79 lines
3.3 KiB
PHP
79 lines
3.3 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Session;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
/**
|
|
* Debuggt Session-Änderungen vor VerifyCsrfToken.
|
|
*
|
|
* Diese Middleware läuft direkt vor Illuminate\Foundation\Http\Middleware\VerifyCsrfToken
|
|
* und überprüft, ob CSRF-Probleme die Session regenerieren.
|
|
*/
|
|
class CsrfDebugger
|
|
{
|
|
/**
|
|
* Handle an incoming request.
|
|
*
|
|
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
|
|
*/
|
|
public function handle(Request $request, Closure $next): Response
|
|
{
|
|
// Session-ID vor CSRF-Token-Überprüfung überprüfen
|
|
$sessionIdBeforeCsrf = Session::getId();
|
|
$domainResolverSessionId = $request->attributes->get('domain_resolver_session_id');
|
|
|
|
if (config('app.debug')) {
|
|
\Log::channel('domain')->debug('CsrfDebugger: VOR VerifyCsrfToken', [
|
|
'session_id_before_csrf' => $sessionIdBeforeCsrf,
|
|
'domain_resolver_session_id' => $domainResolverSessionId,
|
|
'session_consistent_with_domain_resolver' => $domainResolverSessionId === $sessionIdBeforeCsrf,
|
|
'request_method' => $request->method(),
|
|
'request_path' => $request->path(),
|
|
'has_csrf_token' => $request->has('_token'),
|
|
'csrf_token_in_session' => Session::has('_token'),
|
|
'request_host' => $request->getHost(),
|
|
'middleware_position' => 'Vor VerifyCsrfToken'
|
|
]);
|
|
}
|
|
|
|
// Request weiterleiten (VerifyCsrfToken läuft hier)
|
|
$response = $next($request);
|
|
|
|
// Session-ID nach CSRF-Token-Überprüfung vergleichen
|
|
$sessionIdAfterCsrf = Session::getId();
|
|
|
|
if (config('app.debug')) {
|
|
\Log::channel('domain')->debug('CsrfDebugger: NACH VerifyCsrfToken', [
|
|
'session_id_before_csrf' => $sessionIdBeforeCsrf,
|
|
'session_id_after_csrf' => $sessionIdAfterCsrf,
|
|
'session_changed_by_csrf' => $sessionIdBeforeCsrf !== $sessionIdAfterCsrf,
|
|
'domain_resolver_session_id' => $domainResolverSessionId,
|
|
'request_method' => $request->method(),
|
|
'request_path' => $request->path(),
|
|
'response_status' => $response->getStatusCode(),
|
|
'request_host' => $request->getHost()
|
|
]);
|
|
|
|
if ($sessionIdBeforeCsrf !== $sessionIdAfterCsrf) {
|
|
\Log::channel('domain')->warning('🚨 CsrfDebugger: VerifyCsrfToken hat Session-ID geändert!', [
|
|
'session_id_before' => $sessionIdBeforeCsrf,
|
|
'session_id_after' => $sessionIdAfterCsrf,
|
|
'domain_resolver_session_id' => $domainResolverSessionId,
|
|
'request_method' => $request->method(),
|
|
'request_path' => $request->path(),
|
|
'has_csrf_token' => $request->has('_token'),
|
|
'response_status' => $response->getStatusCode(),
|
|
'request_host' => $request->getHost(),
|
|
'user_agent' => $request->userAgent(),
|
|
'possible_cause' => 'CSRF-Token fehlt oder ist ungültig'
|
|
]);
|
|
}
|
|
}
|
|
|
|
return $response;
|
|
}
|
|
}
|