Added XF CSRF compatibility
This commit is contained in:
@@ -5,6 +5,8 @@ namespace App\Services;
|
||||
use App\Auth\XenForoUser;
|
||||
use App\XenForoDataTypes\XenForoUserGroup;
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
use Illuminate\Support\Facades\Cookie;
|
||||
use Illuminate\Support\Str;
|
||||
|
||||
class XenforoService {
|
||||
|
||||
@@ -192,4 +194,19 @@ class XenforoService {
|
||||
return $built;
|
||||
|
||||
}
|
||||
|
||||
private function hashCSRFToken( string $token ): string
|
||||
{
|
||||
return hash_hmac('md5', $token . time(), config('app.xf_salt') );
|
||||
}
|
||||
public function getCSRFToken(): string
|
||||
{
|
||||
$token = Cookie::get('xf_csrf');
|
||||
if( !$token ){
|
||||
$token = Str::random(16);
|
||||
Cookie::queue('xf_csrf', $token, 0, '/', config('session.domain'), 0, false, false );
|
||||
}
|
||||
|
||||
return time() . ',' . $this->hashCSRFToken($token);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,8 +1,13 @@
|
||||
<?php
|
||||
|
||||
if( !function_exists( 'xfRoute' ) ){
|
||||
|
||||
function xfRoute( string $routeName, array $arguments = [] ): string {
|
||||
return app(\App\Services\XenforoService::class)->getRoute( $routeName, $arguments );
|
||||
}
|
||||
}
|
||||
|
||||
if( !function_exists( 'xfCsrfToken') ){
|
||||
function xfCsrfToken(): string {
|
||||
return app(\App\Services\XenforoService::class)->getCSRFToken();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user