From d49745ff46af6810ff1be7911f94bf85c3efb9fb Mon Sep 17 00:00:00 2001 From: zhuchunshu Date: Thu, 12 Jan 2023 15:01:45 +0800 Subject: [PATCH] =?UTF-8?q?Fix:=E5=9C=A8cdn=E7=8A=B6=E6=80=81=E4=B8=8B,?= =?UTF-8?q?=E5=BC=82=E6=AD=A5=E4=B8=8A=E4=BC=A0=E6=96=87=E4=BB=B6=E5=A4=B1?= =?UTF-8?q?=E6=95=88=E7=9A=84Bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../resources/views/topic/create.blade.php | 1 + .../Comment/resources/views/topic/edit.blade.php | 1 + .../Topic/resources/views/create/basis.blade.php | 1 + .../Topic/resources/views/edit/basis.blade.php | 1 + app/Plugins/User/src/AuthGuard.php | 16 +++++++++++----- .../User/src/Middleware/LoginMiddleware.php | 3 ++- 6 files changed, 17 insertions(+), 6 deletions(-) diff --git a/app/Plugins/Comment/resources/views/topic/create.blade.php b/app/Plugins/Comment/resources/views/topic/create.blade.php index 5b8277337..58dc4e124 100644 --- a/app/Plugins/Comment/resources/views/topic/create.blade.php +++ b/app/Plugins/Comment/resources/views/topic/create.blade.php @@ -62,6 +62,7 @@ const formData = new FormData(); formData.append('file', blobInfo.blob(), blobInfo.filename()); formData.append('_token', csrf_token); + formData.append('_session', _token); axios.post("/user/upload/image",formData,{ 'Content-type' : 'multipart/form-data' }).then(function(r){ diff --git a/app/Plugins/Comment/resources/views/topic/edit.blade.php b/app/Plugins/Comment/resources/views/topic/edit.blade.php index b4645ec8d..fc8a3bf2f 100644 --- a/app/Plugins/Comment/resources/views/topic/edit.blade.php +++ b/app/Plugins/Comment/resources/views/topic/edit.blade.php @@ -69,6 +69,7 @@ const formData = new FormData(); formData.append('file', blobInfo.blob(), blobInfo.filename()); formData.append('_token', csrf_token); + formData.append('_session', _token); axios.post("/user/upload/image",formData,{ 'Content-type' : 'multipart/form-data' }).then(function(r){ diff --git a/app/Plugins/Topic/resources/views/create/basis.blade.php b/app/Plugins/Topic/resources/views/create/basis.blade.php index e36924fe6..56662c271 100644 --- a/app/Plugins/Topic/resources/views/create/basis.blade.php +++ b/app/Plugins/Topic/resources/views/create/basis.blade.php @@ -71,6 +71,7 @@ const formData = new FormData(); formData.append('file', blobInfo.blob(), blobInfo.filename()); formData.append('_token', csrf_token); + formData.append('_session', _token); axios.post("/user/upload/image",formData,{ 'Content-type' : 'multipart/form-data' }).then(function(r){ diff --git a/app/Plugins/Topic/resources/views/edit/basis.blade.php b/app/Plugins/Topic/resources/views/edit/basis.blade.php index e067b39e3..65218cf4f 100644 --- a/app/Plugins/Topic/resources/views/edit/basis.blade.php +++ b/app/Plugins/Topic/resources/views/edit/basis.blade.php @@ -40,6 +40,7 @@ const formData = new FormData(); formData.append('file', blobInfo.blob(), blobInfo.filename()); formData.append('_token', csrf_token); + formData.append('_session', _token); axios.post("/user/upload/image",formData,{ 'Content-type' : 'multipart/form-data' }).then(function(r){ diff --git a/app/Plugins/User/src/AuthGuard.php b/app/Plugins/User/src/AuthGuard.php index 6f209033d..f23c38098 100644 --- a/app/Plugins/User/src/AuthGuard.php +++ b/app/Plugins/User/src/AuthGuard.php @@ -8,7 +8,6 @@ * @contact laravel@88.com * @license https://github.com/zhuchunshu/super-forum/blob/master/LICENSE */ - namespace App\Plugins\User\src; use App\Plugins\User\src\Models\UsersAuth; @@ -44,20 +43,27 @@ public function logout(): bool 'user_id' => $this->user()->getId(), 'token' => session()->get('AUTH_TOKEN'), ])->delete(); - return (bool)$this->session->remove($this->sessionKey()) && $this->session->remove('AUTH_TOKEN'); + return (bool) $this->session->remove($this->sessionKey()) && $this->session->remove('AUTH_TOKEN'); } - public function check(): bool + public function check(string $token = null): bool { try { - return $this->user() instanceof Authenticatable && call_user_func(function () { + return $this->user() instanceof Authenticatable && call_user_func(function () use ($token) { + if ($token === null) { return UsersAuth::query()->where([ 'user_id' => $this->user()->getId(), 'user_ip' => get_client_ip(), 'token' => session()->get('AUTH_TOKEN'), 'user_agent' => get_user_agent(), ])->exists(); - }) === true; + } + return UsersAuth::query()->where([ + 'user_id' => $this->user()->getId(), + 'token' => session()->get('AUTH_TOKEN'), + 'user_agent' => get_user_agent(), + ])->exists(); + }) === true; } catch (AuthException $exception) { return false; } diff --git a/app/Plugins/User/src/Middleware/LoginMiddleware.php b/app/Plugins/User/src/Middleware/LoginMiddleware.php index 8a1d24b8a..ec56b0a65 100755 --- a/app/Plugins/User/src/Middleware/LoginMiddleware.php +++ b/app/Plugins/User/src/Middleware/LoginMiddleware.php @@ -34,7 +34,8 @@ public function __construct(ContainerInterface $container) public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface { - if (! auth()->check()) { + $token = request()->input('_session', null); + if (! auth()->check($token)) { throw new UnauthorizedException('Without authorization'); }