Development

- Fixed updatae causing middlewares to sometimes load on wrong routes.
- Converted project to PSR/2.
- Updated InputCollection class and added get method for easy access to values.
- Complete refactor of RouterBase.
- Added findRoute method to RouterBase.
- It's now possible to change parameter modifiers and symbol by overwriting properties on RouterBase.
- Added RouterUrlTest unit-test for testing route-urls.
- Added IRestController that can be easily implemented in custom ResourceController-classes.
- It's now possible to use "-" instead of "_" when using getHeader method in Request class.
- Added PHPDocs.
- Fixed "/" route sometimes returning "//" as url.
- Optimisations and bugfixes.

src/Pecee/Http/Middleware/BaseCsrfVerifier.php

@@ -6,85 +6,90 @@ use Pecee\Exception\TokenMismatchException;
 use Pecee\Http\Request;
 use Pecee\SimpleRouter\RouterEntry;
 
-class BaseCsrfVerifier implements IMiddleware {
+class BaseCsrfVerifier implements IMiddleware
+{
+	const POST_KEY = 'csrf-token';
+	const HEADER_KEY = 'X-CSRF-TOKEN';
 
-    const POST_KEY = 'csrf-token';
-    const HEADER_KEY = 'X-CSRF-TOKEN';
+	protected $except;
+	protected $csrfToken;
+	protected $token;
 
-    protected $except;
-    protected $csrfToken;
-    protected $token;
+	public function __construct()
+	{
+		$this->csrfToken = new CsrfToken();
 
-    public function __construct() {
-        $this->csrfToken = new CsrfToken();
+		// Generate or get the CSRF-Token from Cookie.
+		$this->token = (!$this->hasToken()) ? $this->generateToken() : $this->csrfToken->getToken();
+	}
 
-        // Generate or get the CSRF-Token from Cookie.
-        $this->token = (!$this->hasToken()) ? $this->generateToken() : $this->csrfToken->getToken();
-    }
+	/**
+	 * Check if the url matches the urls in the except property
+	 * @param Request $request
+	 * @return bool
+	 */
+	protected function skip(Request $request)
+	{
+		if ($this->except === null || is_array($this->except) === false) {
+			return false;
+		}
 
-    /**
-     * Check if the url matches the urls in the except property
-     * @param Request $request
-     * @return bool
-     */
-    protected function skip(Request $request) {
+		foreach ($this->except as $url) {
+			$url = rtrim($url, '/');
+			if ($url[strlen($url) - 1] === '*') {
+				$url = rtrim($url, '*');
+				$skip = (stripos($request->getUri(), $url) === 0);
+			} else {
+				$skip = ($url === rtrim($request->getUri(), '/'));
+			}
 
-        if($this->except === null || !is_array($this->except)) {
-            return false;
-        }
+			if ($skip) {
+				return true;
+			}
+		}
 
-        foreach($this->except as $url) {
-            $url = rtrim($url, '/');
-            if($url[strlen($url)-1] === '*') {
-                $url = rtrim($url, '*');
-                $skip = (stripos($request->getUri(), $url) === 0);
-            } else {
-                $skip = ($url === rtrim($request->getUri(), '/'));
-            }
+		return false;
+	}
 
-            if($skip) {
-                return true;
-            }
-        }
+	public function handle(Request $request, RouterEntry &$route = null)
+	{
 
-        return false;
-    }
+		if ($request->getMethod() !== 'get' && !$this->skip($request)) {
 
-    public function handle(Request $request, RouterEntry &$route = null) {
+			$token = $request->getInput()->post->getValue(static::POST_KEY);
 
-        if($request->getMethod() !== 'get' && !$this->skip($request)) {
+			// If the token is not posted, check headers for valid x-csrf-token
+			if ($token === null) {
+				$token = $request->getHeader(static::HEADER_KEY);
+			}
 
-            $token = $request->getInput()->post->getValue(static::POST_KEY);
+			if (!$this->csrfToken->validate($token)) {
+				throw new TokenMismatchException('Invalid csrf-token.');
+			}
 
-            // If the token is not posted, check headers for valid x-csrf-token
-            if($token === null) {
-                $token = $request->getHeader(static::HEADER_KEY);
-            }
+		}
 
-            if( !$this->csrfToken->validate($token) ) {
-                throw new TokenMismatchException('Invalid csrf-token.');
-            }
+	}
 
-        }
+	public function generateToken()
+	{
+		$token = $this->csrfToken->generateToken();
+		$this->csrfToken->setToken($token);
+		return $token;
+	}
 
-    }
+	public function hasToken()
+	{
+		if ($this->token != null) {
+			return true;
+		}
 
-    public function generateToken() {
-        $token = $this->csrfToken->generateToken();
-        $this->csrfToken->setToken($token);
-        return $token;
-    }
+		return $this->csrfToken->hasToken();
+	}
 
-    public function hasToken() {
-        if($this->token != null) {
-            return true;
-        }
-
-        return $this->csrfToken->hasToken();
-    }
-
-    public function getToken() {
-        return $this->token;
-    }
+	public function getToken()
+	{
+		return $this->token;
+	}
 
 }