refactor(actions): complete admin request/csrf guard centralization

This commit is contained in:
2026-04-24 19:00:13 +02:00
parent 5e705f780d
commit d7b73fcefe
18 changed files with 464 additions and 67 deletions

View File

@@ -3,7 +3,6 @@
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
@@ -13,20 +12,17 @@ Guard::requireLogin();
$userTenantContextService = app(\MintyPHP\Service\User\UserTenantContextService::class);
$errorBag = formErrors();
if ((requestInput()->method()) !== 'POST') {
Router::redirect('admin');
if (!actionRequirePost('admin')) {
return;
}
if (!Session::checkCsrfToken()) {
if (Request::wantsJson()) {
http_response_code(400);
Router::json(['ok' => false, 'error' => 'csrf']);
return;
}
$errorBag->addGlobal(t('Form expired, please try again'));
flashFormErrors($errorBag, 'admin', 'switch_tenant');
Router::redirect('admin');
if (!actionRequireCsrf(
'admin',
'admin',
'switch_tenant',
jsonAware: true,
jsonPayload: ['ok' => false, 'error' => 'csrf']
)) {
return;
}