public function run()
{
$open = Config::get('csrf.open');
//服务器令牌数据
$token = Session::get('csrf_token');
//不存在时创建令牌
if ($open && !$token) {
Session::set('csrf_token', md5(clientIp() . microtime(true)));
}
//令牌检测
if ($open && $token && Request::post() && Request::isDomain()) {
if (Request::post('csrf_token') != $token) {
//存在过滤的验证时忽略验证
$except = c('csrf.except');
foreach ((array) $except as $f) {
if (preg_match("@{$f}@", __URL__)) {
return;
}
}
throw new \Exception('CSRF 令牌验证失败');
}
}
}
