mirror of
https://github.com/skipperbent/simple-php-router.git
synced 2026-07-11 22:22:16 +00:00
[FEATURE] csrf token
- Removed request-type prefix when loading methods. - Optimised csrf token class.
This commit is contained in:
+9
-35
@@ -3,30 +3,15 @@ namespace Pecee;
|
|||||||
|
|
||||||
class CsrfToken {
|
class CsrfToken {
|
||||||
|
|
||||||
const CSRF_KEY = 'csrf_token';
|
const CSRF_KEY = 'csrf';
|
||||||
|
|
||||||
protected static $instance;
|
protected $token;
|
||||||
|
|
||||||
protected $lastToken;
|
|
||||||
protected $currentToken;
|
|
||||||
|
|
||||||
public static function getInstance() {
|
|
||||||
if(self::$instance === null) {
|
|
||||||
self::$instance = new static();
|
|
||||||
}
|
|
||||||
return self::$instance;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function __construct() {
|
public function __construct() {
|
||||||
$this->lastToken = isset($_SESSION[self::CSRF_KEY]) ? $_SESSION[self::CSRF_KEY] : null;
|
$this->lastToken = isset($_SESSION[self::CSRF_KEY]) ? $_SESSION[self::CSRF_KEY] : null;
|
||||||
$this->currentToken = $this->generate();
|
$this->currentToken = $this->generate();
|
||||||
|
|
||||||
// Initialise session, if it hasn't been initialised.
|
$_COOKIE[self::CSRF_KEY] = $this->currentToken;
|
||||||
if(!isset($_SESSION)) {
|
|
||||||
session_start();
|
|
||||||
}
|
|
||||||
|
|
||||||
$_SESSION['csrf_token'] = $this->currentToken;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -47,28 +32,17 @@ class CsrfToken {
|
|||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function validate($token) {
|
public function validate($token) {
|
||||||
return hash_equals($token, $_SESSION[self::CSRF_KEY]);
|
return hash_equals($token, $this->getCurrentToken());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return string|null
|
* @return string|null
|
||||||
*/
|
*/
|
||||||
public function getLastToken(){
|
public function getToken(){
|
||||||
return $this->lastToken;
|
if(isset($_COOKIE[self::CSRF_KEY])) {
|
||||||
}
|
return $_COOKIE[self::CSRF_KEY];
|
||||||
|
}
|
||||||
/**
|
return null;
|
||||||
* @param string|null $lastToken
|
|
||||||
*/
|
|
||||||
public function setLastToken($lastToken){
|
|
||||||
$this->lastToken = $lastToken;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return string|null
|
|
||||||
*/
|
|
||||||
public function getCurrentToken(){
|
|
||||||
return $this->currentToken;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -269,7 +269,7 @@ abstract class RouterEntry {
|
|||||||
$className = $this->getNamespace() . '\\' . $controller[0];
|
$className = $this->getNamespace() . '\\' . $controller[0];
|
||||||
|
|
||||||
$class = $this->loadClass($className);
|
$class = $this->loadClass($className);
|
||||||
$method = $request->getMethod() . ucfirst($controller[1]);
|
$method = $controller[1];
|
||||||
|
|
||||||
if (!method_exists($class, $method)) {
|
if (!method_exists($class, $method)) {
|
||||||
throw new RouterException(sprintf('Method %s does not exist in class %s', $method, $className), 404);
|
throw new RouterException(sprintf('Method %s does not exist in class %s', $method, $className), 404);
|
||||||
|
|||||||
Reference in New Issue
Block a user