added form token auth to page editing, updated API
This commit is contained in:
parent
fdc6cb2cf2
commit
ccbf55bb54
5 changed files with 26 additions and 4 deletions
|
@ -104,7 +104,24 @@ class PagesAPI
|
||||||
case "delete":
|
case "delete":
|
||||||
case "create":
|
case "create":
|
||||||
case "write":
|
case "write":
|
||||||
$result = (new Book("../content/pages"))->editPage($task, $request);
|
$body = $request->getParsedBody();
|
||||||
|
if (!isset($body["form_token"])) {
|
||||||
|
$result = [
|
||||||
|
"message" => "No form token. Not good, sport.",
|
||||||
|
"type" => "TASK_FORM_AUTH",
|
||||||
|
];
|
||||||
|
} else {
|
||||||
|
if ($body["form_token"] == Session::get("form_token")) {
|
||||||
|
//TODO: Verify form fields
|
||||||
|
$result = (new Book("../content/pages"))->editPage($task, $request);
|
||||||
|
} else {
|
||||||
|
$result = [
|
||||||
|
"message" => "Form token, auth failed. Uh oh.",
|
||||||
|
"type" => "TASK_FORM_AUTH",
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case "add-entry-image":
|
case "add-entry-image":
|
||||||
$result = ImagesAPI::uploadImage($request);
|
$result = ImagesAPI::uploadImage($request);
|
||||||
|
|
|
@ -78,7 +78,7 @@
|
||||||
{% endapply %}
|
{% endapply %}
|
||||||
<input id="featured-image-upload" type="file" name="featured-image-upload"/>
|
<input id="featured-image-upload" type="file" name="featured-image-upload"/>
|
||||||
<input id="post-image-upload" type="file" name="post-image-upload"/>
|
<input id="post-image-upload" type="file" name="post-image-upload"/>
|
||||||
<input name="token" type="hidden" value="{{ token }}">
|
<input id="form_token" name="token" type="hidden" value="{{ token }}">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
4
public/assets/scripts/dash.min.js
vendored
4
public/assets/scripts/dash.min.js
vendored
File diff suppressed because one or more lines are too long
|
@ -56,6 +56,10 @@ export default class PostActions {
|
||||||
"published",
|
"published",
|
||||||
document.getElementById("option-published").getAttribute("data-active")
|
document.getElementById("option-published").getAttribute("data-active")
|
||||||
);
|
);
|
||||||
|
pageInfo.append(
|
||||||
|
"form_token",
|
||||||
|
document.getElementById("form_token").value
|
||||||
|
);
|
||||||
if (image != null || image != undefined) {
|
if (image != null || image != undefined) {
|
||||||
if (image.type.match("image.*")) {
|
if (image.type.match("image.*")) {
|
||||||
pageInfo.append("feature_image", image, image.name);
|
pageInfo.append("feature_image", image, image.name);
|
||||||
|
|
|
@ -217,6 +217,7 @@ class FipamoAdminAPI {
|
||||||
* @param {boolean} form[].menu - property that indicates page is included in site menu
|
* @param {boolean} form[].menu - property that indicates page is included in site menu
|
||||||
* @param {boolean} form[].featured - property that indicates page is featured
|
* @param {boolean} form[].featured - property that indicates page is featured
|
||||||
* @param {boolean} form[].published - property that indicates page is public
|
* @param {boolean} form[].published - property that indicates page is public
|
||||||
|
* @param {string} form[].form_token - hidden property to authenticate form submission
|
||||||
* @param {input} form[].feature_image - main image for page
|
* @param {input} form[].feature_image - main image for page
|
||||||
* @example
|
* @example
|
||||||
* api.pageActions(TASK, data).then(response=>{
|
* api.pageActions(TASK, data).then(response=>{
|
||||||
|
|
Loading…
Reference in a new issue