refactor(actions): complete admin request/csrf guard centralization
This commit is contained in:
@@ -1,22 +1,32 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
|
||||
header('Content-Type: application/json; charset=utf-8');
|
||||
|
||||
if (requestInput()->method() !== 'POST') {
|
||||
http_response_code(405);
|
||||
echo json_encode(['ok' => false, 'error' => 'Method not allowed']);
|
||||
if (!actionRequirePost(
|
||||
'admin/tenants',
|
||||
jsonAware: true,
|
||||
jsonError: 'Method not allowed',
|
||||
jsonPayload: ['ok' => false, 'error' => 'Method not allowed'],
|
||||
forceJson: true
|
||||
)) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!Session::checkCsrfToken()) {
|
||||
http_response_code(403);
|
||||
echo json_encode(['ok' => false, 'error' => 'CSRF token invalid']);
|
||||
if (!actionRequireCsrf(
|
||||
'admin/tenants',
|
||||
jsonAware: true,
|
||||
jsonError: 'CSRF token invalid',
|
||||
jsonStatusCode: 403,
|
||||
jsonPayload: ['ok' => false, 'error' => 'CSRF token invalid'],
|
||||
flashOnFailure: false,
|
||||
redirectOnFailure: false,
|
||||
forceJson: true
|
||||
)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user