kangmin/Woles-Framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Complete Woles Framework v1.0 with enterprise-grade UI

Browse Source 
- Add comprehensive error handling system with custom error pages
- Implement professional enterprise-style design with Tailwind CSS
- Create modular HMVC architecture with clean separation of concerns
- Add security features: CSRF protection, XSS filtering, Argon2ID hashing
- Include CLI tools for development workflow
- Add error reporting dashboard with system monitoring
- Implement responsive design with consistent slate color scheme
- Replace all emoji icons with professional SVG icons
- Add comprehensive test suite with PHPUnit
- Include database migrations and seeders
- Add proper exception handling with fallback pages
- Implement template engine with custom syntax support
- Add helper functions and facades for clean code
- Include proper logging and debugging capabilities
This commit is contained in:
mwpn
2025-10-11 07:08:23 +07:00
commit 0b42271bfe
90 changed files with 8315 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
app/Core/Middleware/CsrfMiddleware.php Normal file
View File

@@ -0,0 +1,50 @@
<?php
namespace App\Core\Middleware;
/**
* CSRF Middleware
* Cross-Site Request Forgery protection
*/
class CsrfMiddleware
{
public function handle(string $method, string $uri, callable $next): void
{
// Skip CSRF check for GET requests
if ($method === 'GET') {
$next();
return;
}
// Skip CSRF check for API routes (if Accept header is application/json)
if (isset($_SERVER['HTTP_ACCEPT']) && str_contains($_SERVER['HTTP_ACCEPT'], 'application/json')) {
$next();
return;
}
// Check CSRF token
$token = $_POST['_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
if (!$token || !$this->verifyToken($token)) {
http_response_code(419);
echo "<h1>419 - Page Expired</h1>";
echo "<p>CSRF token mismatch. Please refresh the page and try again.</p>";
return;
}
// Continue to next middleware
$next();
}
/**
* Verify CSRF token
*/
private function verifyToken(string $token): bool
{
if (!isset($_SESSION['csrf_token'])) {
return false;
}
return hash_equals($_SESSION['csrf_token'], $token);
}
}