1. 代理接口添加访问限制（仅后台设置的安全域名可以调用代理接口）

shinn-lancelot · Sep 8, 2018 · f3d53d0 · f3d53d0
1 parent ceee6e7
commit f3d53d0
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/index.php b/index.php
@@ -3,6 +3,16 @@
 use WechatOauthProxy\WechatOauth;
 require __DIR__ . '/WechatOauthProxy/WechatOauth.php';
 
+// 限制来源
+$referer =  getReferer();
+$domain = $referer != '' ? parse_url($referer)['host'] : '';
+$domain || exit('禁止访问！');
+$file = './common/domainName.json';
+if (file_exists($file)) {
+    $domainNameArr = json_decode(file_get_contents($file), true);
+    count($domainNameArr) > 0 && !in_array($domain, $domainNameArr) && exit('禁止访问！代理接口安全域名校验出错！');
+}
+
 $code = $_GET['code'];
 $proxyScope = $_REQUEST['proxy_scope'];
 $proxyScope = $proxyScope ? $proxyScope : 'code';    // 代理操作作用域，默认仅获取code 'code':仅获取code 'access_token':获取access_token及openid
@@ -16,7 +26,7 @@
         $mark = strpos($redirectUri, '?') === false ? '?' : '';
         header('Location:' . $redirectUri . $mark . '&code=' . $code . '&state=' . $state);
     } else {
-        exit('授权登录失败，请退出重试');
+        exit('授权登录失败，请退出重试！');
     }
 }
 
@@ -109,7 +119,7 @@
             $mark = strpos($redirectUri, '?') === false ? '?' : '';
             header('Location:' . $redirectUri . $mark . '&access_token=' . $res['access_token'] . '&openid=' . $openid);
         } else {
-            exit('授权登录失败，请退出重试');
+            exit('授权登录失败，请退出重试！');
         }
     }
 }
@@ -139,4 +149,9 @@ function getNonceStr($length = 32)
         $str .= substr($chars, mt_rand(0, strlen($chars)-1), 1);
     }
     return $str;
+}
+
+function getReferer()
+{
+    return isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
 }