资源访问加密方案,求大佬帮忙看看

aspire

我用StaticFile中间件做了个验证

我现在的方法是

class StaticFile implements MiddlewareInterface
{
    public function process(Request $request, callable $next): Response
    {
        // Access to files beginning with. Is prohibited
        if (strpos($request->path(), '/.') !== false) {
            return response('<h1>403 forbidden</h1>', 403);
        }

        if (strpos($request->path(), "m3u8") !== false) {
            $sign = $request->get('sgin');
            if (empty($sign)) {
                return response(json_encode(['code' => 0, 'msg' => '无效地址']), 404);
            }
            $aes = new AES();
            if ($sign !== $aes->encode($request->path() . md5($request->path()) . (10 + 10 - 5 * 3 / 0.5))) {
                return response(json_encode(['code' => 0, 'msg' => '无效地址']), 404);
            }
        }

        /** @var Response $response */
        $response = $next($request);
        // Add cross domain HTTP header
        /*$response->withHeaders([
            'Access-Control-Allow-Origin'      => '*',
            'Access-Control-Allow-Credentials' => 'true',
        ]);*/
        return $response;
    }
}

判断如果path是m3u8的后验证sgin参数

大佬们这个方法是可以吗?有没有比这个更好的方案或者推荐吗?

589 0 0
0个回答

年代过于久远,无法发表回答
×
🔝