esoko/rvr-nextgen
esoko/rvr-nextgen
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

fixup! split authentication required and secured controllers
All checks were successful
rvr-nextgen/pipeline/pr-master This commit looks good
Details

Browse Source
This commit is contained in:
Bence Pőcze 2023-04-16 17:50:43 +02:00
parent 13796e58c7
commit 038ed65668
Signed by: bence
GPG Key ID: DC5BD6E95A333E6D
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
public/index.php
View File

@ -1,7 +1,12 @@
<?php <?php
use SokoWeb\Interfaces\Response\IRedirect; use SokoWeb\Interfaces\Response\IRedirect;
use SokoWeb\Interfaces\Response\IContent;
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
use SokoWeb\Interfaces\Authorization\ISecured;
use SokoWeb\Response\Redirect; use SokoWeb\Response\Redirect;
use SokoWeb\Response\HtmlContent;
use SokoWeb\Response\JsonContent;
require '../web.php'; require '../web.php';
@ -23,7 +28,7 @@ if ($match !== null) {
$controller = new $handler[0](Container::$request); $controller = new $handler[0](Container::$request);
if ( if (
$controller instanceof SokoWeb\Interfaces\Authentication\IAuthenticationRequired && $controller instanceof IAuthenticationRequired &&
$controller->isAuthenticationRequired() && $controller->isAuthenticationRequired() &&
Container::$request->user() === null Container::$request->user() === null
) { ) {
@ -34,28 +39,28 @@ if ($match !== null) {
} }
if ($method === 'post' && !in_array($url, $antiCsrfTokenExceptions) && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) { if ($method === 'post' && !in_array($url, $antiCsrfTokenExceptions) && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) {
$content = new SokoWeb\Response\JsonContent(['error' => 'no_valid_anti_csrf_token']); $content = new JsonContent(['error' => 'no_valid_anti_csrf_token']);
header('Content-Type: text/html; charset=UTF-8', true, 403); header('Content-Type: text/html; charset=UTF-8', true, 403);
$content->render(); $content->render();
return; return;
} }
if ( if (
!($controller instanceof SokoWeb\Interfaces\Authorization\ISecured) || !($controller instanceof ISecured) ||
$controller->authorize() $controller->authorize()
) { ) {
$response = call_user_func([$controller, $handler[1]]); $response = call_user_func([$controller, $handler[1]]);
if ($response instanceof SokoWeb\Interfaces\Response\IContent) { if ($response instanceof IContent) {
header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8'); header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8');
$response->render(); $response->render();
return; return;
} elseif ($response instanceof SokoWeb\Interfaces\Response\IRedirect) { } elseif ($response instanceof IRedirect) {
header('Location: ' . $response->getUrl(), true, $response->getHttpCode()); header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
return; return;
} }
} }
} }
$content = new SokoWeb\Response\HtmlContent('error/404'); $content = new HtmlContent('error/404');
header('Content-Type: text/html; charset=UTF-8', true, 404); header('Content-Type: text/html; charset=UTF-8', true, 404);
$content->render(); $content->render();