToken(Request $request): RedirectResponse
$abilities = []; $abilities = [];
if ($request->has('domain')) { if ($request->has('domain')) {
// 检测是不是一个合格的域名
if (! preg_match('/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/', $request->input('domain'))) {
return back()->with('error', '域名格式不正确。');
}
$abilities = ['domain-access:'.$request->input('domain')]; $abilities = ['domain-access:'.$request->input('domain')];
} }

19
resources/views/confirm_redirect.blade.php
View File

@ -8,16 +8,25 @@
@if(session('token')) @if(session('token'))
<h3>带你去目标站点...</h3> <div style="height: 80vh; display: flex" class="justify-content-center align-items-center">
<div>
<i class="bi bi-back" style="font-size: 10rem"></i>
<br/>
<p class="text-center fs-3">
正在返回
</p>
</div>
</div>
@php @php
session()->forget('callback'); session()->forget('callback');
session()->forget('referer.domain');
@endphp @endphp
<script> <script>
setTimeout(function () { setTimeout(function () {
window.location.href = "{{ $callback . '?token=' . session('token')}}"; window.location.href = "{{ $callback . '?token=' . session('token')}}";
}, 1000); }, 100);
</script> </script>
@else @else
@ -26,11 +35,15 @@
<p>您点击""后,您将前往这个地址: <code>{{ $callback }}</code></p> <p>您点击""后,您将前往这个地址: <code>{{ $callback }}</code></p>
<form action="{{ route('token.new') }}" name="newToken" method="POST"> <form action="{{ route('token.new') }}" name="newToken" method="POST">
@csrf @csrf
<input type="hidden" name="name" placeholder="Token 名字" <input type="hidden" name="name" placeholder="Token 名字"
value="自动登录 - {{ date('Y-m-d H:i:s') }}"/> value="自动登录 - {{ date('Y-m-d H:i:s') }}"/>
@if($referer_host)
<input type="hidden" name="domain" value="{{ $referer_host }}"/>
@endif
<button type="submit" class="btn btn-primary">授权</button> <button type="submit" class="btn btn-primary">授权</button>
<a href="/" class="btn btn-danger"></a> <a href="/" class="btn btn-danger"></a>