Browse Source

Controller: Add CSRF token validation to development toggle

master
Riyyi 3 years ago
parent
commit
9a99c31d47
  1. 3
      app/controllers/CacheController.php
  2. 1
      app/views/admin/cache.php
  3. 55
      public/js/app.js

3
app/controllers/CacheController.php

@ -21,6 +21,7 @@ class CacheController extends PageController {
$this->router->service()->config = $config; $this->router->service()->config = $config;
$this->router->service()->csrfToken = Session::token(); $this->router->service()->csrfToken = Session::token();
$this->router->service()->purgeUrl = $this->url . '/purge'; $this->router->service()->purgeUrl = $this->url . '/purge';
$this->router->service()->toggleUrl = $this->url . '/toggle';
parent::view(); parent::view();
} }
@ -81,7 +82,7 @@ class CacheController extends PageController {
public function toggleAction(): void public function toggleAction(): void
{ {
if (Config::c('CLOUDFLARE_ENABLED') != '1') { if (!$this->validatePostRequest()) {
return; return;
} }

1
app/views/admin/cache.php

@ -75,6 +75,7 @@ use \App\Classes\Config;
<div class="col-3 col-md-2 col-lg-2 col-xl-2"> <div class="col-3 col-md-2 col-lg-2 col-xl-2">
<div class="d-flex justify-content-center"> <div class="d-flex justify-content-center">
<input type="checkbox" id="development-mode" <input type="checkbox" id="development-mode"
data-href="<?= $this->toggleUrl; ?>" data-token="<?= $this->csrfToken; ?>"
<?= $this->config['CLOUDFLARE_DEVELOPMENT_MODE_ENABLED'] ? 'checked' : ''; ?>> <?= $this->config['CLOUDFLARE_DEVELOPMENT_MODE_ENABLED'] ? 'checked' : ''; ?>>
</div> </div>
</div> </div>

55
public/js/app.js

@ -233,13 +233,13 @@ $(document).ready(function() {
{ {
event.preventDefault(); event.preventDefault();
const purgeType = $(this).attr('data-type');
const csrfToken = $(this).attr('data-token');
if (!confirm('Are you sure you want to continue?')) { if (!confirm('Are you sure you want to continue?')) {
return; return;
} }
const purgeType = $(this).attr('data-type');
const csrfToken = $(this).attr('data-token');
$.ajax({ $.ajax({
url: $(this).attr('href'), url: $(this).attr('href'),
type: 'POST', type: 'POST',
@ -272,26 +272,39 @@ $(document).ready(function() {
return; return;
} }
$.get('/admin/cache/toggle').done(function(data) const dataHref = $(this).attr('data-href');
{ const csrfToken = $(this).attr('data-token');
const response = JSON.parse(data);
if (response.success == false) {
console.log(data);
alert("Development mode could not be enabled!");
return;
}
if (response.result.value == 'on') { $.ajax({
e.target.checked = true; url: dataHref,
$('#develop-enabled').css('visibility', 'visible'); type: 'POST',
$('#develop-remaining').text('03:00:00'); data: { _token: csrfToken },
} success: function(data)
else { {
e.target.checked = false; if (data == '') {
$('#develop-enabled').css('visibility', 'hidden'); alert("Development mode could not be enabled!");
} return;
}
alert("Development mode has been set to: '" + response.result.value + "'"); const response = JSON.parse(data);
if (response.success == false) {
console.log(data);
alert("Development mode could not be enabled!");
return;
}
if (response.result.value == 'on') {
e.target.checked = true;
$('#develop-enabled').css('visibility', 'visible');
$('#develop-remaining').text('03:00:00');
}
else {
e.target.checked = false;
$('#develop-enabled').css('visibility', 'hidden');
}
alert("Development mode has been set to: '" + response.result.value + "'");
}
}); });
}); });

Loading…
Cancel
Save