update 20.10.2025

2025-10-20 17:42:08 +02:00 · 2025-10-20 17:42:08 +02:00 · a939cd51ef
commit a939cd51ef
parent 8c11130b5d
616 changed files with 84821 additions and 4121 deletions
--- a/dev/app-bak/Http/Middleware/CsrfDebugger.php
+++ b/dev/app-bak/Http/Middleware/CsrfDebugger.php
@ -0,0 +1,79 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Session;
+use Symfony\Component\HttpFoundation\Response;
+
+/**
+ * Debuggt Session-Änderungen vor VerifyCsrfToken.
+ *
+ * Diese Middleware läuft direkt vor Illuminate\Foundation\Http\Middleware\VerifyCsrfToken
+ * und überprüft, ob CSRF-Probleme die Session regenerieren.
+ */
+class CsrfDebugger
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        // Session-ID vor CSRF-Token-Überprüfung überprüfen
+        $sessionIdBeforeCsrf = Session::getId();
+        $domainResolverSessionId = $request->attributes->get('domain_resolver_session_id');
+
+        if (config('app.debug')) {
+            \Log::channel('domain')->debug('CsrfDebugger: VOR VerifyCsrfToken', [
+                'session_id_before_csrf' => $sessionIdBeforeCsrf,
+                'domain_resolver_session_id' => $domainResolverSessionId,
+                'session_consistent_with_domain_resolver' => $domainResolverSessionId === $sessionIdBeforeCsrf,
+                'request_method' => $request->method(),
+                'request_path' => $request->path(),
+                'has_csrf_token' => $request->has('_token'),
+                'csrf_token_in_session' => Session::has('_token'),
+                'request_host' => $request->getHost(),
+                'middleware_position' => 'Vor VerifyCsrfToken'
+            ]);
+        }
+
+        // Request weiterleiten (VerifyCsrfToken läuft hier)
+        $response = $next($request);
+
+        // Session-ID nach CSRF-Token-Überprüfung vergleichen
+        $sessionIdAfterCsrf = Session::getId();
+
+        if (config('app.debug')) {
+            \Log::channel('domain')->debug('CsrfDebugger: NACH VerifyCsrfToken', [
+                'session_id_before_csrf' => $sessionIdBeforeCsrf,
+                'session_id_after_csrf' => $sessionIdAfterCsrf,
+                'session_changed_by_csrf' => $sessionIdBeforeCsrf !== $sessionIdAfterCsrf,
+                'domain_resolver_session_id' => $domainResolverSessionId,
+                'request_method' => $request->method(),
+                'request_path' => $request->path(),
+                'response_status' => $response->getStatusCode(),
+                'request_host' => $request->getHost()
+            ]);
+
+            if ($sessionIdBeforeCsrf !== $sessionIdAfterCsrf) {
+                \Log::channel('domain')->warning('🚨 CsrfDebugger: VerifyCsrfToken hat Session-ID geändert!', [
+                    'session_id_before' => $sessionIdBeforeCsrf,
+                    'session_id_after' => $sessionIdAfterCsrf,
+                    'domain_resolver_session_id' => $domainResolverSessionId,
+                    'request_method' => $request->method(),
+                    'request_path' => $request->path(),
+                    'has_csrf_token' => $request->has('_token'),
+                    'response_status' => $response->getStatusCode(),
+                    'request_host' => $request->getHost(),
+                    'user_agent' => $request->userAgent(),
+                    'possible_cause' => 'CSRF-Token fehlt oder ist ungültig'
+                ]);
+            }
+        }
+
+        return $response;
+    }
+}