geckon01/simple-php-router
1
0
Fork 0
mirror of https://github.com/skipperbent/simple-php-router.git synced 2026-06-17 00:37:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

[FEATURE] Support for custom csrf verifier

Browse Source 
- Added support for custom csrf verifier.
- Updated documentation.
This commit is contained in:
Simon Sessingø
2015-10-21 19:07:45 +02:00
parent 9d6a3c328f
commit 03cac14e8e
2 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+21 -1
View File
@@ -209,7 +209,27 @@ In the template we then call:
Result url is:
```/item/22?category=shoes ```
```/item/22/?category=shoes```
## Custom CSRF verifier
Create a new class and extend the ```BaseCsrfVerifier``` middleware class provided with simple-php-router.
```php
use Pecee\Http\Middleware\BaseCsrfVerifier;
class CsrfVerifier extends BaseCsrfVerifier {
protected $except = ['/companies/*', '/user/save'];
}
```
Register the new class in your ```routes.php```, custom ```Router``` class or wherever you register your routes.
```php
SimpleRouter::csrfVerifier(new \Demo\Middleware\CsrfVerifier());
```
## Documentation
While I work on a better documentation, please refer to the Laravel 5 routing documentation here:
src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+31 -1
View File
@@ -11,9 +11,39 @@ class BaseCsrfVerifier extends Middleware {
const POST_KEY = 'csrf-token';
const HEADER_KEY = 'X-CSRF-TOKEN';
protected $except;
/**
* Check if the url matches the urls in the except property
* @param Request $request
* @return bool
*/
protected function skip(Request $request) {
if($this->except === null || !is_array($this->except)) {
return false;
}
foreach($this->except as $url) {
$url = rtrim($url, '/');
if($url[strlen($url)-1] === '*') {
$url = rtrim($url, '*');
$skip = (stripos($request->getUri(), $url) === 0);
} else {
$skip = ($url === rtrim($request->getUri(), '/'));
}
if($skip) {
return true;
}
}
return false;
}
public function handle(Request $request) {
if($request->getMethod() != 'get') {
if($request->getMethod() != 'get' && !$this->skip($request)) {
$token = (isset($_POST[self::POST_KEY])) ? $_POST[self::POST_KEY] : null;