kangmin/Woles-Framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Complete Woles Framework v1.0 with enterprise-grade UI

Browse Source 
- Add comprehensive error handling system with custom error pages
- Implement professional enterprise-style design with Tailwind CSS
- Create modular HMVC architecture with clean separation of concerns
- Add security features: CSRF protection, XSS filtering, Argon2ID hashing
- Include CLI tools for development workflow
- Add error reporting dashboard with system monitoring
- Implement responsive design with consistent slate color scheme
- Replace all emoji icons with professional SVG icons
- Add comprehensive test suite with PHPUnit
- Include database migrations and seeders
- Add proper exception handling with fallback pages
- Implement template engine with custom syntax support
- Add helper functions and facades for clean code
- Include proper logging and debugging capabilities
This commit is contained in:
mwpn
2025-10-11 07:08:23 +07:00
commit 0b42271bfe
90 changed files with 8315 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
app/Core/Middleware/CsrfMiddleware.php Normal file
View File

@@ -0,0 +1,50 @@
<?php
namespace App\Core\Middleware;
/**
* CSRF Middleware
* Cross-Site Request Forgery protection
*/
class CsrfMiddleware
{
public function handle(string $method, string $uri, callable $next): void
{
// Skip CSRF check for GET requests
if ($method === 'GET') {
$next();
return;
}
// Skip CSRF check for API routes (if Accept header is application/json)
if (isset($_SERVER['HTTP_ACCEPT']) && str_contains($_SERVER['HTTP_ACCEPT'], 'application/json')) {
$next();
return;
}
// Check CSRF token
$token = $_POST['_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
if (!$token || !$this->verifyToken($token)) {
http_response_code(419);
echo "<h1>419 - Page Expired</h1>";
echo "<p>CSRF token mismatch. Please refresh the page and try again.</p>";
return;
}
// Continue to next middleware
$next();
}
/**
* Verify CSRF token
*/
private function verifyToken(string $token): bool
{
if (!isset($_SESSION['csrf_token'])) {
return false;
}
return hash_equals($_SESSION['csrf_token'], $token);
}
}

72
app/Core/Middleware/SecurityMiddleware.php Normal file
View File

@@ -0,0 +1,72 @@
<?php
namespace App\Core\Middleware;
/**
* Security Middleware
* Basic security checks
*/
class SecurityMiddleware
{
public function handle(string $method, string $uri, callable $next): void
{
// Check for suspicious patterns
if ($this->isSuspiciousRequest($uri)) {
http_response_code(403);
echo "<h1>403 - Forbidden</h1>";
echo "<p>Access denied due to security policy.</p>";
return;
}
// Check request size
if ($this->isRequestTooLarge()) {
http_response_code(413);
echo "<h1>413 - Request Too Large</h1>";
echo "<p>Request size exceeds allowed limit.</p>";
return;
}
// Continue to next middleware
$next();
}
/**
* Check for suspicious request patterns
*/
private function isSuspiciousRequest(string $uri): bool
{
$suspiciousPatterns = [
'/\.\./', // Directory traversal
'/\.env/', // Environment file access
'/\.git/', // Git directory access
'/\.htaccess/', // Apache config access
'/\.htpasswd/', // Apache password file
'/admin\.php/', // Admin file access
'/config\.php/', // Config file access
'/wp-admin/', // WordPress admin
'/wp-login/', // WordPress login
'/phpmyadmin/', // phpMyAdmin
'/\.sql/', // SQL file access
'/\.bak/', // Backup file access
];
foreach ($suspiciousPatterns as $pattern) {
if (preg_match($pattern, $uri)) {
return true;
}
}
return false;
}
/**
* Check if request is too large
*/
private function isRequestTooLarge(): bool
{
$maxSize = 10 * 1024 * 1024; // 10MB
$contentLength = (int)($_SERVER['CONTENT_LENGTH'] ?? 0);
return $contentLength > $maxSize;
}
}