Update: 2026-05-03 20:51:50
This commit is contained in:
Hamza-Ayed
@@ -5,12 +5,27 @@
|
|||||||
|
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
// 1. Constants
|
// 1. Error Reporting (Secure for production)
|
||||||
|
if (env('APP_DEBUG', 'false') === 'true') {
|
||||||
|
error_reporting(E_ALL);
|
||||||
|
ini_set('display_errors', '1');
|
||||||
|
} else {
|
||||||
|
error_reporting(0);
|
||||||
|
ini_set('display_errors', '0');
|
||||||
|
}
|
||||||
|
|
||||||
|
// 2. Security Headers
|
||||||
|
header("X-Content-Type-Options: nosniff");
|
||||||
|
header("X-Frame-Options: DENY");
|
||||||
|
header("X-XSS-Protection: 1; mode=block");
|
||||||
|
header("Referrer-Policy: strict-origin-when-cross-origin");
|
||||||
|
|
||||||
|
// 3. Constants
|
||||||
define('ROOT_PATH', dirname(__DIR__, 2));
|
define('ROOT_PATH', dirname(__DIR__, 2));
|
||||||
define('APP_PATH', ROOT_PATH . '/app');
|
define('APP_PATH', ROOT_PATH . '/app');
|
||||||
define('STORAGE_PATH', ROOT_PATH . '/storage');
|
define('STORAGE_PATH', ROOT_PATH . '/storage');
|
||||||
|
|
||||||
// 2. Load Environment Variables
|
// 3. Environment Loader
|
||||||
require_once APP_PATH . '/bootstrap/env.php';
|
require_once APP_PATH . '/bootstrap/env.php';
|
||||||
|
|
||||||
// 3. Common Helpers
|
// 3. Common Helpers
|
||||||
|
|||||||
@@ -9,12 +9,22 @@ namespace App\Core;
|
|||||||
|
|
||||||
final class Security
|
final class Security
|
||||||
{
|
{
|
||||||
public static function sanitize(string $data): string
|
/**
|
||||||
|
* Recursively sanitize input data (strings and arrays)
|
||||||
|
*/
|
||||||
|
public static function sanitize($data)
|
||||||
{
|
{
|
||||||
return htmlspecialchars(strip_tags(trim($data)));
|
if (is_array($data)) {
|
||||||
|
foreach ($data as $key => $value) {
|
||||||
|
$data[$key] = self::sanitize($value);
|
||||||
|
}
|
||||||
|
} else if (is_string($data)) {
|
||||||
|
$data = htmlspecialchars(strip_tags(trim($data)), ENT_QUOTES, 'UTF-8');
|
||||||
|
}
|
||||||
|
return $data;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function generateRandomString(int $length = 32): string
|
public static function generateRandomString(int $length = 64): string
|
||||||
{
|
{
|
||||||
return bin2hex(random_bytes($length / 2));
|
return bin2hex(random_bytes($length / 2));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7,7 +7,13 @@ use App\Core\Database;
|
|||||||
use App\Core\JWT;
|
use App\Core\JWT;
|
||||||
use App\Core\Validator;
|
use App\Core\Validator;
|
||||||
|
|
||||||
$data = input();
|
use App\Middleware\RateLimitMiddleware;
|
||||||
|
use App\Core\Security;
|
||||||
|
|
||||||
|
// 0. Rate Limiting (5 attempts per minute per IP)
|
||||||
|
RateLimitMiddleware::check(5, 60);
|
||||||
|
|
||||||
|
$data = Security::sanitize(input());
|
||||||
|
|
||||||
// 1. Validation
|
// 1. Validation
|
||||||
$errors = Validator::validate($data, [
|
$errors = Validator::validate($data, [
|
||||||
|
|||||||
Reference in New Issue
Block a user