Added XF CSRF compatibility
This commit is contained in:
@@ -5,6 +5,8 @@ namespace App\Services;
|
||||
use App\Auth\XenForoUser;
|
||||
use App\XenForoDataTypes\XenForoUserGroup;
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
use Illuminate\Support\Facades\Cookie;
|
||||
use Illuminate\Support\Str;
|
||||
|
||||
class XenforoService {
|
||||
|
||||
@@ -192,4 +194,19 @@ class XenforoService {
|
||||
return $built;
|
||||
|
||||
}
|
||||
|
||||
private function hashCSRFToken( string $token ): string
|
||||
{
|
||||
return hash_hmac('md5', $token . time(), config('app.xf_salt') );
|
||||
}
|
||||
public function getCSRFToken(): string
|
||||
{
|
||||
$token = Cookie::get('xf_csrf');
|
||||
if( !$token ){
|
||||
$token = Str::random(16);
|
||||
Cookie::queue('xf_csrf', $token, 0, '/', config('session.domain'), 0, false, false );
|
||||
}
|
||||
|
||||
return time() . ',' . $this->hashCSRFToken($token);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,8 +1,13 @@
|
||||
<?php
|
||||
|
||||
if( !function_exists( 'xfRoute' ) ){
|
||||
|
||||
function xfRoute( string $routeName, array $arguments = [] ): string {
|
||||
return app(\App\Services\XenforoService::class)->getRoute( $routeName, $arguments );
|
||||
}
|
||||
}
|
||||
|
||||
if( !function_exists( 'xfCsrfToken') ){
|
||||
function xfCsrfToken(): string {
|
||||
return app(\App\Services\XenforoService::class)->getCSRFToken();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ return Application::configure(basePath: dirname(__DIR__))
|
||||
health: '/up',
|
||||
)
|
||||
->withMiddleware(function (Middleware $middleware): void {
|
||||
$middleware->encryptCookies(except: ['xf_session','xf_user']);
|
||||
$middleware->encryptCookies(except: ['xf_session','xf_user','xf_csrf']);
|
||||
$middleware->alias([
|
||||
'xf.auth' => \App\Http\Middleware\CheckXenForoPermissions::class,
|
||||
]);
|
||||
|
||||
@@ -106,6 +106,8 @@ return [
|
||||
),
|
||||
],
|
||||
|
||||
'xf_salt' => env('XF_GLOBAL_SALT'),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Maintenance Mode Driver
|
||||
|
||||
@@ -34,7 +34,7 @@
|
||||
{{ \Auth::user()?->username ?? "Guest" }}
|
||||
</span>
|
||||
<span class="user_role">
|
||||
<a href="{{ \Auth::guest() ? xfRoute('login') : xfRoute('logout') }}">
|
||||
<a href="{{ \Auth::guest() ? xfRoute('login') : xfRoute('logout') . '?t=' . xfCsrfToken() }}">
|
||||
{{ \Auth::guest() ? 'Login' : 'Logout' }}
|
||||
</a>
|
||||
</span>
|
||||
|
||||
Reference in New Issue
Block a user