Added XF CSRF compatibility

This commit is contained in:
2026-05-25 12:23:10 +02:00
parent 250509055b
commit b361f07954
5 changed files with 27 additions and 3 deletions

View File

@@ -5,6 +5,8 @@ namespace App\Services;
use App\Auth\XenForoUser;
use App\XenForoDataTypes\XenForoUserGroup;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Cookie;
use Illuminate\Support\Str;
class XenforoService {
@@ -192,4 +194,19 @@ class XenforoService {
return $built;
}
private function hashCSRFToken( string $token ): string
{
return hash_hmac('md5', $token . time(), config('app.xf_salt') );
}
public function getCSRFToken(): string
{
$token = Cookie::get('xf_csrf');
if( !$token ){
$token = Str::random(16);
Cookie::queue('xf_csrf', $token, 0, '/', config('session.domain'), 0, false, false );
}
return time() . ',' . $this->hashCSRFToken($token);
}
}