refactor(actions): complete admin request/csrf guard centralization

This commit is contained in:
2026-04-24 19:00:13 +02:00
parent 5e705f780d
commit d7b73fcefe
18 changed files with 464 additions and 67 deletions

View File

@@ -3,7 +3,6 @@
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
@@ -13,18 +12,16 @@ Guard::requireLogin();
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
$errorBag = formErrors();
if ((requestInput()->method()) !== 'POST') {
Router::redirect('admin');
if (!actionRequirePost('admin')) {
return;
}
if (!Session::checkCsrfToken()) {
if (Request::wantsJson()) {
http_response_code(400);
Router::json(['ok' => false, 'error' => 'csrf']);
return;
}
Router::redirect('admin');
if (!actionRequireCsrf(
'admin',
jsonAware: true,
jsonPayload: ['ok' => false, 'error' => 'csrf'],
flashOnFailure: false
)) {
return;
}