withRouting( web: __DIR__.'/../routes/web.php', commands: __DIR__.'/../routes/console.php', channels: __DIR__.'/../routes/channels.php', health: '/up', ) ->withMiddleware(function (Middleware $middleware) { // 强制解析并信任 CDN (如 Cloudflare) 透传的真实 IP (最高优先级) $middleware->prepend(\App\Http\Middleware\CloudflareProxies::class); // 信任所有代理转发头（腾讯 EdgeCDN HTTPS 回源 HTTP 场景） // CDN 携带 X-Forwarded-Proto: https，Laravel 据此将请求识别为 HTTPS，url()/route() 生成正确的 https:// 链接 $middleware->trustProxies(at: '*'); $middleware->alias([ 'chat.auth' => \App\Http\Middleware\ChatAuthenticate::class, 'chat.level' => \App\Http\Middleware\LevelRequired::class, 'chat.site_owner' => \App\Http\Middleware\SiteOwnerRequired::class, 'chat.has_position' => \App\Http\Middleware\HasActivePosition::class, ]); // 这一步是为了防止用户访问需要登录的页面时，默认被跳到原版 Laravel 未定义的 login 路由报错 $middleware->redirectGuestsTo('/'); }) ->withExceptions(function (Exceptions $exceptions): void { // 聊天室 AJAX 接口：CSRF token 过期（419）时，返回 JSON 提示而非重定向 // 防止浏览器收到 302 后以 GET 方式重请求只允许 POST 的路由，产生 405 错误 $exceptions->render(function (\Illuminate\Session\TokenMismatchException $e, \Illuminate\Http\Request $request) { if ($request->is('room/*/send', 'room/*/heartbeat', 'room/*/leave', 'room/*/announcement', 'gift/*', 'command/*', 'chatbot/*', 'shop/*')) { return response()->json([ 'status' => 'error', 'message' => '页面已过期，请刷新后重试。', ], 419); } }); })->create();