refactor(actions): complete admin request/csrf guard centralization

This commit is contained in:
2026-04-24 19:00:13 +02:00
parent 5e705f780d
commit d7b73fcefe
18 changed files with 464 additions and 67 deletions

View File

@@ -4,14 +4,29 @@ use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Service\User\UserAccessTemplateService;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
if (!Session::checkCsrfToken()) {
Router::json(['ok' => false, 'error' => 'csrf_expired']);
if (!actionRequirePost(
'admin/users',
jsonAware: true,
jsonPayload: ['ok' => false, 'error' => 'method_not_allowed'],
forceJson: true
)) {
return;
}
if (!actionRequireCsrf(
'admin/users',
jsonAware: true,
jsonStatusCode: 200,
jsonPayload: ['ok' => false, 'error' => 'csrf_expired'],
flashOnFailure: false,
redirectOnFailure: false,
forceJson: true
)) {
return;
}