From b34738a51a2b461cd58d79596f077f285deeb5aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sessing=C3=B8?= Date: Sat, 9 Apr 2016 05:51:27 +0200 Subject: [PATCH] [OPTIMISATION] Optimised CSRF-token management. --- src/Pecee/CsrfToken.php | 6 ++-- .../Http/Middleware/BaseCsrfVerifier.php | 29 ++++++++++++++++--- src/Pecee/SimpleRouter/RouterBase.php | 12 +------- 3 files changed, 29 insertions(+), 18 deletions(-) diff --git a/src/Pecee/CsrfToken.php b/src/Pecee/CsrfToken.php index dec2409..98943ab 100644 --- a/src/Pecee/CsrfToken.php +++ b/src/Pecee/CsrfToken.php @@ -37,7 +37,7 @@ class CsrfToken { * @param $token */ public function setToken($token) { - setcookie(self::CSRF_KEY, $token, time() + 60 * 120, '/'); + setcookie(static::CSRF_KEY, $token, time() + 60 * 120, '/'); } /** @@ -46,7 +46,7 @@ class CsrfToken { */ public function getToken(){ if($this->hasToken()) { - return $_COOKIE[self::CSRF_KEY]; + return $_COOKIE[static::CSRF_KEY]; } return null; } @@ -56,7 +56,7 @@ class CsrfToken { * @return bool */ public function hasToken() { - return isset($_COOKIE[self::CSRF_KEY]); + return isset($_COOKIE[static::CSRF_KEY]); } } \ No newline at end of file diff --git a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php index cebd3a8..682a9dc 100644 --- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php +++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php @@ -12,10 +12,13 @@ class BaseCsrfVerifier implements IMiddleware { protected $except; protected $csrfToken; - + protected $token; public function __construct() { $this->csrfToken = new CsrfToken(); + + // Generate or get the CSRF-Token from Cookie. + $this->token = (!$this->hasToken()) ? $this->generateToken() : $this->csrfToken->getToken(); } /** @@ -50,14 +53,14 @@ class BaseCsrfVerifier implements IMiddleware { if($request->getMethod() != 'get' && !$this->skip($request)) { - $token = (isset($_POST[self::POST_KEY])) ? $_POST[self::POST_KEY] : null; + $token = (isset($_POST[static::POST_KEY])) ? $_POST[static::POST_KEY] : null; // If the token is not posted, check headers for valid x-csrf-token if($token === null) { - $token = $request->getHeader(self::HEADER_KEY); + $token = $request->getHeader(static::HEADER_KEY); } - if( !$this->csrfToken->validate( $token ) ) { + if( !$this->csrfToken->validate($token) ) { throw new TokenMismatchException('Invalid csrf-token.'); } @@ -65,4 +68,22 @@ class BaseCsrfVerifier implements IMiddleware { } + public function generateToken() { + $token = $this->csrfToken->generateToken(); + $this->csrfToken->setToken($token); + return $token; + } + + public function hasToken() { + if($this->token != null) { + return true; + } + + return $this->csrfToken->hasToken(); + } + + public function getToken() { + return $this->token; + } + } \ No newline at end of file diff --git a/src/Pecee/SimpleRouter/RouterBase.php b/src/Pecee/SimpleRouter/RouterBase.php index 3999f01..7fd9b49 100644 --- a/src/Pecee/SimpleRouter/RouterBase.php +++ b/src/Pecee/SimpleRouter/RouterBase.php @@ -1,7 +1,6 @@ routes = array(); $this->backStack = array(); $this->controllerUrlMap = array(); - $this->baseCsrfVerifier = new BaseCsrfVerifier(); $this->request = Request::getInstance(); $this->bootManagers = array(); - - $csrf = new CsrfToken(); - $token = ($csrf->hasToken()) ? $csrf->getToken() : $csrf->generateToken(); - $csrf->setToken($token); } public function addRoute(RouterEntry $route) { @@ -124,10 +118,7 @@ class RouterBase { // Verify csrf token for request if($this->baseCsrfVerifier !== null) { - /* @var $csrfVerifier BaseCsrfVerifier */ - $csrfVerifier = $this->baseCsrfVerifier; - $csrfVerifier = new $csrfVerifier(); - $csrfVerifier->handle($this->request); + $this->baseCsrfVerifier->handle($this->request); } // Loop through each route-request @@ -431,7 +422,6 @@ class RouterBase { $url = '/' . trim(join('/', $url), '/') . '/'; - if($getParams !== null && count($getParams)) { $url .= '?' . $this->arrayToParams($getParams); }