mirror of
https://github.com/flarum/framework.git
synced 2025-05-24 23:59:57 +08:00
9896378b59
- Use cookies + CSRF token for API authentication in the default client. This mitigates potential XSS attacks by making the token unavailable to JavaScript. The Authorization header is still supported, but not used by default. - Make sensitive/destructive actions (editing a user, permanently deleting anything, visiting the admin CP) require the user to re-enter their password if they haven't entered it in the last 30 minutes. - Refactor and clean up the authentication middleware. - Add an `onhide` hook to the Modal component. (+1 squashed commit)
43 lines
985 B
PHP
43 lines
985 B
PHP
<?php
|
|
/*
|
|
* This file is part of Flarum.
|
|
*
|
|
* (c) Toby Zerner <toby.zerner@gmail.com>
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Flarum\Api\Handler;
|
|
|
|
use Exception;
|
|
use Flarum\Http\Exception\RouteNotFoundException;
|
|
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
|
use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
|
|
use Tobscure\JsonApi\Exception\Handler\ResponseBag;
|
|
|
|
class ModelNotFoundExceptionHandler implements ExceptionHandlerInterface
|
|
{
|
|
/**
|
|
* {@inheritdoc}
|
|
*/
|
|
public function manages(Exception $e)
|
|
{
|
|
return $e instanceof ModelNotFoundException;
|
|
}
|
|
|
|
/**
|
|
* {@inheritdoc}
|
|
*/
|
|
public function handle(Exception $e)
|
|
{
|
|
$status = 404;
|
|
$error = [
|
|
'status' => '404',
|
|
'code' => 'resource_not_found'
|
|
];
|
|
|
|
return new ResponseBag($status, [$error]);
|
|
}
|
|
}
|