mirror of
https://github.com/skipperbent/simple-php-router.git
synced 2026-06-17 08:47:52 +00:00
[FEATURE] Support for custom csrf verifier
- Added support for custom csrf verifier. - Updated documentation.
This commit is contained in:
Simon Sessingø
@@ -209,7 +209,27 @@ In the template we then call:
|
|||||||
|
|
||||||
Result url is:
|
Result url is:
|
||||||
|
|
||||||
```/item/22?category=shoes ```
|
```/item/22/?category=shoes```
|
||||||
|
|
||||||
|
## Custom CSRF verifier
|
||||||
|
|
||||||
|
Create a new class and extend the ```BaseCsrfVerifier``` middleware class provided with simple-php-router.
|
||||||
|
|
||||||
|
```php
|
||||||
|
use Pecee\Http\Middleware\BaseCsrfVerifier;
|
||||||
|
|
||||||
|
class CsrfVerifier extends BaseCsrfVerifier {
|
||||||
|
|
||||||
|
protected $except = ['/companies/*', '/user/save'];
|
||||||
|
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Register the new class in your ```routes.php```, custom ```Router``` class or wherever you register your routes.
|
||||||
|
|
||||||
|
```php
|
||||||
|
SimpleRouter::csrfVerifier(new \Demo\Middleware\CsrfVerifier());
|
||||||
|
```
|
||||||
|
|
||||||
## Documentation
|
## Documentation
|
||||||
While I work on a better documentation, please refer to the Laravel 5 routing documentation here:
|
While I work on a better documentation, please refer to the Laravel 5 routing documentation here:
|
||||||
|
|||||||
@@ -11,9 +11,39 @@ class BaseCsrfVerifier extends Middleware {
|
|||||||
const POST_KEY = 'csrf-token';
|
const POST_KEY = 'csrf-token';
|
||||||
const HEADER_KEY = 'X-CSRF-TOKEN';
|
const HEADER_KEY = 'X-CSRF-TOKEN';
|
||||||
|
|
||||||
|
protected $except;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if the url matches the urls in the except property
|
||||||
|
* @param Request $request
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
protected function skip(Request $request) {
|
||||||
|
|
||||||
|
if($this->except === null || !is_array($this->except)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach($this->except as $url) {
|
||||||
|
$url = rtrim($url, '/');
|
||||||
|
if($url[strlen($url)-1] === '*') {
|
||||||
|
$url = rtrim($url, '*');
|
||||||
|
$skip = (stripos($request->getUri(), $url) === 0);
|
||||||
|
} else {
|
||||||
|
$skip = ($url === rtrim($request->getUri(), '/'));
|
||||||
|
}
|
||||||
|
|
||||||
|
if($skip) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
public function handle(Request $request) {
|
public function handle(Request $request) {
|
||||||
|
|
||||||
if($request->getMethod() != 'get') {
|
if($request->getMethod() != 'get' && !$this->skip($request)) {
|
||||||
|
|
||||||
$token = (isset($_POST[self::POST_KEY])) ? $_POST[self::POST_KEY] : null;
|
$token = (isset($_POST[self::POST_KEY])) ? $_POST[self::POST_KEY] : null;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user