mirivlad
/
mirvmon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Delete via GET instead of AJAX 

- Use GET /{id}/delete instead of DELETE
- Simple link with confirm() instead of fetch
- Removed CSRF for delete routes
This commit is contained in:
mirivlad 2026-04-17 19:05:47 +08:00
parent d5318f7e16
commit e9d2fcf1c0
3 changed files with 8 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
public/index.php
View File

@ -194,9 +194,9 @@ $groupsGroup = $app->group('/groups', function ($group) use ($groupController) {
$group->post('', [$groupController, 'store']); $group->post('', [$groupController, 'store']);
$group->get('/{id}/edit', [$groupController, 'edit']); $group->get('/{id}/edit', [$groupController, 'edit']);
$group->post('/{id}', [$groupController, 'update']); $group->post('/{id}', [$groupController, 'update']);
$group->delete('/{id}', [$groupController, 'delete']); $group->get('/{id}/delete', [$groupController, 'delete']);
$group->get('/{id}', [$groupController, 'show']); $group->get('/{id}', [$groupController, 'show']);
})->add($csrfMiddleware)->add(new CsrfHeaderMiddleware())->add(AuthMiddleware::class); })->add(AuthMiddleware::class);
// Redirect old /server/{id} to /servers/{id} // Redirect old /server/{id} to /servers/{id}
$app->get("/server/{id}", function ($request, $response, $args) { $app->get("/server/{id}", function ($request, $response, $args) {
@ -210,11 +210,11 @@ $serversGroup = $app->group('/servers', function ($group) use ($serverController
$group->post('', [$serverController, 'store']); $group->post('', [$serverController, 'store']);
$group->get('/{id}/edit', [$serverController, 'edit']); $group->get('/{id}/edit', [$serverController, 'edit']);
$group->post('/{id}', [$serverController, 'update']); $group->post('/{id}', [$serverController, 'update']);
$group->delete('/{id}', [$serverController, 'delete']); $group->get('/{id}/delete', [$serverController, 'delete']);
$group->get('/{id}/regenerate-token', [$serverController, 'regenerateToken']); $group->get('/{id}/regenerate-token', [$serverController, 'regenerateToken']);
$group->post('/{id}/thresholds', [$serverDetailController, 'saveThresholds']); $group->post('/{id}/thresholds', [$serverDetailController, 'saveThresholds']);
$group->post('/{id}/services', [$serverDetailController, 'saveServices']); $group->post('/{id}/services', [$serverDetailController, 'saveServices']);
})->add($csrfMiddleware)->add(new CsrfHeaderMiddleware())->add(AuthMiddleware::class); })->add(AuthMiddleware::class);
// Server detail route (protected with auth middleware and csrf) // Server detail route (protected with auth middleware and csrf)
$app->get('/servers/{id}', [$serverDetailController, 'show'])->add(AuthMiddleware::class); $app->get('/servers/{id}', [$serverDetailController, 'show'])->add(AuthMiddleware::class);

31
templates/groups/index.twig
View File

@ -1,33 +1,6 @@
{% extends "layout.twig" %} {% extends "layout.twig" %}
{% block content %} {% block content %}
<script>
function deleteGroup(id) {
if (!confirm('Вы уверены, что хотите удалить эту группу?')) return;
var csrfName = document.querySelector('input[name="{{ csrf.name_key }}"]');
var csrfValue = document.querySelector('input[name="{{ csrf.value_key }}"]');
fetch('/groups/' + id, {
method: 'DELETE',
headers: {
'Content-Type': 'application/json',
'X-CSRF-TOKEN': csrfValue ? csrfValue.value : '',
}
})
.then(response => {
if (response.ok) {
location.reload();
} else {
alert('Ошибка при удалении группы');
}
})
.catch(err => {
alert('Ошибка: ' + err);
});
}
</script>
<div class="row"> <div class="row">
<div class="col-12"> <div class="col-12">
<div class="d-flex justify-content-between align-items-center mb-3"> <div class="d-flex justify-content-between align-items-center mb-3">
@ -71,9 +44,9 @@ function deleteGroup(id) {
<a href="/groups/{{ group.id }}/edit" class="btn btn-sm btn-outline-primary me-1"> <a href="/groups/{{ group.id }}/edit" class="btn btn-sm btn-outline-primary me-1">
<i class="fas fa-edit"></i> <span class="d-none d-sm-inline">Редактировать</span> <i class="fas fa-edit"></i> <span class="d-none d-sm-inline">Редактировать</span>
</a> </a>
<button type="button" class="btn btn-sm btn-outline-danger" onclick="deleteGroup({{ group.id }})"> <a href="/groups/{{ group.id }}/delete" class="btn btn-sm btn-outline-danger" onclick="return confirm('Вы уверены, что хотите удалить эту группу?');">
<i class="fas fa-trash"></i> <span class="d-none d-sm-inline">Удалить</span> <i class="fas fa-trash"></i> <span class="d-none d-sm-inline">Удалить</span>
</button> </a>
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}

30
templates/servers/index.twig
View File

@ -1,32 +1,6 @@
{% extends "layout.twig" %} {% extends "layout.twig" %}
{% block content %} {% block content %}
<script>
function deleteServer(id) {
if (!confirm('Вы уверены, что хотите удалить этот сервер?')) return;
var csrfValue = document.querySelector('input[name="{{ csrf.value_key }}"]');
fetch('/servers/' + id, {
method: 'DELETE',
headers: {
'Content-Type': 'application/json',
'X-CSRF-TOKEN': csrfValue ? csrfValue.value : '',
}
})
.then(response => {
if (response.ok) {
location.reload();
} else {
alert('Ошибка при удалении сервера');
}
})
.catch(err => {
alert('Ошибка: ' + err);
});
}
</script>
<div class="row"> <div class="row">
<div class="col-12"> <div class="col-12">
<div class="d-flex justify-content-between align-items-center mb-3"> <div class="d-flex justify-content-between align-items-center mb-3">
@ -78,9 +52,9 @@ function deleteServer(id) {
<a href="/servers/{{ server.id }}/edit" class="btn btn-sm btn-outline-primary" title="Редактировать"> <a href="/servers/{{ server.id }}/edit" class="btn btn-sm btn-outline-primary" title="Редактировать">
<i class="fas fa-edit"></i> <span class="d-none d-sm-inline">Редактировать</span> <i class="fas fa-edit"></i> <span class="d-none d-sm-inline">Редактировать</span>
</a> </a>
<button type="button" class="btn btn-sm btn-outline-danger" title="Удалить" onclick="deleteServer({{ server.id }})"> <a href="/servers/{{ server.id }}/delete" class="btn btn-sm btn-outline-danger" title="Удалить" onclick="return confirm('Вы уверены, что хотите удалить этот сервер?');">
<i class="fas fa-trash"></i> <span class="d-none d-sm-inline">Удалить</span> <i class="fas fa-trash"></i> <span class="d-none d-sm-inline">Удалить</span>
</button> </a>
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}