webman迁移

2026-03-08 23:57:47 +08:00
parent 3c67427bbb
commit 699761aad2
19 changed files with 145 additions and 41 deletions
--- a/dafuweng-webman/app/common/middleware/AllowCrossDomain.php
+++ b/dafuweng-webman/app/common/middleware/AllowCrossDomain.php
@@ -21,6 +21,38 @@ class AllowCrossDomain implements MiddlewareInterface
        'Access-Control-Allow-Headers'     => '*',
    ];

+    /**
+     * 返回 CORS 预检（OPTIONS）响应，供路由直接调用（Webman 未匹配路由时不走中间件）
+     */
+    public static function optionsResponse(Request $request): Response
+    {
+        $header = [
+            'Access-Control-Allow-Credentials' => 'true',
+            'Access-Control-Max-Age'            => '1800',
+            'Access-Control-Allow-Methods'      => 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
+            'Access-Control-Allow-Headers'      => 'Content-Type, Authorization, batoken, ba-user-token, think-lang',
+        ];
+        $origin = $request->header('origin');
+        if (is_array($origin)) {
+            $origin = $origin[0] ?? '';
+        }
+        $origin = is_string($origin) ? trim($origin) : '';
+        if ($origin !== '') {
+            $info = parse_url($origin);
+            $host = $info['host'] ?? '';
+            $corsDomain = array_map('trim', explode(',', config('buildadmin.cors_request_domain', '')));
+            $corsDomain[] = $request->host(true);
+            $allowed = in_array('*', $corsDomain)
+                || in_array($origin, $corsDomain)
+                || in_array($host, $corsDomain)
+                || ($host === 'localhost' || $host === '127.0.0.1');
+            if ($allowed) {
+                $header['Access-Control-Allow-Origin'] = $origin;
+            }
+        }
+        return response('', 204, $header);
+    }
+
    public function process(Request $request, callable $handler): Response
    {
        $path = trim($request->path(), '/');
@@ -31,16 +63,23 @@ class AllowCrossDomain implements MiddlewareInterface
        $header = $this->header;

        $origin = $request->header('origin');
-        if ($origin) {
+        if (is_array($origin)) {
+            $origin = $origin[0] ?? '';
+        }
+        $origin = is_string($origin) ? trim($origin) : '';
+
+        if ($origin !== '') {
            $info = parse_url($origin);
-            $corsDomain = explode(',', config('buildadmin.cors_request_domain', ''));
+            $host = $info['host'] ?? '';
+            $corsDomain = array_map('trim', explode(',', config('buildadmin.cors_request_domain', '')));
            $corsDomain[] = $request->host(true);

-            if (
-                in_array('*', $corsDomain)
+            $allowed = in_array('*', $corsDomain)
                || in_array($origin, $corsDomain)
-                || (isset($info['host']) && in_array($info['host'], $corsDomain))
-            ) {
+                || in_array($host, $corsDomain)
+                || ($host === 'localhost' || $host === '127.0.0.1');
+
+            if ($allowed) {
                $header['Access-Control-Allow-Origin'] = $origin;
            }
        }