More robust
This commit is contained in:
julien
@@ -13,13 +13,31 @@ abstract class BaseController
|
||||
$this->db = $this->f3->get('DB');
|
||||
}
|
||||
|
||||
protected function render(string $view, array $data = []): void
|
||||
protected function renderPublic(string $view, array $data = []): void
|
||||
{
|
||||
$user = $this->currentUser();
|
||||
|
||||
$this->f3->mset($data + [
|
||||
'view' => $view,
|
||||
'view' => $view,
|
||||
'currentUser' => $user,
|
||||
'flash' => array_key_exists('flash', $data) && is_array($data['flash']) ? $data['flash'] : null,
|
||||
'csrfToken' => $user !== null ? $this->csrfToken() : null,
|
||||
]);
|
||||
|
||||
echo Template::instance()->render('layout.html');
|
||||
}
|
||||
|
||||
protected function renderSession(string $view, array $data = [], bool $withCsrf = false): void
|
||||
{
|
||||
$flash = array_key_exists('flash', $data) && is_array($data['flash'])
|
||||
? $data['flash']
|
||||
: $this->pullFlash();
|
||||
|
||||
$this->f3->mset($data + [
|
||||
'view' => $view,
|
||||
'currentUser' => $this->currentUser(),
|
||||
'flash' => $this->pullFlash(),
|
||||
'csrfToken' => $this->csrfToken(),
|
||||
'flash' => $flash,
|
||||
'csrfToken' => $withCsrf ? $this->csrfToken() : null,
|
||||
]);
|
||||
|
||||
echo Template::instance()->render('layout.html');
|
||||
@@ -38,12 +56,16 @@ abstract class BaseController
|
||||
}
|
||||
|
||||
$this->flash('error', 'Connecte-toi pour continuer.');
|
||||
$this->f3->reroute($this->f3->alias('login'));
|
||||
$this->f3->reroute('@login');
|
||||
}
|
||||
|
||||
protected function disableCache(): void
|
||||
{
|
||||
$this->f3->expire(0);
|
||||
}
|
||||
|
||||
protected function csrfToken(): string
|
||||
{
|
||||
// Génère un token CSRF et le stocke en session au premier appel.
|
||||
$token = (string) ($this->f3->get('SESSION.csrf_token') ?? '');
|
||||
if ($token === '') {
|
||||
$token = bin2hex(random_bytes(32));
|
||||
@@ -53,10 +75,17 @@ abstract class BaseController
|
||||
return $token;
|
||||
}
|
||||
|
||||
protected function refreshCsrfToken(): string
|
||||
{
|
||||
$token = bin2hex(random_bytes(32));
|
||||
$this->f3->set('SESSION.csrf_token', $token);
|
||||
return $token;
|
||||
}
|
||||
|
||||
protected function verifyCsrf(): void
|
||||
{
|
||||
$submitted = (string) ($this->f3->get('POST.csrf_token') ?? '');
|
||||
$expected = (string) ($this->f3->get('SESSION.csrf_token') ?? '');
|
||||
$expected = (string) ($this->f3->get('SESSION.csrf_token') ?? '');
|
||||
|
||||
if ($submitted !== '' && $expected !== '' && hash_equals($expected, $submitted)) {
|
||||
return;
|
||||
|
||||
Reference in New Issue
Block a user