[OPTIMISATION] Optimised CSRF-token management.

src/Pecee/CsrfToken.php

@@ -37,7 +37,7 @@ class CsrfToken {
      * @param $token
      */
     public function setToken($token) {
-        setcookie(self::CSRF_KEY, $token, time() + 60 * 120, '/');
+        setcookie(static::CSRF_KEY, $token, time() + 60 * 120, '/');
     }
 
     /**
@@ -46,7 +46,7 @@ class CsrfToken {
      */
     public function getToken(){
         if($this->hasToken()) {
-            return $_COOKIE[self::CSRF_KEY];
+            return $_COOKIE[static::CSRF_KEY];
         }
         return null;
     }
@@ -56,7 +56,7 @@ class CsrfToken {
      * @return bool
      */
     public function hasToken() {
-        return isset($_COOKIE[self::CSRF_KEY]);
+        return isset($_COOKIE[static::CSRF_KEY]);
     }
 
 }

src/Pecee/Http/Middleware/BaseCsrfVerifier.php

@@ -12,10 +12,13 @@ class BaseCsrfVerifier implements IMiddleware {
 
     protected $except;
     protected $csrfToken;
-
+    protected $token;
 
     public function __construct() {
         $this->csrfToken = new CsrfToken();
+
+        // Generate or get the CSRF-Token from Cookie.
+        $this->token = (!$this->hasToken()) ? $this->generateToken() : $this->csrfToken->getToken();
     }
 
     /**
@@ -50,14 +53,14 @@ class BaseCsrfVerifier implements IMiddleware {
 
         if($request->getMethod() != 'get' && !$this->skip($request)) {
 
-            $token = (isset($_POST[self::POST_KEY])) ? $_POST[self::POST_KEY] : null;
+            $token = (isset($_POST[static::POST_KEY])) ? $_POST[static::POST_KEY] : null;
 
             // If the token is not posted, check headers for valid x-csrf-token
             if($token === null) {
-                $token = $request->getHeader(self::HEADER_KEY);
+                $token = $request->getHeader(static::HEADER_KEY);
             }
 
-            if( !$this->csrfToken->validate( $token ) ) {
+            if( !$this->csrfToken->validate($token) ) {
                 throw new TokenMismatchException('Invalid csrf-token.');
             }
 
@@ -65,4 +68,22 @@ class BaseCsrfVerifier implements IMiddleware {
 
     }
 
+    public function generateToken() {
+        $token = $this->csrfToken->generateToken();
+        $this->csrfToken->setToken($token);
+        return $token;
+    }
+
+    public function hasToken() {
+        if($this->token != null) {
+            return true;
+        }
+
+        return $this->csrfToken->hasToken();
+    }
+
+    public function getToken() {
+        return $this->token;
+    }
+
 }

src/Pecee/SimpleRouter/RouterBase.php

@@ -1,7 +1,6 @@
 <?php
 namespace Pecee\SimpleRouter;
 
-use Pecee\CsrfToken;
 use Pecee\Exception\RouterException;
 use Pecee\Http\Middleware\BaseCsrfVerifier;
 use Pecee\Http\Request;
@@ -26,13 +25,8 @@ class RouterBase {
         $this->routes = array();
         $this->backStack = array();
         $this->controllerUrlMap = array();
-        $this->baseCsrfVerifier = new BaseCsrfVerifier();
         $this->request = Request::getInstance();
         $this->bootManagers = array();
-
-        $csrf = new CsrfToken();
-        $token = ($csrf->hasToken()) ? $csrf->getToken() : $csrf->generateToken();
-        $csrf->setToken($token);
     }
 
     public function addRoute(RouterEntry $route) {
@@ -124,10 +118,7 @@ class RouterBase {
 
         // Verify csrf token for request
         if($this->baseCsrfVerifier !== null) {
-            /* @var $csrfVerifier BaseCsrfVerifier */
-            $csrfVerifier = $this->baseCsrfVerifier;
-            $csrfVerifier = new $csrfVerifier();
-            $csrfVerifier->handle($this->request);
+            $this->baseCsrfVerifier->handle($this->request);
         }
 
         // Loop through each route-request
@@ -431,7 +422,6 @@ class RouterBase {
 
         $url = '/' . trim(join('/', $url), '/') . '/';
 
-
         if($getParams !== null && count($getParams)) {
             $url .= '?' . $this->arrayToParams($getParams);
         }