einundzwanzig/einundzwanzig-verein
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-nostr.git synced 2026-02-04 15:53:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔒 Add #[Locked] attribute to Livewire components to enhance security against client-side state tampering

Browse Source
This commit is contained in:
HolgerHatGarKeineNode
2026-02-03 22:49:42 +01:00
parent 71ce57ddd3
commit 2957e89c79
13 changed files with 149 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
resources/views/livewire/association/benefits.blade.php
View File

@@ -4,26 +4,35 @@ use App\Models\EinundzwanzigPleb;
use App\Support\NostrAuth;
use App\Traits\NostrFetcherTrait;
use Flux\Flux;
use Livewire\Attributes\Locked;
use Livewire\Component;
new class extends Component
{
use NostrFetcherTrait;
#[Locked]
public ?EinundzwanzigPleb $currentPleb = null;
#[Locked]
public ?string $currentPubkey = null;
#[Locked]
public bool $currentYearIsPaid = false;
#[Locked]
public ?string $nip05Handle = '';
#[Locked]
public bool $nip05Verified = false;
#[Locked]
public ?string $nip05VerifiedHandle = null;
#[Locked]
public bool $nip05HandleMismatch = false;
#[Locked]
public array $nip05VerifiedHandles = [];
protected $listeners = [

19
resources/views/livewire/association/election/admin.blade.php
View File

@@ -1,6 +1,7 @@
<?php
use App\Models\Election;
use Livewire\Attributes\Locked;
use Livewire\Component;
use swentel\nostr\Filter\Filter;
use swentel\nostr\Message\RequestMessage;
@@ -10,10 +11,13 @@ use swentel\nostr\Request\Request;
use swentel\nostr\Subscription\Subscription;
new class extends Component {
#[Locked]
public bool $isAllowed = false;
#[Locked]
public ?string $currentPubkey = null;
#[Locked]
public ?\App\Models\EinundzwanzigPleb $currentPleb = null;
public ?array $votes = null;
@@ -47,6 +51,21 @@ new class extends Component {
$this->loadBoardVotes();
}
public function handleNostrLoggedIn(string $pubkey): void
{
$this->currentPubkey = $pubkey;
$this->currentPleb = \App\Models\EinundzwanzigPleb::query()
->where('pubkey', $pubkey)->first();
$this->isAllowed = (bool) $this->currentPleb;
}
public function handleNostrLoggedOut(): void
{
$this->currentPubkey = null;
$this->currentPleb = null;
$this->isAllowed = false;
}
public function handleNewVote(): void
{
$this->loadEvents();

25
resources/views/livewire/association/election/index.blade.php
View File

@@ -3,14 +3,18 @@
use App\Models\EinundzwanzigPleb;
use App\Models\Election;
use App\Support\NostrAuth;
use Livewire\Attributes\Locked;
use Livewire\Component;
new class extends Component {
#[Locked]
public bool $isAllowed = false;
#[Locked]
public ?string $currentPubkey = null;
#[Locked]
public ?EinundzwanzigPleb $currentPleb = null;
public array $elections = [];
@@ -37,6 +41,27 @@ new class extends Component {
}
}
public function handleNostrLoggedIn(string $pubkey): void
{
$this->currentPubkey = $pubkey;
$this->currentPleb = EinundzwanzigPleb::query()
->where('pubkey', $pubkey)->first();
$logPubkeys = [
'0adf67475ccc5ca456fd3022e46f5d526eb0af6284bf85494c0dd7847f3e5033',
'430169631f2f0682c60cebb4f902d68f0c71c498fd1711fd982f052cf1fd4279',
];
$this->isAllowed = in_array($pubkey, $logPubkeys, true);
}
public function handleNostrLoggedOut(): void
{
$this->currentPubkey = null;
$this->currentPleb = null;
$this->isAllowed = false;
}
public function saveElection($index): void
{
$election = $this->elections[$index];

20
resources/views/livewire/association/election/show.blade.php
View File

@@ -5,6 +5,7 @@ use App\Models\EinundzwanzigPleb;
use App\Models\Profile;
use App\Support\NostrAuth;
use Livewire\Attributes\Computed;
use Livewire\Attributes\Locked;
use Livewire\Component;
use swentel\nostr\Event\Event as NostrEvent;
use swentel\nostr\Filter\Filter;
@@ -16,12 +17,16 @@ use swentel\nostr\Request\Request;
use swentel\nostr\Subscription\Subscription;
new class extends Component {
#[Locked]
public bool $isAllowed = false;
#[Locked]
public bool $showLog = false;
#[Locked]
public ?string $currentPubkey = null;
#[Locked]
public ?EinundzwanzigPleb $currentPleb = null;
public array $events = [];
@@ -197,6 +202,21 @@ new class extends Component {
}
}
public function handleNostrLoggedIn(string $pubkey): void
{
$this->currentPubkey = $pubkey;
$this->currentPleb = EinundzwanzigPleb::query()
->where('pubkey', $pubkey)->first();
$this->isAllowed = (bool) $this->currentPleb;
}
public function handleNostrLoggedOut(): void
{
$this->currentPubkey = null;
$this->currentPleb = null;
$this->isAllowed = false;
}
public function updatedSearch($value): void
{
$this->plebs = EinundzwanzigPleb::query()

29
resources/views/livewire/association/members/admin.blade.php
View File

@@ -5,14 +5,18 @@ use App\Models\EinundzwanzigPleb;
use App\Support\NostrAuth;
use Flux\Flux;
use Livewire\Attributes\Computed;
use Livewire\Attributes\Locked;
use Livewire\Component;
new class extends Component
{
#[Locked]
public bool $isAllowed = false;
#[Locked]
public ?string $currentPubkey = null;
#[Locked]
public ?EinundzwanzigPleb $currentPleb = null;
public string $sortBy = 'association_status';
@@ -63,6 +67,31 @@ new class extends Component
$this->plebs = $this->loadPlebs();
}
public function handleNostrLoggedIn(string $pubkey): void
{
$this->currentPubkey = $pubkey;
$this->currentPleb = EinundzwanzigPleb::query()
->where('pubkey', $pubkey)->first();
$allowedPubkeys = [
'0adf67475ccc5ca456fd3022e46f5d526eb0af6284bf85494c0dd7847f3e5033',
'430169631f2f0682c60cebb4f902d68f0c71c498fd1711fd982f052cf1fd4279',
'7acf30cf60b85c62b8f654556cc21e4016df8f5604b3b6892794f88bb80d7a1d',
'f240be2b684f85cc81566f2081386af81d7427ea86250c8bde6b7a8500c761ba',
'19e358b8011f5f4fc653c565c6d4c2f33f32661f4f90982c9eedc292a8774ec3',
'acbcec475a1a4f9481939ecfbd1c3d111f5b5a474a39ae039bbc720fdd305bec',
];
$this->isAllowed = in_array($pubkey, $allowedPubkeys, true);
}
public function handleNostrLoggedOut(): void
{
$this->currentPubkey = null;
$this->currentPleb = null;
$this->isAllowed = false;
}
private function loadPlebs()
{
$query = EinundzwanzigPleb::query()

4
resources/views/livewire/association/news.blade.php
View File

@@ -6,6 +6,7 @@ use App\Support\NostrAuth;
use Illuminate\Support\Collection;
use Livewire\Attributes\Computed;
use Livewire\Attributes\Layout;
use Livewire\Attributes\Locked;
use Livewire\Attributes\Title;
use Livewire\Attributes\Url;
use Livewire\Component;
@@ -17,6 +18,7 @@ new
class extends Component {
use WithFileUploads;
#[Locked]
public Collection|array $news = [];
#[Url(as: 'kategorie')]
@@ -30,8 +32,10 @@ class extends Component {
public $file;
#[Locked]
public bool $isAllowed = false;
#[Locked]
public bool $canEdit = false;
public ?int $confirmDeleteId = null;

20
resources/views/livewire/association/profile.blade.php
View File

@@ -11,6 +11,7 @@ use Flux\Flux;
use Illuminate\Database\UniqueConstraintViolationException;
use Illuminate\Support\Collection;
use Illuminate\Support\Str;
use Livewire\Attributes\Locked;
use Livewire\Component;
use swentel\nostr\Event\Event as NostrEvent;
use swentel\nostr\Filter\Filter;
@@ -35,42 +36,61 @@ new class extends Component {
public string $fax = '';
#[Locked]
public bool $nip05Verified = false;
#[Locked]
public ?string $nip05VerifiedHandle = null;
#[Locked]
public bool $nip05HandleMismatch = false;
#[Locked]
public array $nip05VerifiedHandles = [];
#[Locked]
public array $yearsPaid = [];
#[Locked]
public array $events = [];
#[Locked]
public $payments;
#[Locked]
public ?string $invoiceStatus = null;
#[Locked]
public ?string $invoiceStatusLabel = null;
#[Locked]
public ?string $invoiceStatusMessage = null;
#[Locked]
public string $invoiceStatusVariant = 'info';
#[Locked]
public ?string $invoiceExpiresAt = null;
#[Locked]
public ?string $invoiceExpiresAtDisplay = null;
#[Locked]
public ?string $invoiceExpiresIn = null;
#[Locked]
public int $amountToPay = 21000;
#[Locked]
public bool $currentYearIsPaid = false;
#[Locked]
public ?string $currentPubkey = null;
#[Locked]
public ?EinundzwanzigPleb $currentPleb = null;
#[Locked]
public ?string $qrCode = null;
protected $listeners = [

3
resources/views/livewire/association/project-support/form/create.blade.php
View File

@@ -3,6 +3,7 @@
use App\Models\ProjectProposal;
use App\Support\NostrAuth;
use Livewire\Attributes\Layout;
use Livewire\Attributes\Locked;
use Livewire\Attributes\Title;
use Livewire\Component;
use Livewire\WithFileUploads;
@@ -25,8 +26,10 @@ class extends Component
public $file = null;
#[Locked]
public bool $isAllowed = false;
#[Locked]
public bool $isAdmin = false;
public function mount(): void

4
resources/views/livewire/association/project-support/form/edit.blade.php
View File

@@ -3,6 +3,7 @@
use App\Models\ProjectProposal;
use App\Support\NostrAuth;
use Livewire\Attributes\Layout;
use Livewire\Attributes\Locked;
use Livewire\Attributes\Title;
use Livewire\Component;
use Livewire\WithFileUploads;
@@ -14,6 +15,7 @@ class extends Component
{
use WithFileUploads;
#[Locked]
public ProjectProposal $project;
public array $form = [
@@ -27,8 +29,10 @@ class extends Component
public $file = null;
#[Locked]
public bool $isAllowed = false;
#[Locked]
public bool $isAdmin = false;
public function mount($projectProposal): void

5
resources/views/livewire/association/project-support/index.blade.php
View File

@@ -6,6 +6,7 @@ use App\Models\ProjectProposal;
use App\Support\NostrAuth;
use Flux\Flux;
use Illuminate\Database\Eloquent\Collection;
use Livewire\Attributes\Locked;
use Livewire\Component;
new class extends Component {
@@ -17,12 +18,16 @@ new class extends Component {
public string $search = '';
#[Locked]
public Collection $projects;
#[Locked]
public bool $isAllowed = false;
#[Locked]
public ?string $currentPubkey = null;
#[Locked]
public ?ProjectProposal $projectToDelete = null;
protected $listeners = [

6
resources/views/livewire/association/project-support/show.blade.php
View File

@@ -4,19 +4,25 @@ use App\Livewire\Traits\WithNostrAuth;
use App\Models\ProjectProposal;
use App\Models\Vote;
use App\Support\NostrAuth;
use Livewire\Attributes\Locked;
use Livewire\Component;
new class extends Component {
use WithNostrAuth;
#[Locked]
public $projectProposal;
#[Locked]
public bool $isAllowed = false;
#[Locked]
public ?string $currentPubkey = null;
#[Locked]
public ?object $currentPleb = null;
#[Locked]
public bool $ownVoteExists = false;
public function mount($projectProposal): void