# A form itself
$klein->respond('GET', '/forms/[:formID]', function ($req, $res) use($parser, $stringifier) {
$config = Config::get();
# This code caches the HTML associated with a form if "cache-forms" is enabled
$cache = $config['cache-forms'] ? new Cache() : new FakeCache();
$cache->setPrefixSize(0);
$html = $cache->getOrCreate('jade-' . sha1_file($parser->getForm($req->formID)) . '-' . sha1_file('config/config.toml'), [], function () use($req, $parser, $stringifier) {
return json_encode($stringifier->makeArray($parser->parseJade($req->formID)->makeFormPart()));
});
# We add asset URLs and the CSRF token outside of the getOrCreate function
# so that these aren't getting cached.
# Create a XSRF token
$csrf = new \Riimu\Kit\CSRF\CSRFHandler();
$token = $csrf->getToken();
# Write the response
$stringifier->writeArray(json_decode($html, true), $res, $token);
});
$klein->respond('POST', '/submit', function ($req, $res) use($parser, $stringifier) {
$res->header('X-Frame-Options', 'DENY');
# Check for XSRF
$csrf = new \Riimu\Kit\CSRF\CSRFHandler();
$csrf->validateRequest(true);
# The name of the form is provided in the $_POST data,
# not the URL!
$page = $parser->parseJade($_POST['__form_name']);
$config = Config::get();
$res->header('Content-Type', 'application/json; charset=utf-8');
# Do the form submission and create data that is
# compatible with the frontend.
return $page->form->getSubmissionPart(Result::ok(new ClientData($_POST, $_FILES)))->ifError(function ($val) {
return Result::error(['success' => false, 'errors' => $val]);
