kangmin/Woles-Framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1e62d59dbffb259d5c93362dae28efffc7852c4e
Woles-Framework/app/Core/Middleware/SecurityMiddleware.php

73 lines
1.9 KiB
PHP
Raw Normal View History

feat: Complete Woles Framework v1.0 with enterprise-grade UI - Add comprehensive error handling system with custom error pages - Implement professional enterprise-style design with Tailwind CSS - Create modular HMVC architecture with clean separation of concerns - Add security features: CSRF protection, XSS filtering, Argon2ID hashing - Include CLI tools for development workflow - Add error reporting dashboard with system monitoring - Implement responsive design with consistent slate color scheme - Replace all emoji icons with professional SVG icons - Add comprehensive test suite with PHPUnit - Include database migrations and seeders - Add proper exception handling with fallback pages - Implement template engine with custom syntax support - Add helper functions and facades for clean code - Include proper logging and debugging capabilities
2025-10-11 07:08:23 +07:00
<?php
namespace App\Core\Middleware;
/**
* Security Middleware
* Basic security checks
*/
class SecurityMiddleware
{
public function handle(string $method, string $uri, callable $next): void
{
// Check for suspicious patterns
if ($this->isSuspiciousRequest($uri)) {
http_response_code(403);
echo "<h1>403 - Forbidden</h1>";
echo "<p>Access denied due to security policy.</p>";
return;
}
// Check request size
if ($this->isRequestTooLarge()) {
http_response_code(413);
echo "<h1>413 - Request Too Large</h1>";
echo "<p>Request size exceeds allowed limit.</p>";
return;
}
// Continue to next middleware
$next();
}
/**
* Check for suspicious request patterns
*/
private function isSuspiciousRequest(string $uri): bool
{
$suspiciousPatterns = [
'/\.\./', // Directory traversal
'/\.env/', // Environment file access
'/\.git/', // Git directory access
'/\.htaccess/', // Apache config access
'/\.htpasswd/', // Apache password file
'/admin\.php/', // Admin file access
'/config\.php/', // Config file access
'/wp-admin/', // WordPress admin
'/wp-login/', // WordPress login
'/phpmyadmin/', // phpMyAdmin
'/\.sql/', // SQL file access
'/\.bak/', // Backup file access
];
foreach ($suspiciousPatterns as $pattern) {
if (preg_match($pattern, $uri)) {
return true;
}
}
return false;
}
/**
* Check if request is too large
*/
private function isRequestTooLarge(): bool
{
$maxSize = 10 * 1024 * 1024; // 10MB
$contentLength = (int)($_SERVER['CONTENT_LENGTH'] ?? 0);
return $contentLength > $maxSize;
}
}
Reference in New Issue Copy Permalink