我用StaticFile中間件做了個驗證

我現(xiàn)在的方法是

class StaticFile implements MiddlewareInterface
{
    public function process(Request $request, callable $next): Response
    {
        // Access to files beginning with. Is prohibited
        if (strpos($request->path(), '/.') !== false) {
            return response('<h1>403 forbidden</h1>', 403);
        }

        if (strpos($request->path(), "m3u8") !== false) {
            $sign = $request->get('sgin');
            if (empty($sign)) {
                return response(json_encode(['code' => 0, 'msg' => '無效地址']), 404);
            }
            $aes = new AES();
            if ($sign !== $aes->encode($request->path() . md5($request->path()) . (10 + 10 - 5 * 3 / 0.5))) {
                return response(json_encode(['code' => 0, 'msg' => '無效地址']), 404);
            }
        }

        /** @var Response $response */
        $response = $next($request);
        // Add cross domain HTTP header
        /*$response->withHeaders([
            'Access-Control-Allow-Origin'      => '*',
            'Access-Control-Allow-Credentials' => 'true',
        ]);*/
        return $response;
    }
}

判斷如果path是m3u8的后驗證sgin參數(shù)

大佬們這個方法是可以嗎？有沒有比這個更好的方案或者推薦嗎?