ab7fd8b2ea
All checks were successful
Deploy / Deploy to Production (push) Successful in 6s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
49 lines
1.3 KiB
PHP
49 lines
1.3 KiB
PHP
<?php
|
|
|
|
namespace Moinframe\Loop;
|
|
|
|
use Kirby\Http\Response;
|
|
|
|
class Middleware
|
|
{
|
|
/**
|
|
* Authentication middleware
|
|
* @param callable $next The next action to execute
|
|
* @return callable Middleware function
|
|
*/
|
|
public static function auth(callable $next): callable
|
|
{
|
|
return function () use ($next) {
|
|
|
|
// Check if loop is enabled
|
|
if (!Options::enabled()) {
|
|
return Response::json([
|
|
'status' => 'error',
|
|
'message' => 'Loop is disabled',
|
|
'code' => 'DISABLED'
|
|
], 403);
|
|
}
|
|
|
|
$csrfToken = kirby()->request()->header('X-CSRF-Token');
|
|
if (csrf($csrfToken) !== true) {
|
|
return Response::json([
|
|
'status' => 'error',
|
|
'message' => t('moinframe.loop.csrf.invalid'),
|
|
'code' => 'CSRF_INVALID'
|
|
], 403);
|
|
}
|
|
|
|
|
|
if (Options::public() === false && kirby()->user() === null) {
|
|
return Response::json([
|
|
'status' => 'error',
|
|
'message' => 'Unauthorized',
|
|
'code' => 'UNAUTHORIZED'
|
|
], 401);
|
|
}
|
|
|
|
|
|
return $next(...func_get_args());
|
|
};
|
|
}
|
|
}
|