mirror_html/filegator
1
0
Fork 0
mirror of https://github.com/filegator/filegator.git synced 2025-08-09 20:26:56 +02:00
Code Issues Projects Releases Wiki Activity

logger added instead of huge exception in security service, fixes #183

Browse Source
This commit is contained in:
Milos Stojanovic
2021-02-18 09:39:44 +01:00
parent a48fa3c717
commit 0f4209dc28
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
backend/Services/Security/Security.php
View File

@@ -13,6 +13,7 @@ namespace Filegator\Services\Security;
use Filegator\Kernel\Request;
use Filegator\Kernel\Response;
use Filegator\Services\Service;
use Filegator\Services\Logger\LoggerInterface;
use Symfony\Component\Security\Csrf\CsrfToken;
use Symfony\Component\Security\Csrf\CsrfTokenManager;
@@ -25,10 +26,13 @@ class Security implements Service
protected $response;
public function __construct(Request $request, Response $response)
protected $logger;
public function __construct(Request $request, Response $response, LoggerInterface $logger)
{
$this->request = $request;
$this->response = $response;
$this->logger = $logger;
}
public function init(array $config = [])
@@ -46,7 +50,8 @@ class Security implements Service
$token = new CsrfToken($key, $this->request->headers->get('X-CSRF-Token'));
if (! $csrfManager->isTokenValid($token)) {
throw new \Exception('Csrf token not valid');
$this->logger->log("Csrf token not valid");
die;
}
}
}
@@ -63,6 +68,7 @@ class Security implements Service
if (! $pass) {
$this->response->setStatusCode(403);
$this->response->send();
$this->logger->log("Forbidden - IP not found in allowlist ".$this->request->getClientIp());
die;
}
}
@@ -79,6 +85,7 @@ class Security implements Service
if (! $pass) {
$this->response->setStatusCode(403);
$this->response->send();
$this->logger->log("Forbidden - IP matched against denylist ".$this->request->getClientIp());
die;
}
}