mirror of
https://github.com/skipperbent/simple-php-router.git
synced 2026-06-17 08:47:52 +00:00
[OPTIMISATION] Optimised CSRF-token management.
This commit is contained in:
Simon Sessingø
@@ -37,7 +37,7 @@ class CsrfToken {
|
|||||||
* @param $token
|
* @param $token
|
||||||
*/
|
*/
|
||||||
public function setToken($token) {
|
public function setToken($token) {
|
||||||
setcookie(self::CSRF_KEY, $token, time() + 60 * 120, '/');
|
setcookie(static::CSRF_KEY, $token, time() + 60 * 120, '/');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -46,7 +46,7 @@ class CsrfToken {
|
|||||||
*/
|
*/
|
||||||
public function getToken(){
|
public function getToken(){
|
||||||
if($this->hasToken()) {
|
if($this->hasToken()) {
|
||||||
return $_COOKIE[self::CSRF_KEY];
|
return $_COOKIE[static::CSRF_KEY];
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
@@ -56,7 +56,7 @@ class CsrfToken {
|
|||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function hasToken() {
|
public function hasToken() {
|
||||||
return isset($_COOKIE[self::CSRF_KEY]);
|
return isset($_COOKIE[static::CSRF_KEY]);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -12,10 +12,13 @@ class BaseCsrfVerifier implements IMiddleware {
|
|||||||
|
|
||||||
protected $except;
|
protected $except;
|
||||||
protected $csrfToken;
|
protected $csrfToken;
|
||||||
|
protected $token;
|
||||||
|
|
||||||
public function __construct() {
|
public function __construct() {
|
||||||
$this->csrfToken = new CsrfToken();
|
$this->csrfToken = new CsrfToken();
|
||||||
|
|
||||||
|
// Generate or get the CSRF-Token from Cookie.
|
||||||
|
$this->token = (!$this->hasToken()) ? $this->generateToken() : $this->csrfToken->getToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -50,14 +53,14 @@ class BaseCsrfVerifier implements IMiddleware {
|
|||||||
|
|
||||||
if($request->getMethod() != 'get' && !$this->skip($request)) {
|
if($request->getMethod() != 'get' && !$this->skip($request)) {
|
||||||
|
|
||||||
$token = (isset($_POST[self::POST_KEY])) ? $_POST[self::POST_KEY] : null;
|
$token = (isset($_POST[static::POST_KEY])) ? $_POST[static::POST_KEY] : null;
|
||||||
|
|
||||||
// If the token is not posted, check headers for valid x-csrf-token
|
// If the token is not posted, check headers for valid x-csrf-token
|
||||||
if($token === null) {
|
if($token === null) {
|
||||||
$token = $request->getHeader(self::HEADER_KEY);
|
$token = $request->getHeader(static::HEADER_KEY);
|
||||||
}
|
}
|
||||||
|
|
||||||
if( !$this->csrfToken->validate( $token ) ) {
|
if( !$this->csrfToken->validate($token) ) {
|
||||||
throw new TokenMismatchException('Invalid csrf-token.');
|
throw new TokenMismatchException('Invalid csrf-token.');
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -65,4 +68,22 @@ class BaseCsrfVerifier implements IMiddleware {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function generateToken() {
|
||||||
|
$token = $this->csrfToken->generateToken();
|
||||||
|
$this->csrfToken->setToken($token);
|
||||||
|
return $token;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function hasToken() {
|
||||||
|
if($this->token != null) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this->csrfToken->hasToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getToken() {
|
||||||
|
return $this->token;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -1,7 +1,6 @@
|
|||||||
<?php
|
<?php
|
||||||
namespace Pecee\SimpleRouter;
|
namespace Pecee\SimpleRouter;
|
||||||
|
|
||||||
use Pecee\CsrfToken;
|
|
||||||
use Pecee\Exception\RouterException;
|
use Pecee\Exception\RouterException;
|
||||||
use Pecee\Http\Middleware\BaseCsrfVerifier;
|
use Pecee\Http\Middleware\BaseCsrfVerifier;
|
||||||
use Pecee\Http\Request;
|
use Pecee\Http\Request;
|
||||||
@@ -26,13 +25,8 @@ class RouterBase {
|
|||||||
$this->routes = array();
|
$this->routes = array();
|
||||||
$this->backStack = array();
|
$this->backStack = array();
|
||||||
$this->controllerUrlMap = array();
|
$this->controllerUrlMap = array();
|
||||||
$this->baseCsrfVerifier = new BaseCsrfVerifier();
|
|
||||||
$this->request = Request::getInstance();
|
$this->request = Request::getInstance();
|
||||||
$this->bootManagers = array();
|
$this->bootManagers = array();
|
||||||
|
|
||||||
$csrf = new CsrfToken();
|
|
||||||
$token = ($csrf->hasToken()) ? $csrf->getToken() : $csrf->generateToken();
|
|
||||||
$csrf->setToken($token);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function addRoute(RouterEntry $route) {
|
public function addRoute(RouterEntry $route) {
|
||||||
@@ -124,10 +118,7 @@ class RouterBase {
|
|||||||
|
|
||||||
// Verify csrf token for request
|
// Verify csrf token for request
|
||||||
if($this->baseCsrfVerifier !== null) {
|
if($this->baseCsrfVerifier !== null) {
|
||||||
/* @var $csrfVerifier BaseCsrfVerifier */
|
$this->baseCsrfVerifier->handle($this->request);
|
||||||
$csrfVerifier = $this->baseCsrfVerifier;
|
|
||||||
$csrfVerifier = new $csrfVerifier();
|
|
||||||
$csrfVerifier->handle($this->request);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Loop through each route-request
|
// Loop through each route-request
|
||||||
@@ -431,7 +422,6 @@ class RouterBase {
|
|||||||
|
|
||||||
$url = '/' . trim(join('/', $url), '/') . '/';
|
$url = '/' . trim(join('/', $url), '/') . '/';
|
||||||
|
|
||||||
|
|
||||||
if($getParams !== null && count($getParams)) {
|
if($getParams !== null && count($getParams)) {
|
||||||
$url .= '?' . $this->arrayToParams($getParams);
|
$url .= '?' . $this->arrayToParams($getParams);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user