Hi everyone,
I try to create or update multiple Kirby users from a CSV file.
For my first draft, I’m able to import a file, read it and creating or updating users. So, it’s basically working.
But, I not sure to understand how to secure it and use the csrf token for the upload.
It seems that in my route, even if I’m not passing a csrf parameter, I obtain a token by doing $_token = get('csrf');. Is that the correct way to use it? Or, instead of re-inventing the wheel, is there a way to use function(s) from the JavaScript panel component in a Widget? Finally, how to get an answer from the Route in JS, I tried the toolkit response, but no success.
In my widget, the JavaScript request:
request = $.ajax({
url: '/routeUrl',
type: "post",
// data: {csrf: app.csrf(), datas: datas} // Doesn’t seems necessary.
data: {datas: datas}
});
My Route PHP:
<?php
$kirby->set('route', array(
'pattern' => c::get('management.import', 'import'),
'method' => 'POST',
'action' => function() {
$_token = get('csrf');
if(!r::ajax()) {
go('error');
}
if( !csrf($_token) || !kirby()->site()->user() )
{
// Return doesn’t seem to work.
return response::error('Something went wrong', 400, $data = array('foo'=>'bar'));
}
// Create or update each users
. . .
// Return doesn’t seem to work.
return response::success('Everything went fine', $data = array('foo'=>'bar'), 200);
}
));
(full code here: https://github.com/julien-gargot/kirby-plugin-manager)
Thank you for your help.
j.