|
|
@@ -29,7 +29,8 @@ class FacebookService implements SmmPlatformInterface
|
|
|
// 实现Facebook登录逻辑
|
|
|
$helper = $this->fb->getRedirectLoginHelper();
|
|
|
$permissions = ['public_profile','email'];
|
|
|
- $distSiteUrl = env('DIST_SITE_URL');
|
|
|
+ $state = $helper->getPseudoRandomString(16); // Generate a random state
|
|
|
+ session(['facebook_oauth_state' => $state]); // Store in Laravel session
|
|
|
$loginUrl = $helper->getLoginUrl(env('DIST_SITE_URL').'/open/callback/facebook', $permissions);
|
|
|
return ['status'=>true, 'data' => ['url'=>$loginUrl]];
|
|
|
}
|
|
|
@@ -43,6 +44,14 @@ class FacebookService implements SmmPlatformInterface
|
|
|
{
|
|
|
// 实现Facebook回调处理
|
|
|
$helper = $this->fb->getRedirectLoginHelper();
|
|
|
+ // Validate the state parameter
|
|
|
+ $storedState = session('facebook_oauth_state');
|
|
|
+ $returnedState = $request->input('state');
|
|
|
+
|
|
|
+ if (!$storedState || $storedState !== $returnedState) {
|
|
|
+ return ['status' => false, 'data' => 'CSRF validation failed: State parameter mismatch'];
|
|
|
+ }
|
|
|
+
|
|
|
try {
|
|
|
$accessToken = $helper->getAccessToken();
|
|
|
} catch (Facebook\Exceptions\FacebookResponseException $e) {
|
