kangmin/Woles-Framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9d9fe4cc80f2ad3850906e02dc607e0c3da5bf33
Woles-Framework/app/Core/Middleware/SecurityMiddleware.php
mwpn 0b42271bfe feat: Complete Woles Framework v1.0 with enterprise-grade UI 
- Add comprehensive error handling system with custom error pages
- Implement professional enterprise-style design with Tailwind CSS
- Create modular HMVC architecture with clean separation of concerns
- Add security features: CSRF protection, XSS filtering, Argon2ID hashing
- Include CLI tools for development workflow
- Add error reporting dashboard with system monitoring
- Implement responsive design with consistent slate color scheme
- Replace all emoji icons with professional SVG icons
- Add comprehensive test suite with PHPUnit
- Include database migrations and seeders
- Add proper exception handling with fallback pages
- Implement template engine with custom syntax support
- Add helper functions and facades for clean code
- Include proper logging and debugging capabilities
2025-10-11 07:08:23 +07:00

73 lines
1.9 KiB
PHP
Raw Blame History

<?php
namespace App\Core\Middleware;
/**
* Security Middleware
* Basic security checks
*/
class SecurityMiddleware
{
public function handle(string $method, string $uri, callable $next): void
{
// Check for suspicious patterns
if ($this->isSuspiciousRequest($uri)) {
http_response_code(403);
echo "<h1>403 - Forbidden</h1>";
echo "<p>Access denied due to security policy.</p>";
return;
}
// Check request size
if ($this->isRequestTooLarge()) {
http_response_code(413);
echo "<h1>413 - Request Too Large</h1>";
echo "<p>Request size exceeds allowed limit.</p>";
return;
}
// Continue to next middleware
$next();
}
/**
* Check for suspicious request patterns
*/
private function isSuspiciousRequest(string $uri): bool
{
$suspiciousPatterns = [
'/\.\./', // Directory traversal
'/\.env/', // Environment file access
'/\.git/', // Git directory access
'/\.htaccess/', // Apache config access
'/\.htpasswd/', // Apache password file
'/admin\.php/', // Admin file access
'/config\.php/', // Config file access
'/wp-admin/', // WordPress admin
'/wp-login/', // WordPress login
'/phpmyadmin/', // phpMyAdmin
'/\.sql/', // SQL file access
'/\.bak/', // Backup file access
];
foreach ($suspiciousPatterns as $pattern) {
if (preg_match($pattern, $uri)) {
return true;
}
}
return false;
}
/**
* Check if request is too large
*/
private function isRequestTooLarge(): bool
{
$maxSize = 10 * 1024 * 1024; // 10MB
$contentLength = (int)($_SERVER['CONTENT_LENGTH'] ?? 0);
return $contentLength > $maxSize;
}
}
Reference in New Issue View Git Blame Copy Permalink