Added XF CSRF compatibility

This commit is contained in:
2026-05-25 12:23:10 +02:00
parent 250509055b
commit b361f07954
5 changed files with 27 additions and 3 deletions

View File

@@ -5,6 +5,8 @@ namespace App\Services;
use App\Auth\XenForoUser; use App\Auth\XenForoUser;
use App\XenForoDataTypes\XenForoUserGroup; use App\XenForoDataTypes\XenForoUserGroup;
use Illuminate\Support\Facades\Cache; use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Cookie;
use Illuminate\Support\Str;
class XenforoService { class XenforoService {
@@ -192,4 +194,19 @@ class XenforoService {
return $built; return $built;
} }
private function hashCSRFToken( string $token ): string
{
return hash_hmac('md5', $token . time(), config('app.xf_salt') );
}
public function getCSRFToken(): string
{
$token = Cookie::get('xf_csrf');
if( !$token ){
$token = Str::random(16);
Cookie::queue('xf_csrf', $token, 0, '/', config('session.domain'), 0, false, false );
}
return time() . ',' . $this->hashCSRFToken($token);
}
} }

View File

@@ -1,8 +1,13 @@
<?php <?php
if( !function_exists( 'xfRoute' ) ){ if( !function_exists( 'xfRoute' ) ){
function xfRoute( string $routeName, array $arguments = [] ): string { function xfRoute( string $routeName, array $arguments = [] ): string {
return app(\App\Services\XenforoService::class)->getRoute( $routeName, $arguments ); return app(\App\Services\XenforoService::class)->getRoute( $routeName, $arguments );
} }
} }
if( !function_exists( 'xfCsrfToken') ){
function xfCsrfToken(): string {
return app(\App\Services\XenforoService::class)->getCSRFToken();
}
}

View File

@@ -11,7 +11,7 @@ return Application::configure(basePath: dirname(__DIR__))
health: '/up', health: '/up',
) )
->withMiddleware(function (Middleware $middleware): void { ->withMiddleware(function (Middleware $middleware): void {
$middleware->encryptCookies(except: ['xf_session','xf_user']); $middleware->encryptCookies(except: ['xf_session','xf_user','xf_csrf']);
$middleware->alias([ $middleware->alias([
'xf.auth' => \App\Http\Middleware\CheckXenForoPermissions::class, 'xf.auth' => \App\Http\Middleware\CheckXenForoPermissions::class,
]); ]);

View File

@@ -106,6 +106,8 @@ return [
), ),
], ],
'xf_salt' => env('XF_GLOBAL_SALT'),
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Maintenance Mode Driver | Maintenance Mode Driver

View File

@@ -34,7 +34,7 @@
{{ \Auth::user()?->username ?? "Guest" }} {{ \Auth::user()?->username ?? "Guest" }}
</span> </span>
<span class="user_role"> <span class="user_role">
<a href="{{ \Auth::guest() ? xfRoute('login') : xfRoute('logout') }}"> <a href="{{ \Auth::guest() ? xfRoute('login') : xfRoute('logout') . '?t=' . xfCsrfToken() }}">
{{ \Auth::guest() ? 'Login' : 'Logout' }} {{ \Auth::guest() ? 'Login' : 'Logout' }}
</a> </a>
</span> </span>