refactor(actions): complete admin request/csrf guard centralization

This commit is contained in:
2026-04-24 19:00:13 +02:00
parent 5e705f780d
commit d7b73fcefe
18 changed files with 464 additions and 67 deletions

View File

@@ -3,11 +3,13 @@
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Settings\SettingsSessionGateway;
use MintyPHP\Session;
if ((requestInput()->method()) !== 'POST') {
http_response_code(405);
Router::json(['ok' => false, 'error' => 'method_not_allowed']);
if (!actionRequirePost(
'admin',
jsonAware: true,
jsonPayload: ['ok' => false, 'error' => 'method_not_allowed'],
forceJson: true
)) {
return;
}
@@ -20,9 +22,15 @@ if ($currentUserId <= 0) {
return;
}
if (!Session::checkCsrfToken()) {
http_response_code(403);
Router::json(['ok' => false, 'error' => 'csrf']);
if (!actionRequireCsrf(
'admin',
jsonAware: true,
jsonStatusCode: 403,
jsonPayload: ['ok' => false, 'error' => 'csrf'],
flashOnFailure: false,
redirectOnFailure: false,
forceJson: true
)) {
return;
}