diff --git a/README.md b/README.md
index bfdd153..858c029 100644
--- a/README.md
+++ b/README.md
@@ -48,6 +48,7 @@ You can donate any amount of your choice by [clicking here](https://www.paypal.c
- [Namespaces](#namespaces)
- [Subdomain-routing](#subdomain-routing)
- [Route prefixes](#route-prefixes)
+ - [Partial groups](#partial-groups)
- [Form Method Spoofing](#form-method-spoofing)
- [Accessing The Current Route](#accessing-the-current-route)
- [Other examples](#other-examples)
@@ -83,6 +84,7 @@ You can donate any amount of your choice by [clicking here](https://www.paypal.c
- [Advanced](#advanced)
- [Disable multiple route rendering](#disable-multiple-route-rendering)
- [Restrict access to IP](#restrict-access-to-ip)
+ - [Setting custom base path](#setting-custom-base-path)
- [Url rewriting](#url-rewriting)
- [Changing current route](#changing-current-route)
- [Bootmanager: loading routes dynamically](#bootmanager-loading-routes-dynamically)
@@ -467,7 +469,8 @@ SimpleRouter::get('/posts/{post}/comments/{comment}', function ($postId, $commen
});
```
-**Note:** Route parameters are always encased within {} braces and should consist of alphabetic characters. Route parameters may not contain a - character. Use an underscore (_) instead.
+**Note:** Route parameters are always encased within `{` `}` braces and should consist of alphabetic characters. Route parameters can only contain certain characters like `A-Z`, `a-z`, `0-9`, `-` and `_`.
+If your route contain other characters, please see [Custom regex for matching parameters](#custom-regex-for-matching-parameters).
### Optional parameters
@@ -682,6 +685,27 @@ SimpleRouter::group(['prefix' => '/lang/{language}'], function ($language) {
});
```
+## Partial groups
+
+Partial router groups has the same benefits as a normal group, but **are only rendered once the url has matched**
+in contrast to a normal group which are always rendered in order to retrieve it's child routes.
+Partial groups are therefore more like a hybrid of a traditional route with the benefits of a group.
+
+This can be extremely useful in situations where you only want special routes to be added, but only when a certain criteria or logic has been met.
+
+**NOTE:** Use partial groups with caution as routes added within are only rendered and available once the url of the partial-group has matched.
+This can cause `url()` not to find urls for the routes added within before the partial-group has been matched and is rendered.
+
+**Example:**
+
+```php
+SimpleRouter::partialGroup('/plugin/{name}', function ($plugin) {
+
+ // Add routes from plugin
+
+});
+```
+
## Form Method Spoofing
HTML forms do not support `PUT`, `PATCH` or `DELETE` actions. So, when defining `PUT`, `PATCH` or `DELETE` routes that are called from an HTML form, you will need to add a hidden `_method` field to the form. The value sent with the `_method` field will be used as the HTTP request method:
@@ -1243,7 +1267,7 @@ All event callbacks will retrieve a `EventArgument` object as parameter. This ob
| `EVENT_ALL` | - | Fires when a event is triggered. |
| `EVENT_INIT` | - | Fires when router is initializing and before routes are loaded. |
| `EVENT_LOAD` | `loadedRoutes` | Fires when all routes has been loaded and rendered, just before the output is returned. |
-| `EVENT_ADD_ROUTE` | `route` | Fires when route is added to the router. |
+| `EVENT_ADD_ROUTE` | `route`
`isSubRoute` | Fires when route is added to the router. `isSubRoute` is true when sub-route is rendered. |
| `EVENT_REWRITE` | `rewriteUrl`
`rewriteRoute` | Fires when a url-rewrite is and just before the routes are re-initialized. |
| `EVENT_BOOT` | `bootmanagers` | Fires when the router is booting. This happens just before boot-managers are rendered and before any routes has been loaded. |
| `EVENT_RENDER_BOOTMANAGER` | `bootmanagers`
`bootmanager` | Fires before a boot-manager is rendered. |
@@ -1373,19 +1397,19 @@ This behavior can be easily disabled by setting `SimpleRouter::enableMultiRouteR
## Restrict access to IP
-You can white- and blacklist access to IP's using the build in `IpRestrictAccess` middleware.
+You can white and/or blacklist access to IP's using the build in `IpRestrictAccess` middleware.
Create your own custom Middleware and extend the `IpRestrictAccess` class.
-The `IpRestrictAccess` class contains two properties `ipBlacklist` and `ipWhitelist` that can be added
-to your middleware to change which IP's that have restricted access.
+The `IpRestrictAccess` class contains two properties `ipBlacklist` and `ipWhitelist` that can be added to your middleware to change which IP's that have access to your routes.
You can use `*` to restrict access to a range of ips.
```php
use \Pecee\Http\Middleware\IpRestrictAccess;
-class IpBlockerMiddleware extends IpRestrictAccess {
+class IpBlockerMiddleware extends IpRestrictAccess
+{
protected $ipBlacklist = [
'5.5.5.5',
@@ -1399,7 +1423,49 @@ class IpBlockerMiddleware extends IpRestrictAccess {
}
```
-You can add the middleware to multiple routes by adding your [middleware to a groups](#middleware).
+You can add the middleware to multiple routes by adding your [middleware to a group](#middleware).
+
+## Setting custom base path
+
+Sometimes it can be useful to add a custom base path to all of the routes added.
+
+This can easily be done by taking advantage of the [Event Handlers](#events) support of the project.
+
+```php
+$basePath = '/basepath/';
+
+$eventHandler = new EventHandler();
+$eventHandler->register(EventHandler::EVENT_ADD_ROUTE, function(EventArgument $event) use($basePath) {
+
+ // Make sure url is alway correct
+ $basePath = rtrim($basePath, '/');
+ $route = $event->route;
+
+ // Skip routes added by group as these will inherit the url
+ if(!$event->isSubRoute) {
+ return;
+ }
+
+ switch (true) {
+ case $route instanceof ILoadableRoute:
+ $route->setUrl($basePath . $route->getUrl());
+ break;
+ case $route instanceof IGroupRoute:
+ $route->setPrefix($basePath . $route->getPrefix());
+ break;
+
+ }
+
+});
+
+$results = [];
+
+TestRouter::addEventHandler($eventHandler);
+```
+
+In the example shown above, we create a new `EVENT_ADD_ROUTE` event that triggers, when a new route is added.
+We skip all subroutes as these will inherit the url from their parent. Then, if the route is a group, we change the prefix
+otherwise we change the url.
## Url rewriting
diff --git a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
index 44540ca..f42c94e 100644
--- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
@@ -12,7 +12,17 @@ class BaseCsrfVerifier implements IMiddleware
public const POST_KEY = 'csrf_token';
public const HEADER_KEY = 'X-CSRF-TOKEN';
+ /**
+ * Urls to ignore. You can use * to exclude all sub-urls on a given path.
+ * For example: /admin/*
+ * @var array|null
+ */
protected $except;
+ /**
+ * Urls to include. Can be used to include urls from a certain path.
+ * @var array|null
+ */
+ protected $include;
protected $tokenProvider;
/**
@@ -34,11 +44,7 @@ class BaseCsrfVerifier implements IMiddleware
return false;
}
- $max = count($this->except) - 1;
-
- for ($i = $max; $i >= 0; $i--) {
- $url = $this->except[$i];
-
+ foreach($this->except as $url) {
$url = rtrim($url, '/');
if ($url[strlen($url) - 1] === '*') {
$url = rtrim($url, '*');
@@ -48,6 +54,24 @@ class BaseCsrfVerifier implements IMiddleware
}
if ($skip === true) {
+
+ if($this->include !== null && count($this->include) > 0) {
+ foreach($this->include as $includeUrl) {
+ $includeUrl = rtrim($includeUrl, '/');
+ if ($includeUrl[strlen($includeUrl) - 1] === '*') {
+ $includeUrl = rtrim($includeUrl, '*');
+ $skip = !$request->getUrl()->contains($includeUrl);
+ break;
+ }
+
+ $skip = !($includeUrl === $request->getUrl()->getOriginalUrl());
+ }
+ }
+
+ if($skip === false) {
+ continue;
+ }
+
return true;
}
}
diff --git a/src/Pecee/Http/Request.php b/src/Pecee/Http/Request.php
index 84f6d04..4a82c1b 100644
--- a/src/Pecee/Http/Request.php
+++ b/src/Pecee/Http/Request.php
@@ -391,6 +391,10 @@ class Request
if ($this->url->getHost() === null) {
$this->url->setHost((string)$this->getHost());
}
+
+ if($this->isSecure() === true) {
+ $this->url->setScheme('https');
+ }
}
/**
diff --git a/src/Pecee/SimpleRouter/Route/RoutePartialGroup.php b/src/Pecee/SimpleRouter/Route/RoutePartialGroup.php
index 901bd45..b59abaa 100644
--- a/src/Pecee/SimpleRouter/Route/RoutePartialGroup.php
+++ b/src/Pecee/SimpleRouter/Route/RoutePartialGroup.php
@@ -1,8 +1,4 @@
fireEvents(EventHandler::EVENT_ADD_ROUTE, [
'route' => $route,
+ 'isSubRoute' => $this->isProcessingRoute,
]);
/*
@@ -184,7 +185,6 @@ class Router
*/
protected function renderAndProcess(IRoute $route): void
{
-
$this->isProcessingRoute = true;
$route->renderRoute($this->request, $this);
$this->isProcessingRoute = false;
diff --git a/tests/Pecee/SimpleRouter/CsrfVerifierTest.php b/tests/Pecee/SimpleRouter/CsrfVerifierTest.php
new file mode 100644
index 0000000..4d05b16
--- /dev/null
+++ b/tests/Pecee/SimpleRouter/CsrfVerifierTest.php
@@ -0,0 +1,66 @@
+getToken();
+
+ TestRouter::router()->reset();
+
+ $router = TestRouter::router();
+ $router->getRequest()->setMethod(\Pecee\Http\Request::REQUEST_TYPE_POST);
+ $router->getRequest()->setUrl(new \Pecee\Http\Url('/page'));
+ $csrf = new DummyCsrfVerifier();
+ $csrf->setTokenProvider($tokenProvider);
+
+ $csrf->handle($router->getRequest());
+
+ // If handle doesn't throw exception, the test has passed
+ $this->assertTrue(true);
+ }
+
+ public function testTokenFail()
+ {
+ $this->expectException(\Pecee\Http\Middleware\Exceptions\TokenMismatchException::class);
+
+ global $_POST;
+
+ $tokenProvider = new SilentTokenProvider();
+
+ $router = TestRouter::router();
+ $router->getRequest()->setMethod(\Pecee\Http\Request::REQUEST_TYPE_POST);
+ $router->getRequest()->setUrl(new \Pecee\Http\Url('/page'));
+ $csrf = new DummyCsrfVerifier();
+ $csrf->setTokenProvider($tokenProvider);
+
+ $csrf->handle($router->getRequest());
+ }
+
+ public function testExcludeInclude()
+ {
+ $router = TestRouter::router();
+ $csrf = new DummyCsrfVerifier();
+ $request = $router->getRequest();
+
+ $request->setUrl(new \Pecee\Http\Url('/exclude-page'));
+ $this->assertTrue($csrf->testSkip($router->getRequest()));
+
+ $request->setUrl(new \Pecee\Http\Url('/exclude-all/page'));
+ $this->assertTrue($csrf->testSkip($router->getRequest()));
+
+ $request->setUrl(new \Pecee\Http\Url('/exclude-all/include-page'));
+ $this->assertFalse($csrf->testSkip($router->getRequest()));
+
+ $request->setUrl(new \Pecee\Http\Url('/include-page'));
+ $this->assertFalse($csrf->testSkip($router->getRequest()));
+ }
+
+}
\ No newline at end of file
diff --git a/tests/Pecee/SimpleRouter/Dummy/CsrfVerifier/DummyCsrfVerifier.php b/tests/Pecee/SimpleRouter/Dummy/CsrfVerifier/DummyCsrfVerifier.php
new file mode 100644
index 0000000..a695452
--- /dev/null
+++ b/tests/Pecee/SimpleRouter/Dummy/CsrfVerifier/DummyCsrfVerifier.php
@@ -0,0 +1,18 @@
+skip($request);
+ }
+
+}
\ No newline at end of file
diff --git a/tests/Pecee/SimpleRouter/EventHandlerTest.php b/tests/Pecee/SimpleRouter/EventHandlerTest.php
index faaa5d9..4d73cc0 100644
--- a/tests/Pecee/SimpleRouter/EventHandlerTest.php
+++ b/tests/Pecee/SimpleRouter/EventHandlerTest.php
@@ -103,4 +103,52 @@ class EventHandlerTest extends \PHPUnit\Framework\TestCase
}
+ public function testCustomBasePath() {
+
+ $basePath = '/basepath/';
+
+ $eventHandler = new EventHandler();
+ $eventHandler->register(EventHandler::EVENT_ADD_ROUTE, function(EventArgument $data) use($basePath) {
+
+ // Add basepath
+ $basePath = rtrim($basePath, '/');
+
+ // Skip routes added by group
+ if($data->isSubRoute === false) {
+
+ switch (true) {
+ case $data->route instanceof \Pecee\SimpleRouter\Route\ILoadableRoute:
+ $data->route->setUrl($basePath . $data->route->getUrl());
+ break;
+ case $data->route instanceof \Pecee\SimpleRouter\Route\IGroupRoute:
+ $data->route->setPrefix($basePath . $data->route->getPrefix());
+ break;
+
+ }
+ }
+
+ });
+
+ $results = [];
+
+ TestRouter::addEventHandler($eventHandler);
+
+ TestRouter::get('/about', function() use(&$results) {
+ $results[] = 'about';
+ });
+
+ TestRouter::group(['prefix' => '/admin'], function() use(&$results) {
+ TestRouter::get('/', function() use(&$results) {
+ $results[] = 'admin';
+ });
+ });
+
+ TestRouter::router()->setRenderMultipleRoutes(false);
+ TestRouter::debugNoReset('/basepath/about');
+ TestRouter::debugNoReset('/basepath/admin');
+
+ $this->assertEquals(['about', 'admin'], $results);
+
+ }
+
}
\ No newline at end of file