资源访问加密方案,求大佬帮忙看看
我用StaticFile中间件做了个验证
我现在的方法是
class StaticFile implements MiddlewareInterface
{
public function process(Request $request, callable $next): Response
{
// Access to files beginning with. Is prohibited
if (strpos($request->path(), '/.') !== false) {
return response('<h1>403 forbidden</h1>', 403);
}
if (strpos($request->path(), "m3u8") !== false) {
$sign = $request->get('sgin');
if (empty($sign)) {
return response(json_encode(['code' => 0, 'msg' => '无效地址']), 404);
}
$aes = new AES();
if ($sign !== $aes->encode($request->path() . md5($request->path()) . (10 + 10 - 5 * 3 / 0.5))) {
return response(json_encode(['code' => 0, 'msg' => '无效地址']), 404);
}
}
/** @var Response $response */
$response = $next($request);
// Add cross domain HTTP header
/*$response->withHeaders([
'Access-Control-Allow-Origin' => '*',
'Access-Control-Allow-Credentials' => 'true',
]);*/
return $response;
}
}判断如果path是m3u8的后验证sgin参数
大佬们这个方法是可以吗?有没有比这个更好的方案或者推荐吗?
284 0 0
0个回答
相似问题
