diff --git a/app/Services/XenforoService.php b/app/Services/XenforoService.php index ed12c90..fc8d0d1 100644 --- a/app/Services/XenforoService.php +++ b/app/Services/XenforoService.php @@ -5,6 +5,8 @@ namespace App\Services; use App\Auth\XenForoUser; use App\XenForoDataTypes\XenForoUserGroup; use Illuminate\Support\Facades\Cache; +use Illuminate\Support\Facades\Cookie; +use Illuminate\Support\Str; class XenforoService { @@ -192,4 +194,19 @@ class XenforoService { return $built; } + + private function hashCSRFToken( string $token ): string + { + return hash_hmac('md5', $token . time(), config('app.xf_salt') ); + } + public function getCSRFToken(): string + { + $token = Cookie::get('xf_csrf'); + if( !$token ){ + $token = Str::random(16); + Cookie::queue('xf_csrf', $token, 0, '/', config('session.domain'), 0, false, false ); + } + + return time() . ',' . $this->hashCSRFToken($token); + } } diff --git a/app/xenforo.php b/app/xenforo.php index 4eb88f4..a8be282 100644 --- a/app/xenforo.php +++ b/app/xenforo.php @@ -1,8 +1,13 @@ getRoute( $routeName, $arguments ); } } + +if( !function_exists( 'xfCsrfToken') ){ + function xfCsrfToken(): string { + return app(\App\Services\XenforoService::class)->getCSRFToken(); + } +} diff --git a/bootstrap/app.php b/bootstrap/app.php index df43409..1063f27 100644 --- a/bootstrap/app.php +++ b/bootstrap/app.php @@ -11,7 +11,7 @@ return Application::configure(basePath: dirname(__DIR__)) health: '/up', ) ->withMiddleware(function (Middleware $middleware): void { - $middleware->encryptCookies(except: ['xf_session','xf_user']); + $middleware->encryptCookies(except: ['xf_session','xf_user','xf_csrf']); $middleware->alias([ 'xf.auth' => \App\Http\Middleware\CheckXenForoPermissions::class, ]); diff --git a/config/app.php b/config/app.php index 4bab8d2..e534a64 100644 --- a/config/app.php +++ b/config/app.php @@ -106,6 +106,8 @@ return [ ), ], + 'xf_salt' => env('XF_GLOBAL_SALT'), + /* |-------------------------------------------------------------------------- | Maintenance Mode Driver diff --git a/resources/views/components/menu.blade.php b/resources/views/components/menu.blade.php index 6d5b7ec..36e6559 100644 --- a/resources/views/components/menu.blade.php +++ b/resources/views/components/menu.blade.php @@ -34,7 +34,7 @@ {{ \Auth::user()?->username ?? "Guest" }} - + {{ \Auth::guest() ? 'Login' : 'Logout' }}