mojiahui/webman-buildadmin
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6d3711e1db7ff6a551ae1a2f4a8fc8e782ad3cc2
webman-buildadmin/app/common/middleware/AllowCrossDomain.php
zhenhui cfe5ec6fb0 API接口 
1.新增鉴权接口/api/v1/authToken
2.修复注册,登录,获取首页初始化数据,获取用户信息接口报错
2026-04-16 18:42:44 +08:00

95 lines
3.2 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
declare(strict_types=1);
namespace app\common\middleware;
use Webman\MiddlewareInterface;
use Webman\Http\Request;
use Webman\Http\Response;
/**
* 跨域请求支持Webman 迁移版)
* 安全起见,只支持配置中的域名
*/
class AllowCrossDomain implements MiddlewareInterface
{
protected array $header = [
'Access-Control-Allow-Credentials' => 'true',
'Access-Control-Max-Age' => '1800',
'Access-Control-Allow-Methods' => '*',
'Access-Control-Allow-Headers' => '*',
];
/**
* 返回 CORS 预检OPTIONS响应供路由直接调用Webman 未匹配路由时不走中间件)
*/
public static function optionsResponse(Request $request): Response
{
$header = [
'Access-Control-Allow-Credentials' => 'true',
'Access-Control-Max-Age' => '1800',
'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
'Access-Control-Allow-Headers' => 'Content-Type, Authorization, batoken, ba-user-token, user-token, access-token, think-lang, server',
];
$origin = $request->header('origin');
if (is_array($origin)) {
$origin = $origin[0] ?? '';
}
$origin = is_string($origin) ? trim($origin) : '';
if ($origin !== '') {
$info = parse_url($origin);
$host = $info['host'] ?? '';
$corsDomain = array_map('trim', explode(',', config('buildadmin.cors_request_domain', '')));
$corsDomain[] = $request->host(true);
$allowed = in_array('*', $corsDomain)
|| in_array($origin, $corsDomain)
|| in_array($host, $corsDomain)
|| ($host === 'localhost' || $host === '127.0.0.1');
if ($allowed) {
$header['Access-Control-Allow-Origin'] = $origin;
}
}
return response('', 204, $header);
}
public function process(Request $request, callable $handler): Response
{
$path = trim($request->path(), '/');
if (!str_starts_with($path, 'api/') && !str_starts_with($path, 'admin/')) {
return $handler($request);
}
$header = $this->header;
$origin = $request->header('origin');
if (is_array($origin)) {
$origin = $origin[0] ?? '';
}
$origin = is_string($origin) ? trim($origin) : '';
if ($origin !== '') {
$info = parse_url($origin);
$host = $info['host'] ?? '';
$corsDomain = array_map('trim', explode(',', config('buildadmin.cors_request_domain', '')));
$corsDomain[] = $request->host(true);
$allowed = in_array('*', $corsDomain)
|| in_array($origin, $corsDomain)
|| in_array($host, $corsDomain)
|| ($host === 'localhost' || $host === '127.0.0.1');
if ($allowed) {
$header['Access-Control-Allow-Origin'] = $origin;
}
}
if ($request->method() === 'OPTIONS') {
return response('', 204, $header);
}
$response = $handler($request);
return $response->withHeaders($header);
}
}
Reference in New Issue View Git Blame Copy Permalink