From 97753f5370e3498652ec49acaa5dcc80e345d4e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sessing=C3=B8?= Date: Fri, 10 Nov 2017 08:23:15 +0100 Subject: [PATCH 1/2] Minor optimisations. --- src/Pecee/CsrfToken.php | 3 ++- src/Pecee/Http/Request.php | 28 +++------------------------- 2 files changed, 5 insertions(+), 26 deletions(-) diff --git a/src/Pecee/CsrfToken.php b/src/Pecee/CsrfToken.php index 3549243..0828279 100644 --- a/src/Pecee/CsrfToken.php +++ b/src/Pecee/CsrfToken.php @@ -15,7 +15,7 @@ class CsrfToken */ public static function generateToken() { - if (function_exists('random_bytes')) { + if (function_exists('random_bytes') === true) { return bin2hex(random_bytes(32)); } @@ -46,6 +46,7 @@ class CsrfToken /** * Set csrf token cookie + * Overwrite this method to save the token to another storage like session etc. * * @param $token */ diff --git a/src/Pecee/Http/Request.php b/src/Pecee/Http/Request.php index dedf144..5c124d0 100644 --- a/src/Pecee/Http/Request.php +++ b/src/Pecee/Http/Request.php @@ -1,4 +1,5 @@ headers = []; - $max = count($_SERVER) - 1; - $keys = array_keys($_SERVER); - - for ($i = $max; $i >= 0; $i--) { - $key = $keys[$i]; - $value = $_SERVER[$key]; - + foreach ($_SERVER as $key => $value) { $this->headers[strtolower($key)] = $value; $this->headers[strtolower(str_replace('_', '-', $key))] = $value; } @@ -167,24 +162,7 @@ class Request */ public function getHeader($name, $defaultValue = null) { - if (array_key_exists(strtolower($name), $this->headers) === true) { - return $this->headers[strtolower($name)]; - } - - $max = count($_SERVER) - 1; - $keys = array_keys($_SERVER); - - for ($i = $max; $i >= 0; $i--) { - - $key = $keys[$i]; - $name = $_SERVER[$key]; - - if ($key === $name) { - return $name; - } - } - - return $defaultValue; + return isset($this->headers[strtolower($name)]) ? $this->headers[strtolower($name)] : $defaultValue; } /** From c3072e8886a208c0414eec3b7afaa292615f6fda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sessing=C3=B8?= Date: Fri, 10 Nov 2017 12:59:59 +0100 Subject: [PATCH 2/2] Csrf-token are now refreshed on each page-load to avoid timeout. --- src/Pecee/CsrfToken.php | 23 ++++++++++++++----- .../Http/Middleware/BaseCsrfVerifier.php | 5 +++- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/Pecee/CsrfToken.php b/src/Pecee/CsrfToken.php index 0828279..87b47b5 100644 --- a/src/Pecee/CsrfToken.php +++ b/src/Pecee/CsrfToken.php @@ -1,4 +1,5 @@ token = $token; setcookie(static::CSRF_KEY, $token, time() + 60 * 120, '/'); } /** * Get csrf token + * @param string|null $defaultValue * @return string|null */ - public function getToken() + public function getToken($defaultValue = null) { - if ($this->hasToken() === true) { - return $_COOKIE[static::CSRF_KEY]; - } + $this->token = ($this->hasToken() === true) ? $_COOKIE[static::CSRF_KEY] : null; - return null; + return ($this->token !== null) ? $this->token : $defaultValue; + } + + /** + * Refresh existing token + */ + public function refresh() + { + if ($this->token !== null) { + $this->setToken($this->token); + } } /** diff --git a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php index 6791029..7eb80d6 100644 --- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php +++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php @@ -20,7 +20,7 @@ class BaseCsrfVerifier implements IMiddleware $this->csrfToken = new CsrfToken(); // Generate or get the CSRF-Token from Cookie. - $this->token = ($this->hasToken() === false) ? $this->generateToken() : $this->csrfToken->getToken(); + $this->token = $this->csrfToken->getToken($this->generateToken()); } /** @@ -73,6 +73,9 @@ class BaseCsrfVerifier implements IMiddleware } + // Refresh existing token + $this->csrfToken->refresh(); + } public function generateToken()