ivampiresp/Lae
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

改进 登录请求

Browse Source
This commit is contained in:
iVampireSP.com 2023-02-27 19:24:31 +08:00
parent 0fa462b130
commit f638b2d0c8
No known key found for this signature in database
GPG Key ID: 2F7B001CA27A8132
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/Http/Controllers/Public/AuthRequestController.php
View File

@ -19,6 +19,18 @@ public function store(Request $request): JsonResponse
'return_url' => 'nullable|url', 'return_url' => 'nullable|url',
]); ]);
if ($request->filled('return_url') && $request->hasHeader('referer')) {
// 如果有 referer检查是否和来源域名一致
$referer = parse_url($request->header('referer'), PHP_URL_HOST);
// return url 的域名
$returnUrl = parse_url($request->input('return_url'), PHP_URL_HOST);
if ($referer !== $returnUrl) {
return $this->error('来源域名不匹配。');
}
}
$token = Str::random(128); $token = Str::random(128);
$data = [ $data = [

7
app/Http/Controllers/Web/AuthController.php
View File

@ -174,12 +174,7 @@ public function storeAuthRequest(Request $request): RedirectResponse|View
Cache::put('auth_request:'.$request->input('token'), $data, 60); Cache::put('auth_request:'.$request->input('token'), $data, 60);
if (isset($data['meta']['return_url']) && $data['meta']['return_url']) { if (isset($data['meta']['return_url']) && $data['meta']['return_url']) {
session()->put('callback', $data['meta']['return_url']); return redirect()->to($data['meta']['return_url'].'?auth_request='.$request->input('token'));
return view('confirm_redirect', [
'token' => $data['meta']['token'],
'callback' => $data['meta']['return_url'],
]);
} }
return redirect()->route('index')->with('success', '登录请求已确认。'); return redirect()->route('index')->with('success', '登录请求已确认。');