Added XF CSRF compatibility
This commit is contained in:
@@ -5,6 +5,8 @@ namespace App\Services;
|
|||||||
use App\Auth\XenForoUser;
|
use App\Auth\XenForoUser;
|
||||||
use App\XenForoDataTypes\XenForoUserGroup;
|
use App\XenForoDataTypes\XenForoUserGroup;
|
||||||
use Illuminate\Support\Facades\Cache;
|
use Illuminate\Support\Facades\Cache;
|
||||||
|
use Illuminate\Support\Facades\Cookie;
|
||||||
|
use Illuminate\Support\Str;
|
||||||
|
|
||||||
class XenforoService {
|
class XenforoService {
|
||||||
|
|
||||||
@@ -192,4 +194,19 @@ class XenforoService {
|
|||||||
return $built;
|
return $built;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function hashCSRFToken( string $token ): string
|
||||||
|
{
|
||||||
|
return hash_hmac('md5', $token . time(), config('app.xf_salt') );
|
||||||
|
}
|
||||||
|
public function getCSRFToken(): string
|
||||||
|
{
|
||||||
|
$token = Cookie::get('xf_csrf');
|
||||||
|
if( !$token ){
|
||||||
|
$token = Str::random(16);
|
||||||
|
Cookie::queue('xf_csrf', $token, 0, '/', config('session.domain'), 0, false, false );
|
||||||
|
}
|
||||||
|
|
||||||
|
return time() . ',' . $this->hashCSRFToken($token);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,8 +1,13 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
if( !function_exists( 'xfRoute' ) ){
|
if( !function_exists( 'xfRoute' ) ){
|
||||||
|
|
||||||
function xfRoute( string $routeName, array $arguments = [] ): string {
|
function xfRoute( string $routeName, array $arguments = [] ): string {
|
||||||
return app(\App\Services\XenforoService::class)->getRoute( $routeName, $arguments );
|
return app(\App\Services\XenforoService::class)->getRoute( $routeName, $arguments );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( !function_exists( 'xfCsrfToken') ){
|
||||||
|
function xfCsrfToken(): string {
|
||||||
|
return app(\App\Services\XenforoService::class)->getCSRFToken();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ return Application::configure(basePath: dirname(__DIR__))
|
|||||||
health: '/up',
|
health: '/up',
|
||||||
)
|
)
|
||||||
->withMiddleware(function (Middleware $middleware): void {
|
->withMiddleware(function (Middleware $middleware): void {
|
||||||
$middleware->encryptCookies(except: ['xf_session','xf_user']);
|
$middleware->encryptCookies(except: ['xf_session','xf_user','xf_csrf']);
|
||||||
$middleware->alias([
|
$middleware->alias([
|
||||||
'xf.auth' => \App\Http\Middleware\CheckXenForoPermissions::class,
|
'xf.auth' => \App\Http\Middleware\CheckXenForoPermissions::class,
|
||||||
]);
|
]);
|
||||||
|
|||||||
@@ -106,6 +106,8 @@ return [
|
|||||||
),
|
),
|
||||||
],
|
],
|
||||||
|
|
||||||
|
'xf_salt' => env('XF_GLOBAL_SALT'),
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
| Maintenance Mode Driver
|
| Maintenance Mode Driver
|
||||||
|
|||||||
@@ -34,7 +34,7 @@
|
|||||||
{{ \Auth::user()?->username ?? "Guest" }}
|
{{ \Auth::user()?->username ?? "Guest" }}
|
||||||
</span>
|
</span>
|
||||||
<span class="user_role">
|
<span class="user_role">
|
||||||
<a href="{{ \Auth::guest() ? xfRoute('login') : xfRoute('logout') }}">
|
<a href="{{ \Auth::guest() ? xfRoute('login') : xfRoute('logout') . '?t=' . xfCsrfToken() }}">
|
||||||
{{ \Auth::guest() ? 'Login' : 'Logout' }}
|
{{ \Auth::guest() ? 'Login' : 'Logout' }}
|
||||||
</a>
|
</a>
|
||||||
</span>
|
</span>
|
||||||
|
|||||||
Reference in New Issue
Block a user