Initial commit of the Asset Management System, including project structure, Docker configuration, database migrations, and core application files. Added user authentication, asset management features, and basic UI components.
This commit is contained in:
34
app/Middleware/CsrfMiddleware.php
Normal file
34
app/Middleware/CsrfMiddleware.php
Normal file
@@ -0,0 +1,34 @@
|
||||
<?php
|
||||
|
||||
namespace App\Middleware;
|
||||
|
||||
use App\Core\Request;
|
||||
use App\Core\Response;
|
||||
use App\Core\Session;
|
||||
|
||||
class CsrfMiddleware
|
||||
{
|
||||
public function handle(Request $request, Response $response): void
|
||||
{
|
||||
$session = new Session();
|
||||
|
||||
// Skip CSRF check for GET requests
|
||||
if ($request->getMethod() === 'GET') {
|
||||
return;
|
||||
}
|
||||
|
||||
// Get CSRF token from request
|
||||
$token = $request->post('csrf_token') ?: $request->getHeader('X-CSRF-TOKEN');
|
||||
|
||||
if (!$token) {
|
||||
$session->flash('error', 'CSRF-Token fehlt.');
|
||||
$response->redirect('/dashboard')->send();
|
||||
}
|
||||
|
||||
// Validate CSRF token
|
||||
if (!$session->validateCsrfToken($token)) {
|
||||
$session->flash('error', 'Ungültiger CSRF-Token.');
|
||||
$response->redirect('/dashboard')->send();
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user