julien/blog-slim.old
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added CSRF protection

Browse Source
This commit is contained in:
julien
2026-03-09 17:15:14 +01:00
parent 96214378d6
commit 99a1f2c5ab
4 changed files with 71 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
public/index.php
View File

@@ -8,16 +8,24 @@ use Dotenv\Dotenv;
use Slim\Factory\AppFactory;
use Slim\Views\TwigMiddleware;
use Slim\Views\Twig;
use Slim\Csrf\Guard;
use Medoo\Medoo;
use App\Controllers\PostController;
use App\Repositories\PostRepository;
use App\Services\HtmlSanitizer;
use App\Services\HtmlPurifierFactory;
use App\Services\CsrfExtension;
use App\Database\Migrator;
use App\Bootstrap;
use App\Routes;
use App\Config;
// ============================================
// Démarrer la session PHP
// ============================================
session_start();
// ============================================
// Vérifier les répertoires
// ============================================
@@ -38,16 +46,29 @@ $dotenv->load();
$env = $_ENV['APP_ENV'] ?? 'production';
$isDev = strtolower($env) === 'development';
// ============================================
// Initialisation de l'application Slim
// ============================================
$app = AppFactory::create();
$responseFactory = $app->getResponseFactory();
// ============================================
// Initialisation des services
// ============================================
// CSRF Guard (middleware)
$csrf = new Guard($responseFactory);
// Twig
$twig = Twig::create(
__DIR__ . '/../views',
['cache' => Config::getTwigCache($isDev)]
);
// Ajouter l'extension CSRF à Twig
$twig->addExtension(new CsrfExtension($csrf));
// Medoo (SQLite)
$dbFile = Config::getDatabasePath();
$db = new Medoo([
@@ -69,13 +90,15 @@ $htmlSanitizer = new HtmlSanitizer($htmlPurifier);
$postRepository = new PostRepository($db);
// ============================================
// Slim App
// Middleware
// ============================================
$app = AppFactory::create();
$app->addBodyParsingMiddleware();
$app->add(TwigMiddleware::create($app, $twig));
// Enregistrer le middleware CSRF pour toutes les routes
$app->add($csrf);
// ============================================
// Routes
// ============================================