dnsblock/server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Correções de segurança

Browse Source
This commit is contained in:
Halbe Bruno
2025-12-06 10:56:52 -03:00
parent bd830fc575
commit 4966611eec
4 changed files with 97 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
app/Controllers/SettingsController.php
View File

@@ -36,22 +36,31 @@ class SettingsController
{ {
header('Content-Type: application/json'); header('Content-Type: application/json');
$telegramService = new TelegramService(); try {
$telegramService = new TelegramService();
// Use sendOrderNotification to test with the configured template // Use sendOrderNotification to test with the configured template
$response = $telegramService->sendOrderNotification([ $response = $telegramService->sendOrderNotification([
'id' => '12345', 'id' => '12345',
'title' => 'Teste de Integração', 'title' => 'Teste de Integração',
'type' => 'Teste' 'type' => 'Teste'
], 999); ], 999);
$result = json_decode($response, true); if ($response === false) {
throw new \Exception("Falha ao conectar com a API do Telegram (curl retornou false). Verifique o Token e o Chat ID.");
}
if ($result && isset($result['ok']) && $result['ok']) { $result = json_decode($response, true);
echo json_encode(['success' => true, 'message' => 'Mensagem enviada com sucesso!']);
} else { if ($result && isset($result['ok']) && $result['ok']) {
$error = $result['description'] ?? 'Erro desconhecido ao contatar API do Telegram.'; echo json_encode(['success' => true, 'message' => 'Mensagem enviada com sucesso!']);
echo json_encode(['success' => false, 'message' => 'Falha ao enviar: ' . $error]); } else {
$error = $result['description'] ?? 'Erro desconhecido ao contatar API do Telegram. Resposta bruta: ' . $response;
echo json_encode(['success' => false, 'message' => 'Falha ao enviar: ' . $error]);
}
} catch (\Throwable $e) {
error_log("Erro no teste do Telegram: " . $e->getMessage());
echo json_encode(['success' => false, 'message' => 'Erro interno: ' . $e->getMessage()]);
} }
exit; exit;
} }

1
app/Middleware/AdminMiddleware.php
View File

@@ -9,6 +9,7 @@ class AdminMiddleware
public function handle() public function handle()
{ {
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] !== 'admin') { if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] !== 'admin') {
error_log("AdminMiddleware Redirecting: Session Role: " . ($_SESSION['user_role'] ?? 'NOT SET') . " | Session ID: " . session_id());
View::redirect('/login'); View::redirect('/login');
return false; return false;
} }

74
app/routes.php
View File

@@ -9,47 +9,92 @@ $router->get('/login', [AuthController::class, 'login']);
$router->post('/login', [AuthController::class, 'authenticate']); $router->post('/login', [AuthController::class, 'authenticate']);
$router->get('/logout', [AuthController::class, 'logout']); $router->get('/logout', [AuthController::class, 'logout']);
// Admin Routes
// Admin Routes // Admin Routes
$router->get('/admin/dashboard', [\App\Controllers\AdminDashboardController::class, 'index']); $router->get('/admin/dashboard', [\App\Controllers\AdminDashboardController::class, 'index']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->get('/admin/search', [\App\Controllers\SearchController::class, 'search']); $router->get('/admin/search', [\App\Controllers\SearchController::class, 'search']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->get('/admin/logs', [\App\Controllers\LogController::class, 'index']); $router->get('/admin/logs', [\App\Controllers\LogController::class, 'index']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
// Admin Profile // Admin Profile
$router->get('/admin/profile', [\App\Controllers\AdminProfileController::class, 'index']); $router->get('/admin/profile', [\App\Controllers\AdminProfileController::class, 'index']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->post('/admin/profile/update', [\App\Controllers\AdminProfileController::class, 'update']); $router->post('/admin/profile/update', [\App\Controllers\AdminProfileController::class, 'update']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->post('/admin/profile/password', [\App\Controllers\AdminProfileController::class, 'updatePassword']); $router->post('/admin/profile/password', [\App\Controllers\AdminProfileController::class, 'updatePassword']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
// Clients CRUD // Clients CRUD
$router->get('/admin/clients', [\App\Controllers\ClientController::class, 'index']); $router->get('/admin/clients', [\App\Controllers\ClientController::class, 'index']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->get('/admin/clients/create', [\App\Controllers\ClientController::class, 'create']); $router->get('/admin/clients/create', [\App\Controllers\ClientController::class, 'create']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->post('/admin/clients/store', [\App\Controllers\ClientController::class, 'store']); $router->post('/admin/clients/store', [\App\Controllers\ClientController::class, 'store']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->get('/admin/clients/edit/{id}', [\App\Controllers\ClientController::class, 'edit']); $router->get('/admin/clients/edit/{id}', [\App\Controllers\ClientController::class, 'edit']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->post('/admin/clients/update/{id}', [\App\Controllers\ClientController::class, 'update']); $router->post('/admin/clients/update/{id}', [\App\Controllers\ClientController::class, 'update']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->get('/admin/clients/delete/{id}', [\App\Controllers\ClientController::class, 'delete']); $router->get('/admin/clients/delete/{id}', [\App\Controllers\ClientController::class, 'delete']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
// Servers CRUD // Servers CRUD
$router->get('/admin/servers', [\App\Controllers\ServerController::class, 'index']); $router->get('/admin/servers', [\App\Controllers\ServerController::class, 'index']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->get('/admin/servers/create', [\App\Controllers\ServerController::class, 'create']); $router->get('/admin/servers/create', [\App\Controllers\ServerController::class, 'create']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->post('/admin/servers/store', [\App\Controllers\ServerController::class, 'store']); $router->post('/admin/servers/store', [\App\Controllers\ServerController::class, 'store']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->get('/admin/servers/edit/{id}', [\App\Controllers\ServerController::class, 'edit']); $router->get('/admin/servers/edit/{id}', [\App\Controllers\ServerController::class, 'edit']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->post('/admin/servers/update/{id}', [\App\Controllers\ServerController::class, 'update']); $router->post('/admin/servers/update/{id}', [\App\Controllers\ServerController::class, 'update']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->get('/admin/servers/delete/{id}', [\App\Controllers\ServerController::class, 'delete']); $router->get('/admin/servers/delete/{id}', [\App\Controllers\ServerController::class, 'delete']);
$router->get('/admin/servers/delete/{id}', [\App\Controllers\ServerController::class, 'delete']); $router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->get('/admin/servers/reset-machine/{id}', [\App\Controllers\ServerController::class, 'resetMachineId']); $router->get('/admin/servers/reset-machine/{id}', [\App\Controllers\ServerController::class, 'resetMachineId']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
// Orders CRUD // Orders CRUD
$router->get('/admin/orders', [\App\Controllers\OrderController::class, 'index']); $router->get('/admin/orders', [\App\Controllers\OrderController::class, 'index']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->get('/admin/orders/create', [\App\Controllers\OrderController::class, 'create']); $router->get('/admin/orders/create', [\App\Controllers\OrderController::class, 'create']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->post('/admin/orders/store', [\App\Controllers\OrderController::class, 'store']); $router->post('/admin/orders/store', [\App\Controllers\OrderController::class, 'store']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->get('/admin/orders/view/{id}', [\App\Controllers\OrderController::class, 'view']); $router->get('/admin/orders/view/{id}', [\App\Controllers\OrderController::class, 'view']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
// Settings // Settings
$router->get('/admin/settings', [\App\Controllers\SettingsController::class, 'index']); $router->get('/admin/settings', [\App\Controllers\SettingsController::class, 'index']);
$router->post('/admin/settings/update', [\App\Controllers\SettingsController::class, 'update']);
$router->post('/admin/settings/test-telegram', [\App\Controllers\SettingsController::class, 'testTelegram']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class); $router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->post('/admin/settings/update', [\App\Controllers\SettingsController::class, 'update']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
$router->post('/admin/settings/test-telegram', [\App\Controllers\SettingsController::class, 'testTelegram']);
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
// API Routes // API Routes
$router->post('/api/auth/login', [\App\Controllers\ApiAuthController::class, 'login']); $router->post('/api/auth/login', [\App\Controllers\ApiAuthController::class, 'login']);
@@ -58,10 +103,19 @@ $router->addMiddleware(\App\Middleware\ApiMiddleware::class);
// Client Routes // Client Routes
$router->get('/client/dashboard', [\App\Controllers\ClientDashboardController::class, 'index']); $router->get('/client/dashboard', [\App\Controllers\ClientDashboardController::class, 'index']);
$router->get('/client/servers', [\App\Controllers\ClientDashboardController::class, 'servers']); $router->addMiddleware(\App\Middleware\ClientMiddleware::class);
$router->get('/client/orders', [\App\Controllers\ClientDashboardController::class, 'orders']);
$router->get('/client/orders/view/{id}', [\App\Controllers\ClientDashboardController::class, 'viewOrder']); $router->get('/client/servers', [\App\Controllers\ClientDashboardController::class, 'servers']);
$router->get('/client/profile', [\App\Controllers\ClientDashboardController::class, 'profile']); $router->addMiddleware(\App\Middleware\ClientMiddleware::class);
$router->post('/client/profile/password', [\App\Controllers\ClientDashboardController::class, 'updatePassword']);
$router->get('/client/orders', [\App\Controllers\ClientDashboardController::class, 'orders']);
$router->addMiddleware(\App\Middleware\ClientMiddleware::class);
$router->get('/client/orders/view/{id}', [\App\Controllers\ClientDashboardController::class, 'viewOrder']);
$router->addMiddleware(\App\Middleware\ClientMiddleware::class);
$router->get('/client/profile', [\App\Controllers\ClientDashboardController::class, 'profile']);
$router->addMiddleware(\App\Middleware\ClientMiddleware::class);
$router->post('/client/profile/password', [\App\Controllers\ClientDashboardController::class, 'updatePassword']);
$router->addMiddleware(\App\Middleware\ClientMiddleware::class); $router->addMiddleware(\App\Middleware\ClientMiddleware::class);

12
resources/views/admin/settings/index.php
View File

@@ -118,7 +118,14 @@
'X-Requested-With': 'XMLHttpRequest' 'X-Requested-With': 'XMLHttpRequest'
} }
}) })
.then(response => response.json()) .then(async response => {
const text = await response.text();
try {
return JSON.parse(text);
} catch (e) {
throw new Error(`Resposta inválida do servidor (${response.status}): ${text.substring(0, 100)}...`);
}
})
.then(data => { .then(data => {
this.$dispatch('notify', { this.$dispatch('notify', {
type: data.success ? 'success' : 'error', type: data.success ? 'success' : 'error',
@@ -127,10 +134,11 @@
}); });
}) })
.catch(error => { .catch(error => {
console.error('Erro no teste:', error);
this.$dispatch('notify', { this.$dispatch('notify', {
type: 'error', type: 'error',
title: 'Erro', title: 'Erro',
message: 'Falha na requisição.' message: 'Erro: ' + error.message
}); });
}) })
.finally(() => { .finally(() => {