refactor(actions): complete admin request/csrf guard centralization
This commit is contained in:
@@ -3,7 +3,6 @@
|
||||
use MintyPHP\Http\Request;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$sessionStore = app(SessionStoreInterface::class);
|
||||
@@ -13,18 +12,16 @@ Guard::requireLogin();
|
||||
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
|
||||
$errorBag = formErrors();
|
||||
|
||||
if ((requestInput()->method()) !== 'POST') {
|
||||
Router::redirect('admin');
|
||||
if (!actionRequirePost('admin')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!Session::checkCsrfToken()) {
|
||||
if (Request::wantsJson()) {
|
||||
http_response_code(400);
|
||||
Router::json(['ok' => false, 'error' => 'csrf']);
|
||||
return;
|
||||
}
|
||||
Router::redirect('admin');
|
||||
if (!actionRequireCsrf(
|
||||
'admin',
|
||||
jsonAware: true,
|
||||
jsonPayload: ['ok' => false, 'error' => 'csrf'],
|
||||
flashOnFailure: false
|
||||
)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user