Malin/domnitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch channel actions to POST forms and add group_id handling

Browse Source 
Replaced channel toggle and delete links with POST forms including CSRF protection for better security. Added a hidden group_id input to the channel creation form and improved JavaScript to reliably obtain group_id from the form or URL. Also added support for 'webhook' channel type in the testChannel function.
This commit is contained in:
Hosteroid
2025-10-21 13:53:10 +03:00
parent 21eeda7127
commit ec0b5c61ea
1 changed files with 28 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
app/Views/groups/edit.php
View File

@@ -111,17 +111,23 @@ ob_start();
<i class="fas fa-paper-plane mr-1"></i> <i class="fas fa-paper-plane mr-1"></i>
Test Test
</button> </button>
<a href="/groups/<?= $group['id'] ?>/channels/<?= $channel['id'] ?>/toggle" <form method="POST" action="/groups/<?= $group['id'] ?>/channels/<?= $channel['id'] ?>/toggle" class="flex-1">
class="flex-1 px-3 py-2 bg-yellow-50 text-yellow-700 rounded text-center text-sm hover:bg-yellow-100 transition-colors duration-150"> <?= csrf_field() ?>
<button type="submit"
class="w-full px-3 py-2 bg-yellow-50 text-yellow-700 rounded text-center text-sm hover:bg-yellow-100 transition-colors duration-150">
<i class="fas fa-<?= $channel['is_active'] ? 'pause' : 'play' ?> mr-1"></i> <i class="fas fa-<?= $channel['is_active'] ? 'pause' : 'play' ?> mr-1"></i>
<?= $channel['is_active'] ? 'Disable' : 'Enable' ?> <?= $channel['is_active'] ? 'Disable' : 'Enable' ?>
</a> </button>
<a href="/groups/<?= $group['id'] ?>/channels/<?= $channel['id'] ?>/delete" </form>
class="flex-1 px-3 py-2 bg-red-50 text-red-700 rounded text-center text-sm hover:bg-red-100 transition-colors duration-150" <form method="POST" action="/groups/<?= $group['id'] ?>/channels/<?= $channel['id'] ?>/delete" class="flex-1">
<?= csrf_field() ?>
<button type="submit"
class="w-full px-3 py-2 bg-red-50 text-red-700 rounded text-center text-sm hover:bg-red-100 transition-colors duration-150"
onclick="return confirm('Delete this channel?')"> onclick="return confirm('Delete this channel?')">
<i class="fas fa-trash mr-1"></i> <i class="fas fa-trash mr-1"></i>
Delete Delete
</a> </button>
</form>
</div> </div>
</div> </div>
<?php endforeach; ?> <?php endforeach; ?>
@@ -137,6 +143,7 @@ ob_start();
<form method="POST" action="/groups/<?= $group['id'] ?>/channels" id="channelForm" class="space-y-5"> <form method="POST" action="/groups/<?= $group['id'] ?>/channels" id="channelForm" class="space-y-5">
<?= csrf_field() ?> <?= csrf_field() ?>
<input type="hidden" name="group_id" value="<?= $group['id'] ?>">
<!-- Channel Type --> <!-- Channel Type -->
<div> <div>
@@ -533,8 +540,13 @@ function testChannel(channelType, existingConfig = null) {
const formData = new FormData(); const formData = new FormData();
formData.append('channel_type', channelType); formData.append('channel_type', channelType);
// Add group ID // Add group ID from URL or form
const groupId = document.querySelector('input[name="group_id"]').value; let groupId = document.querySelector('input[name="group_id"]')?.value;
if (!groupId) {
// Extract group ID from URL if not in form
const urlParts = window.location.pathname.split('/');
groupId = urlParts[urlParts.indexOf('groups') + 1];
}
formData.append('group_id', groupId); formData.append('group_id', groupId);
// Add CSRF token // Add CSRF token
@@ -558,6 +570,9 @@ function testChannel(channelType, existingConfig = null) {
case 'slack': case 'slack':
formData.append('slack_webhook_url', existingConfig.webhook_url); formData.append('slack_webhook_url', existingConfig.webhook_url);
break; break;
case 'webhook':
formData.append('webhook_url', existingConfig.webhook_url);
break;
} }
} else { } else {
// Use form values for new channels // Use form values for new channels