refactor(actions): complete admin request/csrf guard centralization
This commit is contained in:
@@ -3,11 +3,13 @@
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Settings\SettingsSessionGateway;
|
||||
use MintyPHP\Session;
|
||||
|
||||
if ((requestInput()->method()) !== 'POST') {
|
||||
http_response_code(405);
|
||||
Router::json(['ok' => false, 'error' => 'method_not_allowed']);
|
||||
if (!actionRequirePost(
|
||||
'admin',
|
||||
jsonAware: true,
|
||||
jsonPayload: ['ok' => false, 'error' => 'method_not_allowed'],
|
||||
forceJson: true
|
||||
)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -20,9 +22,15 @@ if ($currentUserId <= 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!Session::checkCsrfToken()) {
|
||||
http_response_code(403);
|
||||
Router::json(['ok' => false, 'error' => 'csrf']);
|
||||
if (!actionRequireCsrf(
|
||||
'admin',
|
||||
jsonAware: true,
|
||||
jsonStatusCode: 403,
|
||||
jsonPayload: ['ok' => false, 'error' => 'csrf'],
|
||||
flashOnFailure: false,
|
||||
redirectOnFailure: false,
|
||||
forceJson: true
|
||||
)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user