mirror of
https://github.com/skipperbent/simple-php-router.git
synced 2026-07-11 17:02:15 +00:00
Merge pull request #310 from skipperbent/v3-csrftoken-update
Csrf-token are now refreshed on each page-load to avoid timeout.
This commit is contained in:
+17
-6
@@ -1,4 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
namespace Pecee;
|
namespace Pecee;
|
||||||
|
|
||||||
class CsrfToken
|
class CsrfToken
|
||||||
@@ -48,24 +49,34 @@ class CsrfToken
|
|||||||
* Set csrf token cookie
|
* Set csrf token cookie
|
||||||
* Overwrite this method to save the token to another storage like session etc.
|
* Overwrite this method to save the token to another storage like session etc.
|
||||||
*
|
*
|
||||||
* @param $token
|
* @param string $token
|
||||||
*/
|
*/
|
||||||
public function setToken($token)
|
public function setToken($token)
|
||||||
{
|
{
|
||||||
|
$this->token = $token;
|
||||||
setcookie(static::CSRF_KEY, $token, time() + 60 * 120, '/');
|
setcookie(static::CSRF_KEY, $token, time() + 60 * 120, '/');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get csrf token
|
* Get csrf token
|
||||||
|
* @param string|null $defaultValue
|
||||||
* @return string|null
|
* @return string|null
|
||||||
*/
|
*/
|
||||||
public function getToken()
|
public function getToken($defaultValue = null)
|
||||||
{
|
{
|
||||||
if ($this->hasToken() === true) {
|
$this->token = ($this->hasToken() === true) ? $_COOKIE[static::CSRF_KEY] : null;
|
||||||
return $_COOKIE[static::CSRF_KEY];
|
|
||||||
}
|
|
||||||
|
|
||||||
return null;
|
return ($this->token !== null) ? $this->token : $defaultValue;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Refresh existing token
|
||||||
|
*/
|
||||||
|
public function refresh()
|
||||||
|
{
|
||||||
|
if ($this->token !== null) {
|
||||||
|
$this->setToken($this->token);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -20,7 +20,7 @@ class BaseCsrfVerifier implements IMiddleware
|
|||||||
$this->csrfToken = new CsrfToken();
|
$this->csrfToken = new CsrfToken();
|
||||||
|
|
||||||
// Generate or get the CSRF-Token from Cookie.
|
// Generate or get the CSRF-Token from Cookie.
|
||||||
$this->token = ($this->hasToken() === false) ? $this->generateToken() : $this->csrfToken->getToken();
|
$this->token = $this->csrfToken->getToken($this->generateToken());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -73,6 +73,9 @@ class BaseCsrfVerifier implements IMiddleware
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Refresh existing token
|
||||||
|
$this->csrfToken->refresh();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function generateToken()
|
public function generateToken()
|
||||||
|
|||||||
Reference in New Issue
Block a user