Skip to content
Snippets Groups Projects
Normal view Permalink
Security.php 3.24 KiB
Newer Older
  • Learn to ignore specific revisions
    • Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    1 2 
    <?php
    Yassine Doghri's avatar
    refactor: add strict types declaration before each file and fix activitypub issues  
    Yassine Doghri committed
    3 4 
    declare(strict_types=1);
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    5 6 7 8 9 10 
    namespace Config;

use CodeIgniter\Config\BaseConfig;

class Security extends BaseConfig
{
    Yassine Doghri's avatar
    chore: update CodeIgniter to latest dev version after 4.1.6  
    Yassine Doghri committed
    11 12 13 14 15 16 17 18 19 
        /**
     * --------------------------------------------------------------------------
     * CSRF Protection Method
     * --------------------------------------------------------------------------
     *
     * Protection Method for Cross Site Request Forgery protection.
     *
     * @var 'cookie'|'session'
     */
    Yassine Doghri's avatar
    refactor(auth): replace myth/auth with codeigniter/shield + define new roles  
    Yassine Doghri committed
    20 
        public string $csrfProtection = 'session';
    Yassine Doghri's avatar
    chore: update CodeIgniter to latest dev version after 4.1.6  
    Yassine Doghri committed
    21 22 23 24 25 26 27 28 
    
    /**
     * --------------------------------------------------------------------------
     * CSRF Token Randomization
     * --------------------------------------------------------------------------
     *
     * Randomize the CSRF Token for added security.
     */
    Yassine Doghri's avatar
    fix(security): add csrf filter + prevent xss attacks by escaping user input  
    Yassine Doghri committed
    29 
        public bool $tokenRandomize = true;
    Yassine Doghri's avatar
    chore: update CodeIgniter to latest dev version after 4.1.6  
    Yassine Doghri committed
    30
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    31 32 33 34 35 
        /**
     * --------------------------------------------------------------------------
     * CSRF Token Name
     * --------------------------------------------------------------------------
     *
    Yassine Doghri's avatar
    chore: update CodeIgniter to latest dev version after 4.1.6  
    Yassine Doghri committed
    36 
         * Token name for Cross Site Request Forgery protection.
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    37 
         */
    Yassine Doghri's avatar
    refactor: remove all empty declarations + add missing type declarations  
    Yassine Doghri committed
    38 
        public string $tokenName = 'csrf_test_name';
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    39 40 41 42 43 44 
    
    /**
     * --------------------------------------------------------------------------
     * CSRF Header Name
     * --------------------------------------------------------------------------
     *
    Yassine Doghri's avatar
    chore: update CodeIgniter to latest dev version after 4.1.6  
    Yassine Doghri committed
    45 
         * Header name for Cross Site Request Forgery protection.
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    46 
         */
    Yassine Doghri's avatar
    refactor: remove all empty declarations + add missing type declarations  
    Yassine Doghri committed
    47 
        public string $headerName = 'X-CSRF-TOKEN';
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    48 49 50 51 52 53 
    
    /**
     * --------------------------------------------------------------------------
     * CSRF Cookie Name
     * --------------------------------------------------------------------------
     *
    Yassine Doghri's avatar
    chore: update CodeIgniter to latest dev version after 4.1.6  
    Yassine Doghri committed
    54 
         * Cookie name for Cross Site Request Forgery protection.
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    55 
         */
    Yassine Doghri's avatar
    refactor: remove all empty declarations + add missing type declarations  
    Yassine Doghri committed
    56 
        public string $cookieName = 'csrf_cookie_name';
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    57 58 59 60 61 62 63 64 65 66 
    
    /**
     * --------------------------------------------------------------------------
     * CSRF Expires
     * --------------------------------------------------------------------------
     *
     * Expiration time for Cross Site Request Forgery protection cookie.
     *
     * Defaults to two hours (in seconds).
     */
    Yassine Doghri's avatar
    refactor: remove all empty declarations + add missing type declarations  
    Yassine Doghri committed
    67 
        public int $expires = 7200;
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    68 69 70 71 72 73 
    
    /**
     * --------------------------------------------------------------------------
     * CSRF Regenerate
     * --------------------------------------------------------------------------
     *
    Yassine Doghri's avatar
    chore: update CodeIgniter to latest dev version after 4.1.6  
    Yassine Doghri committed
    74 
         * Regenerate CSRF Token on every submission.
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    75 
         */
    Yassine Doghri's avatar
    refactor: remove all empty declarations + add missing type declarations  
    Yassine Doghri committed
    76 
        public bool $regenerate = true;
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    77 78 79 80 81 82 83 84 
    
    /**
     * --------------------------------------------------------------------------
     * CSRF Redirect
     * --------------------------------------------------------------------------
     *
     * Redirect to previous page with error on failure.
     */
    Yassine Doghri's avatar
    refactor: remove all empty declarations + add missing type declarations  
    Yassine Doghri committed
    85 
        public bool $redirect = true;
    Yassine Doghri's avatar
    fix: replace deletedField with published_at for episodes  
    Yassine Doghri committed
    86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 
    
    /**
     * --------------------------------------------------------------------------
     * CSRF SameSite
     * --------------------------------------------------------------------------
     *
     * Setting for CSRF SameSite cookie token.
     *
     * Allowed values are: None - Lax - Strict - ''.
     *
     * Defaults to `Lax` as recommended in this link:
     *
     * @see https://portswigger.net/web-security/csrf/samesite-cookies
     *
     * @var string
     *
     * @deprecated `Config\Cookie` $samesite property is used.
     */
    public $samesite = 'Lax';
    Yassine Doghri's avatar
    feat(fediverse): implement activitypub protocols + update user interface
    Yassine Doghri committed
    105 
    }