github/dootask
1
0
Fork 0
mirror of https://github.com/kuaifan/dootask.git synced 2026-06-12 10:22:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
dootask/app/Http/Middleware/WebApi.php
kuaifan 20c3fa91fb refactor(https): 协议识别下沉到 nginx,TrustProxies 只信 X-Forwarded-Proto 
- nginx 经 APP_SCHEME 环境变量(envsubst 模板)统一控制 X-Forwarded-Proto
- TrustProxies 信任内网代理但仅采信 X-Forwarded-Proto,防 Host 注入
- 移除 WebApi 中间件的硬编码强制 https
- getSchemeAndHost 优先用当前请求 scheme/host,保留非请求上下文兜底
- cmd https 切换后改用 compose up -d 重建 nginx 容器使 envsubst 生效

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 01:52:38 +00:00

83 lines
2.3 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Middleware;
@error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);
use App\Module\Base;
use App\Module\Doo;
use App\Services\RequestContext;
use Cache;
use Closure;
class WebApi
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// 记录请求信息
RequestContext::set('start_time', microtime(true));
RequestContext::set('header_language', $request->header('language'));
// 更新请求的基本URL
RequestContext::updateBaseUrl($request);
// 加载Doo类
Doo::load();
// 记录 PC 端活跃时间
$userid = Doo::userId();
if ($userid > 0 && Base::isPc()) {
Cache::put("user_pc_active:{$userid}", time(), 60);
}
// 解密请求内容
$encrypt = Doo::pgpParseStr($request->header('encrypt'));
if ($request->isMethod('post')) {
$version = $request->header('version');
if ($version && version_compare($version, '0.25.48', '<')) {
// 旧版本兼容 php://input
parse_str($request->getContent(), $content);
if ($content) {
$request->merge($content);
}
} elseif ($encrypt['encrypt_type'] === 'pgp' && $content = $request->input('encrypted')) {
// 新版本解密提交的内容
$content = Doo::pgpDecryptApi($content, $encrypt['encrypt_id']);
if ($content) {
$request->merge($content);
}
}
}
// 执行下一个中间件
$response = $next($request);
// 加密返回内容
if ($encrypt['client_type'] === 'pgp' && $content = $response->getContent()) {
$content = Doo::pgpEncryptApi($content, $encrypt['client_key']);
if ($content) {
$response->setContent(json_encode(['encrypted' => $content]));
}
}
// 返回响应
return $response;
}
/**
* @return void
*/
public function terminate()
{
// 请求结束后清理上下文
RequestContext::clean();
}
}
Reference in New Issue View Git Blame Copy Permalink