mirror of
https://github.com/skipperbent/simple-php-router.git
synced 2026-06-15 18:23:26 +03:00
Optimisations
- Fixed issue with `InputFile` not setting file-name properly. - Fixed issue with `InputFile` not setting the correct index when posting certain arrays. - Made Csrf-token cookie provider more versitile by creating new `CookieTokenProvider` and `ITokenProvider` classes. - Strict-checks optimisations. - Updated documentation to reflect new changes.
This commit is contained in:
Simon Sessingø
@@ -2,9 +2,10 @@
|
||||
|
||||
namespace Pecee\Http\Middleware;
|
||||
|
||||
use Pecee\CsrfToken;
|
||||
use Pecee\Http\Middleware\Exceptions\TokenMismatchException;
|
||||
use Pecee\Http\Request;
|
||||
use Pecee\Http\Security\CookieTokenProvider;
|
||||
use Pecee\Http\Security\ITokenProvider;
|
||||
|
||||
class BaseCsrfVerifier implements IMiddleware
|
||||
{
|
||||
@@ -12,15 +13,11 @@ class BaseCsrfVerifier implements IMiddleware
|
||||
const HEADER_KEY = 'X-CSRF-TOKEN';
|
||||
|
||||
protected $except;
|
||||
protected $csrfToken;
|
||||
protected $token;
|
||||
protected $tokenProvider;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->csrfToken = new CsrfToken();
|
||||
|
||||
// Generate or get the CSRF-Token from Cookie.
|
||||
$this->token = $this->csrfToken->getToken($this->generateToken());
|
||||
$this->tokenProvider = new CookieTokenProvider();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -30,7 +27,7 @@ class BaseCsrfVerifier implements IMiddleware
|
||||
*/
|
||||
protected function skip(Request $request)
|
||||
{
|
||||
if ($this->except === null || is_array($this->except) === false) {
|
||||
if ($this->except === null || count($this->except) === 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -67,37 +64,29 @@ class BaseCsrfVerifier implements IMiddleware
|
||||
$token = $request->getHeader(static::HEADER_KEY);
|
||||
}
|
||||
|
||||
if ($this->csrfToken->validate($token) === false) {
|
||||
throw new TokenMismatchException('Invalid csrf-token.');
|
||||
if ($this->tokenProvider->validate($token) === false) {
|
||||
throw new TokenMismatchException('Invalid CSRF-token.');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Refresh existing token
|
||||
$this->csrfToken->refresh();
|
||||
$this->tokenProvider->refresh();
|
||||
|
||||
}
|
||||
|
||||
public function generateToken()
|
||||
public function getTokenProvider()
|
||||
{
|
||||
$token = CsrfToken::generateToken();
|
||||
$this->csrfToken->setToken($token);
|
||||
|
||||
return $token;
|
||||
return $this->tokenProvider;
|
||||
}
|
||||
|
||||
public function hasToken()
|
||||
/**
|
||||
* Set token provider
|
||||
* @param ITokenProvider $provider
|
||||
*/
|
||||
public function setTokenProvider(ITokenProvider $provider)
|
||||
{
|
||||
if ($this->token !== null) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return $this->csrfToken->hasToken();
|
||||
}
|
||||
|
||||
public function getToken()
|
||||
{
|
||||
return $this->token;
|
||||
$this->tokenProvider = $provider;
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user