netig/slim-blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working state but no uploads

Browse Source
This commit is contained in:
julien
2026-03-16 11:48:26 +01:00
parent e24ee5d622
commit 8e59daa4cd
21 changed files with 353 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Auth/PasswordResetController.php
View File

@@ -4,6 +4,7 @@ declare(strict_types=1);
namespace App\Auth;
use App\Auth\Exception\InvalidResetTokenException;
use App\Shared\Http\ClientIpResolver;
use App\Shared\Http\FlashServiceInterface;
use App\User\Exception\WeakPasswordException;
use Psr\Http\Message\ResponseInterface as Response;
@@ -34,6 +35,7 @@ final class PasswordResetController
* @param PasswordResetServiceInterface $passwordResetService Service de réinitialisation
* @param AuthServiceInterface $authService Service d'authentification (rate limiting)
* @param FlashServiceInterface $flash Service de messages flash
* @param ClientIpResolver $clientIpResolver Résout l'IP réelle derrière un proxy approuvé
* @param string $baseUrl URL de base de l'application (depuis APP_URL dans .env)
*/
public function __construct(
@@ -41,6 +43,7 @@ final class PasswordResetController
private readonly PasswordResetServiceInterface $passwordResetService,
private readonly AuthServiceInterface $authService,
private readonly FlashServiceInterface $flash,
private readonly ClientIpResolver $clientIpResolver,
private readonly string $baseUrl,
) {
}
@@ -80,13 +83,7 @@ final class PasswordResetController
*/
public function forgot(Request $req, Response $res): Response
{
// Résolution de l'IP réelle derrière un reverse proxy (Caddy/Nginx).
// Même logique que AuthController::login() — voir son commentaire pour le détail.
$serverParams = $req->getServerParams();
$forwarded = trim((string) ($serverParams['HTTP_X_FORWARDED_FOR'] ?? ''));
$ip = $forwarded !== '' && $forwarded !== '0.0.0.0'
? trim(explode(',', $forwarded)[0])
: ($serverParams['REMOTE_ADDR'] ?? '0.0.0.0');
$ip = $this->clientIpResolver->resolve($req);
// Vérification du rate limit avant tout traitement
$remainingMinutes = $this->authService->checkRateLimit($ip);