refactor(actions): complete admin request/csrf guard centralization
This commit is contained in:
@@ -4,14 +4,29 @@ use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\UserAuthorizationPolicy;
|
||||
use MintyPHP\Service\User\UserAccessTemplateService;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
|
||||
if (!Session::checkCsrfToken()) {
|
||||
Router::json(['ok' => false, 'error' => 'csrf_expired']);
|
||||
if (!actionRequirePost(
|
||||
'admin/users',
|
||||
jsonAware: true,
|
||||
jsonPayload: ['ok' => false, 'error' => 'method_not_allowed'],
|
||||
forceJson: true
|
||||
)) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!actionRequireCsrf(
|
||||
'admin/users',
|
||||
jsonAware: true,
|
||||
jsonStatusCode: 200,
|
||||
jsonPayload: ['ok' => false, 'error' => 'csrf_expired'],
|
||||
flashOnFailure: false,
|
||||
redirectOnFailure: false,
|
||||
forceJson: true
|
||||
)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user