einundzwanzig/einundzwanzig-verein
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-nostr.git synced 2026-02-04 15:53:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔒 Add #[Locked] attribute to Livewire components to enhance security against client-side state tampering

Browse Source
This commit is contained in:
HolgerHatGarKeineNode
2026-02-03 22:49:42 +01:00
parent 71ce57ddd3
commit 2957e89c79
13 changed files with 149 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
resources/views/livewire/association/election/admin.blade.php
View File

@@ -1,6 +1,7 @@
<?php
use App\Models\Election;
use Livewire\Attributes\Locked;
use Livewire\Component;
use swentel\nostr\Filter\Filter;
use swentel\nostr\Message\RequestMessage;
@@ -10,10 +11,13 @@ use swentel\nostr\Request\Request;
use swentel\nostr\Subscription\Subscription;
new class extends Component {
#[Locked]
public bool $isAllowed = false;
#[Locked]
public ?string $currentPubkey = null;
#[Locked]
public ?\App\Models\EinundzwanzigPleb $currentPleb = null;
public ?array $votes = null;
@@ -47,6 +51,21 @@ new class extends Component {
$this->loadBoardVotes();
}
public function handleNostrLoggedIn(string $pubkey): void
{
$this->currentPubkey = $pubkey;
$this->currentPleb = \App\Models\EinundzwanzigPleb::query()
->where('pubkey', $pubkey)->first();
$this->isAllowed = (bool) $this->currentPleb;
}
public function handleNostrLoggedOut(): void
{
$this->currentPubkey = null;
$this->currentPleb = null;
$this->isAllowed = false;
}
public function handleNewVote(): void
{
$this->loadEvents();