refactor(actions): complete admin request/csrf guard centralization
This commit is contained in:
@@ -50,16 +50,22 @@ function flashFormErrors(FormErrors $errors, ?string $scope = null, string $keyP
|
||||
function actionRequirePost(
|
||||
string $redirect,
|
||||
bool $jsonAware = false,
|
||||
string $jsonError = 'method_not_allowed'
|
||||
string $jsonError = 'method_not_allowed',
|
||||
int $jsonStatusCode = 405,
|
||||
array $jsonPayload = [],
|
||||
bool $forceJson = false
|
||||
): bool {
|
||||
if (requestInput()->isMethod('POST')) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($jsonAware && Request::wantsJson()) {
|
||||
if ($jsonAware && ($forceJson || Request::wantsJson())) {
|
||||
header('Allow: POST');
|
||||
http_response_code(405);
|
||||
Router::json(['error' => trim($jsonError) !== '' ? trim($jsonError) : 'method_not_allowed']);
|
||||
http_response_code($jsonStatusCode);
|
||||
$payload = $jsonPayload !== []
|
||||
? $jsonPayload
|
||||
: ['error' => trim($jsonError) !== '' ? trim($jsonError) : 'method_not_allowed'];
|
||||
Router::json($payload);
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -79,15 +85,21 @@ function actionRequireCsrf(
|
||||
bool $jsonAware = false,
|
||||
string $jsonError = 'csrf',
|
||||
bool $flashOnFailure = true,
|
||||
bool $redirectOnFailure = true
|
||||
bool $redirectOnFailure = true,
|
||||
int $jsonStatusCode = 400,
|
||||
array $jsonPayload = [],
|
||||
bool $forceJson = false
|
||||
): bool {
|
||||
if (Session::checkCsrfToken()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($jsonAware && Request::wantsJson()) {
|
||||
http_response_code(400);
|
||||
Router::json(['error' => trim($jsonError) !== '' ? trim($jsonError) : 'csrf']);
|
||||
if ($jsonAware && ($forceJson || Request::wantsJson())) {
|
||||
http_response_code($jsonStatusCode);
|
||||
$payload = $jsonPayload !== []
|
||||
? $jsonPayload
|
||||
: ['error' => trim($jsonError) !== '' ? trim($jsonError) : 'csrf'];
|
||||
Router::json($payload);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user