Merge pull request #25 from skipperbent/development

Development

README.md

@@ -1,5 +1,5 @@
 # Simple PHP router
-Simple, fast PHP router that is easy to get integrated and in almost any project. Heavily inspired by the Laravel router.
+Simple, fast and yet powerful PHP router that is easy to get integrated and in any project. Heavily inspired by the Laravel router.
 
 ## Installation
 Add the latest version pf Simple PHP Router to your ```composer.json```
@@ -17,13 +17,23 @@ Add the latest version pf Simple PHP Router to your ```composer.json```
 
 ## Notes
 
+### Features
+
+- Basic routing (get, post, put, delete) with support for custom multiple verbs.
+- Regular Expression Constraints for parameters.
+- Named routes.
+- Generating url to routes.
+- Route groups.
+- Middleware (classes that intercepts before the route is rendered).
+- Namespaces.
+- Route prefixes.
+- CSRF protection.
+
 ### Features currently "in-the-works"
 
 - Global Constraints
-- Named Routes
 - Sub-Domain Routing
-- CSRF Protection
-- Optinal/required parameters
+- Optional parameters
 
 ## Initialising the router
 
@@ -44,7 +54,7 @@ SimpleRouter::init($defaultControllerNamespace);
 ```
 
 ## Adding routes
-Remember the ```routes.php``` file you required in your ```index.php```? This file will contain all your custom rules for routing. 
+Remember the ```routes.php``` file you required in your ```index.php```? This file will contain all your custom rules for routing.
 This router is heavily inspired by the Laravel 5.* router, so anything you find in the Laravel documentation should work here as well.
 
 ### Basic example
@@ -54,8 +64,8 @@ use Pecee\SimpleRouter\SimpleRouter;
 
 /*
  * This route will match the url /v1/services/answers/1/
- 
- * The middleware is just a class that renders before the 
+
+ * The middleware is just a class that renders before the
  * Controller or callback is loaded. This is useful for stopping
  * the request, for instance if a user is not authenticated.
  */
@@ -66,13 +76,19 @@ SimpleRouter::group(['prefix' => 'v1', 'middleware' => '\MyWebsite\Middleware\So
 
         SimpleRouter::get('/answers/{id}', 'ControllerAnswers@show')
         ->where(['id' => '[0-9]+');
-        
-        // Resetful ressource
-        SimpleRouter::ressource('/rest', 'ControllerRessource');
-        
+
+        /**
+         * This example will route url when matching the regular expression to the method.
+         * For example route: /ajax/music/world -> ControllerAjax@process (parameter: music/world)
+         */
+        SimpleRouter::all('/ajax', 'ControllerAjax@process')->match('ajax\\/([A-Za-z0-9\\/]+)');
+
+        // Resetful resource
+        SimpleRouter::resource('/rest', 'ControllerRessource');
+
         // Load the entire controller (where url matches method names - getIndex(), postIndex() etc)
         SimpleRouter::controller('/controller', 'ControllerDefault');
-        
+
         // Example of providing callback instead of Controller
         SimpleRouter::get('/something', function() {
             die('Callback example');
@@ -84,7 +100,7 @@ SimpleRouter::group(['prefix' => 'v1', 'middleware' => '\MyWebsite\Middleware\So
 
 ### Doing it the object oriented (hardcore) way
 
-The ```SimpleRouter``` class referenced in the previous example, is just a simple helper class that knows how to communicate with the ```RouterBase``` class. 
+The ```SimpleRouter``` class referenced in the previous example, is just a simple helper class that knows how to communicate with the ```RouterBase``` class.
 If you are up for a challenge, want the full control or simply just want to create your own ```Router``` helper class, this example is for you.
 
 ```php
@@ -132,8 +148,11 @@ class Router extends SimpleRouter {
         // Init locale settings
         Locale::getInstance();
 
-        // Set default namespace
+        // Set default namespace for routes
         $defaultNamespace = '\\'.Registry::getInstance()->get('AppName') . '\\Controller';
+        
+        // Add custom csrf verifier (must extend BaseCsrfVerifier)
+        parent::csrfVerifier('MyProject\Middleware\CustomCsrfVerifier');
 
         // Handle exceptions
         try {
@@ -165,17 +184,62 @@ function url($controller, $parameters = null, $getParams = null) {
 }
 ```
 
-In ```routes.php``` we have added this route:
+This is a basic example for getting the current csrf token
 
-```SimpleRouter::get('/item/{id}', 'myController@show');```
+```php
+/**
+ * Get current csrf-token
+ * @return null|string
+ */
+function csrf_token() {
+    $token = new \Pecee\CsrfToken();
+    return $token->getToken();
+}
+```
 
-In the template we then call:
+## Getting urls
 
-```url('myController@show', ['id' => 22], ['category' => 'shoes']);``` 
+**In ```routes.php``` we have added this route:**
 
-Result url is:
+```php
+SimpleRouter::get('/item/{id}', 'myController@show', ['as' => 'item']);
+```
 
-```/item/22?category=shoes ```
+**In the template we then call:**
+
+```php
+url('item', ['id' => 22], ['category' => 'shoes']);
+```
+
+**Result url is:**
+
+```php
+/item/22/?category=shoes
+```
+
+## Custom CSRF verifier
+
+Create a new class and extend the ```BaseCsrfVerifier``` middleware class provided with simple-php-router.
+
+Add the property ```except``` with an array of the urls to the routes you would like to exclude from the CSRF validation. Using ```*``` at the end for the url will match the entire url.
+
+Querystrings are ignored.
+
+```php
+use Pecee\Http\Middleware\BaseCsrfVerifier;
+
+class CsrfVerifier extends BaseCsrfVerifier {
+
+    protected $except = ['/companies/*', '/user/save'];
+
+}
+```
+
+Register the new class in your ```routes.php```, custom ```Router``` class or wherever you register your routes.
+
+```php
+SimpleRouter::csrfVerifier(new \Demo\Middleware\CsrfVerifier());
+```
 
 ## Documentation
 While I work on a better documentation, please refer to the Laravel 5 routing documentation here:
@@ -183,4 +247,26 @@ While I work on a better documentation, please refer to the Laravel 5 routing do
 http://laravel.com/docs/5.1/routing
 
 ## Easily extendable
-The router can be easily extended to customize your needs. 
+The router can be easily extended to customize your needs.
+
+## The MIT License (MIT)
+
+Copyright (c) 2015 Simon Sessing� / simple-php-router
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

composer.json

@@ -20,7 +20,7 @@
     },
     "autoload": {
         "psr-4": {
-            "Pecee\\": "src/"
+            "Pecee\\": "src/Pecee/"
         }
     }
 }

src/Pecee/CsrfToken.php

@@ -3,37 +3,21 @@ namespace Pecee;
 
 class CsrfToken {
 
-    const CSRF_KEY = 'csrf_token';
+    const CSRF_KEY = 'XSRF-TOKEN';
 
-    protected static $instance;
-
-    protected $lastToken;
-    protected $currentToken;
-
-    public static function getInstance() {
-        if(self::$instance === null) {
-            self::$instance = new static();
-        }
-        return self::$instance;
-    }
+    protected $token;
 
     public function __construct() {
-        $this->lastToken = isset($_SESSION[self::CSRF_KEY]) ? $_SESSION[self::CSRF_KEY] : null;
-        $this->currentToken = $this->generate();
-
-        // Initialise session, if it hasn't been initialised.
-        if(!isset($_SESSION)) {
-            session_start();
+        if($this->getToken() === null) {
+            $this->setToken($this->generateToken());
         }
-
-        $_SESSION['csrf_token'] = $this->currentToken;
     }
 
     /**
      * Generate random identifier for CSRF token
      * @return string
      */
-    public static function generate() {
+    public static function generateToken() {
         if (function_exists('mcrypt_create_iv')) {
             return bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
         }
@@ -47,28 +31,30 @@ class CsrfToken {
      * @return bool
      */
     public function validate($token) {
-        return hash_equals($token, $_SESSION[self::CSRF_KEY]);
+        if($token !== null && $this->getToken() !== null) {
+            return hash_equals($token, $this->getToken());
+        }
+        return false;
     }
 
     /**
+     * Set csrf token cookie
+     *
+     * @param $token
+     */
+    public function setToken($token) {
+        setcookie(self::CSRF_KEY, $token, time() + 60 * 120, '/');
+    }
+
+    /**
+     * Get csrf token
      * @return string|null
      */
-    public function getLastToken(){
-        return $this->lastToken;
-    }
-
-    /**
-     * @param string|null $lastToken
-     */
-    public function setLastToken($lastToken){
-        $this->lastToken = $lastToken;
-    }
-
-    /**
-     * @return string|null
-     */
-    public function getCurrentToken(){
-        return $this->currentToken;
+    public function getToken(){
+        if(isset($_COOKIE[self::CSRF_KEY])) {
+            return $_COOKIE[self::CSRF_KEY];
+        }
+        return null;
     }
 
 }

src/Pecee/Exception/TokenMismatchException.php

@@ -0,0 +1,4 @@
+<?php
+namespace Pecee\Exception;
+
+class TokenMismatchException extends \Exception {}

src/Pecee/Http/Middleware/BaseCsrfVerifier.php

@@ -0,0 +1,68 @@
+<?php
+namespace Pecee\Http\Middleware;
+
+use Pecee\CsrfToken;
+use Pecee\Exception\TokenMismatchException;
+use Pecee\Http\Request;
+
+class BaseCsrfVerifier implements IMiddleware {
+
+    const POST_KEY = 'csrf-token';
+    const HEADER_KEY = 'X-CSRF-TOKEN';
+
+    protected $except;
+    protected $csrfToken;
+
+
+    public function __construct() {
+        $this->csrfToken = new CsrfToken();
+    }
+
+    /**
+     * Check if the url matches the urls in the except property
+     * @param Request $request
+     * @return bool
+     */
+    protected function skip(Request $request) {
+
+        if($this->except === null || !is_array($this->except)) {
+            return false;
+        }
+
+        foreach($this->except as $url) {
+            $url = rtrim($url, '/');
+            if($url[strlen($url)-1] === '*') {
+                $url = rtrim($url, '*');
+                $skip = (stripos($request->getUri(), $url) === 0);
+            } else {
+                $skip = ($url === rtrim($request->getUri(), '/'));
+            }
+
+            if($skip) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    public function handle(Request $request) {
+
+        if($request->getMethod() != 'get' && !$this->skip($request)) {
+
+            $token = (isset($_POST[self::POST_KEY])) ? $_POST[self::POST_KEY] : null;
+
+            // If the token is not posted, check headers for valid x-csrf-token
+            if($token === null) {
+                $token = $request->getHeader(self::HEADER_KEY);
+            }
+
+            if( !$this->csrfToken->validate( $token ) ) {
+                throw new TokenMismatchException('Invalid csrf-token.');
+            }
+
+        }
+
+    }
+
+}

src/Pecee/Http/Middleware/IMiddleware.php

@@ -0,0 +1,8 @@
+<?php
+namespace Pecee\Http\Middleware;
+
+use Pecee\Http\Request;
+
+interface IMiddleware {
+    public function handle(Request $request);
+}

src/Pecee/Http/Middleware/Middleware.php

@@ -1,13 +0,0 @@
-<?php
-
-namespace Pecee\Http\Middleware;
-
-use Pecee\Http\Request;
-use Pecee\SimpleRouter\RouterEntry;
-
-abstract class Middleware
-{
-    public function handle(Request $request) {
-        return true;
-    }
-}

src/Pecee/Http/Middleware/VerifyCsrfToken.php

@@ -1,9 +0,0 @@
-<?php
-
-namespace Pecee\Http\Middleware;
-
-class VerifyCsrfToken extends Middleware {
-
-
-
-}

src/Pecee/Http/Request.php

@@ -3,14 +3,31 @@ namespace Pecee\Http;
 
 class Request {
 
+    protected static $instance;
+
+    protected $data;
     protected $uri;
     protected $host;
     protected $method;
+    protected $headers;
+
+    /**
+     * Return new instance
+     * @return static
+     */
+    public static function getInstance() {
+        if(self::$instance === null) {
+            self::$instance = new static();
+        }
+        return self::$instance;
+    }
 
     public function __construct() {
+        $this->data = array();
         $this->host = $_SERVER['HTTP_HOST'];
-        $this->uri = rtrim($_SERVER['REQUEST_URI'], '/') . '/';
+        $this->uri = $_SERVER['REQUEST_URI'];
         $this->method = (isset($_POST['_method'])) ? strtolower($_POST['_method']) : strtolower($_SERVER['REQUEST_METHOD']);
+        $this->headers = array_change_key_case(getallheaders(), CASE_LOWER);
     }
 
     /**
@@ -39,8 +56,74 @@ class Request {
      * @return string|null
      */
     public function getUser() {
-        $data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);
-        return (isset($data['username'])) ? $data['username'] : null;
+        return (isset($_SERVER['PHP_AUTH_USER'])) ? $_SERVER['PHP_AUTH_USER']: null;
+    }
+
+    /**
+     * Get http basic auth password
+     * @return string|null
+     */
+    public function getPassword() {
+        return (isset($_SERVER['PHP_AUTH_PW'])) ? $_SERVER['PHP_AUTH_PW']: null;
+    }
+
+    /**
+     * Get headers
+     * @return array
+     */
+    public function getHeaders() {
+        return $this->headers;
+    }
+
+    /**
+     * Get id address
+     * @return string
+     */
+    public function getIp() {
+        return isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
+    }
+
+    /**
+     * Get referer
+     * @return string
+     */
+    public function getReferer() {
+        return isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
+    }
+
+    /**
+     * Get user agent
+     * @return string
+     */
+    public function getUserAgent() {
+        return isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
+    }
+
+    /**
+     * Get header value by name
+     * @param string $name
+     * @return string|null
+     */
+    public function getHeader($name) {
+        return (isset($this->headers[strtolower($name)])) ? $this->headers[strtolower($name)] : null;
+    }
+
+    /**
+     * Get request input or default value
+     * @param string $name
+     * @param string $defaultValue
+     * @return mixed
+     */
+    public function getInput($name, $defaultValue) {
+        return (isset($_REQUEST[$name]) ? $_REQUEST[$name] : $defaultValue);
+    }
+
+    public function __set($name, $value = null) {
+        $this->data[$name] = $value;
+    }
+
+    public function __get($name) {
+        return isset($this->data[$name]) ? $this->data[$name] : null;
     }
 
 }

src/Pecee/Http/Response.php

@@ -21,7 +21,66 @@ class Response {
      * @param string $url
      */
     public function redirect($url) {
-        header('location: ' . $url);
+        $this->header('Location: ' . $url);
+        die();
+    }
+
+    public function refresh() {
+        $this->redirect(url());
+    }
+
+    /**
+     * Add http authorisation
+     * @param string $name
+     * @return self $this
+     */
+    public function auth($name = '') {
+        $this->headers([
+            'WWW-Authenticate: Basic realm="' . $name . '"',
+            'HTTP/1.0 401 Unauthorized'
+        ]);
+        return $this;
+    }
+
+    public function cache($duration = 2592000) {
+        $this->headers([
+            'Cache-Control: public,max-age='.$duration.',must-revalidate',
+            'Expires: '.gmdate('D, d M Y H:i:s',(time()+$duration)).' GMT',
+            'Last-modified: '.gmdate('D, d M Y H:i:s',time()).' GMT'
+        ]);
+        return $this;
+    }
+
+    /**
+     * Json encode array
+     * @param array $value
+     */
+    public function json(array $value) {
+        $this->header('Content-type: application/json');
+        echo json_encode($value);
+        die();
+    }
+
+    /**
+     * Add header to response
+     * @param string $value
+     * @return self $this
+     */
+    public function header($value) {
+        header($value);
+        return $this;
+    }
+
+    /**
+     * Add multiple headers to response
+     * @param array $headers
+     * @return self $this
+     */
+    public function headers(array $headers) {
+        foreach($headers as $header) {
+            header($header);
+        }
+        return $this;
     }
 
 }

src/Pecee/SimpleRouter/RouterBase.php

@@ -1,6 +1,8 @@
 <?php
 namespace Pecee\SimpleRouter;
 
+use Pecee\ArrayUtil;
+use Pecee\Http\Middleware\BaseCsrfVerifier;
 use Pecee\Http\Request;
 use Pecee\Url;
 
@@ -16,6 +18,7 @@ class RouterBase {
     protected $backstack;
     protected $loadedRoute;
     protected $defaultNamespace;
+    protected $baseCsrfVerifier;
 
     // TODO: make interface for controller routers, so they can be easily detected
     // TODO: clean up - cut some of the methods down to smaller pieces
@@ -24,7 +27,8 @@ class RouterBase {
         $this->routes = array();
         $this->backstack = array();
         $this->controllerUrlMap = array();
-        $this->request = new Request();
+        $this->request = Request::getInstance();
+        $this->baseCsrfVerifier = new BaseCsrfVerifier();
     }
 
     public function addRoute(RouterEntry $route) {
@@ -54,6 +58,7 @@ class RouterBase {
 
             $newPrefixes = $prefixes;
             $mergedSettings = array_merge($settings, $route->getMergeableSettings());
+
             if($route->getPrefix()) {
                 array_push($newPrefixes, rtrim($route->getPrefix(), '/'));
             }
@@ -84,25 +89,44 @@ class RouterBase {
     }
 
     public function routeRequest() {
-        // Loop through each route-request
 
+        // Verify csrf token for request
+        if($this->baseCsrfVerifier !== null) {
+            /* @var $csrfVerifier BaseCsrfVerifier */
+            $csrfVerifier = $this->baseCsrfVerifier;
+            $csrfVerifier = new $csrfVerifier();
+            $csrfVerifier->handle($this->request);
+        }
+
+        // Loop through each route-request
         $this->processRoutes($this->routes);
 
-        // Make sure the urls is in the right order when comparing
-        usort($this->controllerUrlMap, function($a, $b) {
-            return strcmp($b->getUrl(), $a->getUrl());
-        });
+        $routeNotAllowed = false;
 
+        /* @var $route RouterEntry */
         foreach($this->controllerUrlMap as $route) {
             $routeMatch = $route->matchRoute($this->request);
 
             if($routeMatch && !($routeMatch instanceof RouterGroup)) {
+
+                if(count($route->getRequestMethods()) && !in_array($this->request->getMethod(), $route->getRequestMethods())) {
+                    $routeNotAllowed = true;
+                    continue;
+                }
+
+                $routeNotAllowed = false;
+
                 $this->loadedRoute = $routeMatch;
+                $routeMatch->loadMiddleware($this->request);
                 $routeMatch->renderRoute($this->request);
                 break;
             }
         }
 
+        if($routeNotAllowed) {
+            throw new RouterException('Route or method not allowed', 403);
+        }
+
         if(!$this->loadedRoute) {
             throw new RouterException(sprintf('Route not found: %s', $this->request->getUri()), 404);
         }
@@ -162,15 +186,34 @@ class RouterBase {
         return $this->request;
     }
 
+    /**
+     * Get base csrf verifier class
+     * @return BaseCsrfVerifier
+     */
+    public function getBaseCsrfVerifier() {
+        return $this->baseCsrfVerifier;
+    }
+
+    /**
+     * Set base csrf verifier class
+     *
+     * @param BaseCsrfVerifier $baseCsrfVerifier
+     * @return self
+     */
+    public function setBaseCsrfVerifier(BaseCsrfVerifier $baseCsrfVerifier) {
+        $this->baseCsrfVerifier = $baseCsrfVerifier;
+        return $this;
+    }
+
     protected function processUrl($route, $method = null, $parameters = null, $getParams = null) {
 
-        $url = rtrim($route->getUrl(), '/') . '/';
+        $url = '/' . trim($route->getUrl(), '/');
 
-        if(($route instanceof RouterController || $route instanceof RouterRessource) && $method !== null) {
-            $url .= $method . '/';
+        if(($route instanceof RouterController || $route instanceof RouterResource) && $method !== null) {
+            $url .= $method;
         }
 
-        if($route instanceof RouterController || $route instanceof RouterRessource) {
+        if($route instanceof RouterController || $route instanceof RouterResource) {
             if(count($parameters)) {
                 $url .= join('/', $parameters);
             }
@@ -181,18 +224,22 @@ class RouterBase {
                 $i = 0;
                 foreach($params as $param => $value) {
                     $value = (isset($parameters[$param])) ? $parameters[$param] : $value;
-                    $url = str_ireplace('{' . $param. '}', $value, $route->getUrl());
+                    $url = str_ireplace('{' . $param. '}', $value, $url);
                     $i++;
                 }
+            } else {
+                // If no parameters are specified in the route, assume that the provided parameters should be used.
+                if(count($parameters)) {
+                    $url = rtrim($url, '/') . '/' . join('/', $parameters);
+                }
             }
         }
 
-        $p = '';
-        if($getParams !== null && count($getParams)) {
-            $p = '?'.Url::arrayToParams($getParams);
-        }
+        $url = rtrim($url, '/') . '/';
 
-        $url .= $p;
+        if($getParams !== null && count($getParams)) {
+            $url .= '?'.Url::arrayToParams($getParams);
+        }
 
         return $url;
     }
@@ -207,15 +254,24 @@ class RouterBase {
             throw new \InvalidArgumentException('Invalid type for getParams. Must be array or null');
         }
 
+        if($controller === null && $parameters === null && $this->loadedRoute !== null) {
+            return $this->processUrl($this->loadedRoute, null, $getParams);
+        }
+
         $c = '';
         $method = null;
 
         /* @var $route RouterRoute */
         foreach($this->controllerUrlMap as $route) {
 
+            // Check an alias exist, if the matches - use it
+            if($route instanceof RouterRoute && strtolower($route->getAlias()) === strtolower($controller)) {
+                return $this->processUrl($route, $route->getMethod(), $parameters, $getParams);
+            }
+
             if($route instanceof RouterRoute && !is_callable($route->getCallback()) && stripos($route->getCallback(), '@') !== false) {
                 $c = $route->getCallback();
-            } else if($route instanceof RouterController || $route instanceof RouterRessource) {
+            } else if($route instanceof RouterController || $route instanceof RouterResource) {
                 $c = $route->getController();
             }
 
@@ -230,7 +286,7 @@ class RouterBase {
         foreach($this->controllerUrlMap as $route) {
             if($route instanceof RouterRoute && !is_callable($route->getCallback()) && stripos($route->getCallback(), '@') !== false) {
                 $c = $route->getClass();
-            } else if($route instanceof RouterController || $route instanceof RouterRessource) {
+            } else if($route instanceof RouterController || $route instanceof RouterResource) {
                 $c = $route->getController();
             }
 
@@ -245,15 +301,20 @@ class RouterBase {
             }
         }
 
-        // Nothing found - return current route
-        if($this->loadedRoute) {
-            $getParams = ($getParams === null) ? array() : $getParams;
-            $params = ($this->loadedRoute->getParameters() == null) ? array() : $this->loadedRoute->getParameters();
-            $parameters = ($parameters === null) ? array() : $parameters;
-            return $this->processUrl($this->loadedRoute, null, array_merge($params, $parameters), array_merge($_GET, $getParams));
+        $controller = ($controller === null) ? '/' : $controller;
+        $url = array($controller);
+
+        if(is_array($parameters)) {
+            ArrayUtil::append($url, $parameters);
         }
 
-        return '/';
+        $url = '/' . trim(join('/', $url), '/') . '/';
+
+        if(is_array($getParams)) {
+            $url .= '?' . Url::arrayToParams($getParams);
+        }
+
+        return $url;
     }
 
     public static function getInstance() {

src/Pecee/SimpleRouter/RouterController.php

@@ -17,6 +17,29 @@ class RouterController extends RouterEntry {
         $this->controller = $controller;
     }
 
+    public function renderRoute(Request $request) {
+        if(is_object($this->getCallback()) && is_callable($this->getCallback())) {
+
+            // When the callback is a function
+            call_user_func_array($this->getCallback(), $this->getParameters());
+        } else {
+            // When the callback is a method
+            $controller = explode('@', $this->getCallback());
+            $className = $this->getNamespace() . '\\' . $controller[0];
+
+            $class = $this->loadClass($className);
+            $method = $request->getMethod() . ucfirst($controller[1]);
+
+            if (!method_exists($class, $method)) {
+                throw new RouterException(sprintf('Method %s does not exist in class %s', $method, $className), 404);
+            }
+
+            call_user_func_array(array($class, $method), $this->getParameters());
+
+            return $class;
+        }
+    }
+
     public function matchRoute(Request $request) {
         $url = parse_url($request->getUri());
         $url = rtrim($url['path'], '/') . '/';

src/Pecee/SimpleRouter/RouterEntry.php

@@ -2,7 +2,7 @@
 
 namespace Pecee\SimpleRouter;
 
-use Pecee\Http\Middleware\Middleware;
+use Pecee\Http\Middleware\IMiddleware;
 use Pecee\Http\Request;
 
 abstract class RouterEntry {
@@ -10,24 +10,26 @@ abstract class RouterEntry {
     const REQUEST_TYPE_POST = 'post';
     const REQUEST_TYPE_GET = 'get';
     const REQUEST_TYPE_PUT = 'put';
+    const REQUEST_TYPE_PATCH = 'patch';
     const REQUEST_TYPE_DELETE = 'delete';
 
     public static $allowedRequestTypes = array(
         self::REQUEST_TYPE_DELETE,
         self::REQUEST_TYPE_GET,
         self::REQUEST_TYPE_POST,
-        self::REQUEST_TYPE_PUT
+        self::REQUEST_TYPE_PUT,
+        self::REQUEST_TYPE_PATCH
     );
 
     protected $settings;
     protected $callback;
     protected $parameters;
-    protected $parametersRegex;
 
     public function __construct() {
         $this->settings = array();
+        $this->settings['requestMethods'] = array();
+        $this->settings['parametersRegex'] = array();
         $this->parameters = array();
-        $this->parametersRegex = array();
     }
 
     /**
@@ -158,6 +160,17 @@ abstract class RouterEntry {
         return $this;
     }
 
+    /**
+     * Add regular expression match for url
+     *
+     * @param string $regex
+     * @return self
+     */
+    public function match($regex) {
+        $this->regexMatch = $regex;
+        return $this;
+    }
+
     /**
      * Get settings that are allowed to be inherited by child routes.
      *
@@ -166,9 +179,9 @@ abstract class RouterEntry {
     public function getMergeableSettings() {
         $settings = $this->settings;
 
-        if(isset($settings['middleware'])) {
+        /*if(isset($settings['middleware'])) {
             unset($settings['middleware']);
-        }
+        }*/
 
         if(isset($settings['prefix'])) {
             unset($settings['prefix']);
@@ -181,8 +194,10 @@ abstract class RouterEntry {
      * @param array $settings
      * @return self
      */
-    public function addSettings(array $settings) {
-        $this->settings = array_merge($this->settings, $settings);
+    public function addSettings(array $settings = null) {
+        if(is_array($settings)) {
+            $this->settings = array_merge($this->settings, $settings);
+        }
         return $this;
     }
 
@@ -193,7 +208,7 @@ abstract class RouterEntry {
     public function setSettings($settings) {
         $this->settings = $settings;
 
-        if($settings['prefix']) {
+        if(isset($settings['prefix'])) {
             $this->setPrefix($settings['prefix']);
         }
 
@@ -228,21 +243,31 @@ abstract class RouterEntry {
         return new $name();
     }
 
-    protected function loadMiddleware(Request $request) {
+    public function loadMiddleware(Request $request) {
         if($this->getMiddleware()) {
-            if (!($this->getMiddleware() instanceof Middleware)) {
-                throw new RouterException($this->getMiddleware() . ' must be instance of Middleware');
-            }
+            if(is_array($this->getMiddleware())) {
+                foreach($this->getMiddleware() as $middleware) {
+                    $middleware = $this->loadClass($middleware);
+                    if (!($middleware instanceof IMiddleware)) {
+                        throw new RouterException($middleware . ' must be instance of Middleware');
+                    }
 
-            /* @var $class Middleware */
-            $class = $this->loadClass($this->getMiddleware());
-            $class->handle($request);
+                    /* @var $class Middleware */
+                    $middleware->handle($request);
+                }
+            } else {
+                $middleware = $this->loadClass($this->getMiddleware());
+                if (!($middleware instanceof IMiddleware)) {
+                    throw new RouterException($this->getMiddleware() . ' must be instance of Middleware');
+                }
+
+                /* @var $class Middleware */
+                $middleware->handle($request);
+            }
         }
     }
 
     public function renderRoute(Request $request) {
-        // Load middleware
-        $this->loadMiddleware($request);
 
         if(is_object($this->getCallback()) && is_callable($this->getCallback())) {
 
@@ -254,7 +279,7 @@ abstract class RouterEntry {
             $className = $this->getNamespace() . '\\' . $controller[0];
 
             $class = $this->loadClass($className);
-            $method = $request->getMethod() . ucfirst($controller[1]);
+            $method = $controller[1];
 
             if (!method_exists($class, $method)) {
                 throw new RouterException(sprintf('Method %s does not exist in class %s', $method, $className), 404);
@@ -268,6 +293,30 @@ abstract class RouterEntry {
         return null;
     }
 
+    /**
+     * Set allowed request methods
+     *
+     * @param array $methods
+     * @return self $this
+     */
+    public function setRequestMethods(array $methods) {
+        $this->settings['requestMethods'] = $methods;
+        return $this;
+    }
+
+    /**
+     * Get allowed requeset methods
+     *
+     * @return array
+     */
+    public function getRequestMethods() {
+        if(!isset($this->settings['requestMethods']) || isset($this->settings['requestMethods']) && !is_array($this->settings['requestMethods'])) {
+            $value = isset($this->settings['requestMethods']) ? $this->settings['requestMethods'] : null;
+            return array($value);
+        }
+        return $this->settings['requestMethods'];
+    }
+
     abstract function matchRoute(Request $request);
 
 }

src/Pecee/SimpleRouter/RouterGroup.php

@@ -10,18 +10,18 @@ class RouterGroup extends RouterEntry {
         parent::__construct();
     }
 
-    public function matchRoute(Request $request) {
+    public function renderRoute(Request $request) {
         // Check if request method is allowed
 
-        if(strtolower($request->getUri()) == strtolower($this->prefix) || stripos($request->getUri(), $this->prefix) === 0) {
+        if(trim($this->prefix) === '' || strtolower($request->getUri()) == strtolower($this->prefix) || stripos($request->getUri(), $this->prefix) === 0) {
 
             $hasAccess = (!$this->method);
 
             if($this->method) {
                 if(is_array($this->method)) {
-                    $hasAccess = (in_array($request->getMethod(), $this->method));
+                    $hasAccess = (in_array($request->getMethod(), $this->getRequestMethods()));
                 } else {
-                    $hasAccess = strtolower($this->method) == strtolower($request->getMethod());
+                    $hasAccess = strtolower($this->getRequestMethods()) == strtolower($request->getMethod());
                 }
             }
 
@@ -29,11 +29,17 @@ class RouterGroup extends RouterEntry {
                 throw new RouterException('Method not allowed');
             }
 
-            return $this;
+            $this->loadMiddleware($request);
+
+            return parent::renderRoute($request);
         }
 
         // No match here, move on...
         return null;
     }
 
+    public function matchRoute(Request $request) {
+        return null;
+    }
+
 }

src/Pecee/SimpleRouter/RouterResource.php

@@ -3,7 +3,7 @@ namespace Pecee\SimpleRouter;
 
 use Pecee\Http\Request;
 
-class RouterRessource extends RouterEntry {
+class RouterResource extends RouterEntry {
 
     const DEFAULT_METHOD = 'index';
 
@@ -20,9 +20,6 @@ class RouterRessource extends RouterEntry {
     }
 
     public function renderRoute(Request $request) {
-        // Load middleware
-        $this->loadMiddleware($request);
-
         if(is_object($this->getCallback()) && is_callable($this->getCallback())) {
             // When the callback is a function
             call_user_func_array($this->getCallback(), $this->getParameters());

src/Pecee/SimpleRouter/RouterRoute.php

@@ -6,8 +6,9 @@ use Pecee\Http\Request;
 
 class RouterRoute extends RouterEntry {
 
+    const PARAMETERS_REGEX_MATCH = '{([A-Za-z\-\_]*?)}';
+
     protected $url;
-    protected $requestTypes;
 
     public function __construct($url, $callback) {
         parent::__construct();
@@ -15,16 +16,16 @@ class RouterRoute extends RouterEntry {
         $this->setCallback($callback);
 
         $this->settings['aliases'] = array();
-        $this->requestTypes = array();
     }
 
-    protected function parseParameters($url, $multiple = false) {
+    protected function parseParameters($url, $multiple = false, $regex = self::PARAMETERS_REGEX_MATCH) {
+        $url = rtrim($url, '/');
         $parameters = array();
 
         if($multiple) {
-            preg_match_all('/{([A-Za-z\-\_]*?)}/is', $url, $parameters);
+            preg_match_all('/'.$regex.'/is', $url, $parameters);
         } else {
-            preg_match('/{([A-Za-z\-\_]*?)}/is', $url, $parameters);
+            preg_match('/'.$regex.'/is', $url, $parameters);
         }
 
         if(isset($parameters[1]) && count($parameters[1]) > 0) {
@@ -37,56 +38,71 @@ class RouterRoute extends RouterEntry {
     public function matchRoute(Request $request) {
 
         // Check if request method is allowed
-        if(count($this->requestTypes) === 0 || in_array($request->getMethod(), $this->requestTypes)) {
 
-            $url = parse_url($request->getUri());
-            $url = $url['path'];
+        $url = parse_url($request->getUri());
+        $url = $url['path'];
 
-            $url = explode('/', trim($url, '/'));
-            $route = explode('/', trim($this->url, '/'));
+        $route = $this->url;
 
-            // Check if url parameter count matches
-            if(count($url) === count($route)) {
+        $routeMatch = preg_replace('/'.self::PARAMETERS_REGEX_MATCH.'/is', '', $route);
+
+        // Check if url parameter count matches
+        if(stripos($url, $routeMatch) === 0) {
+
+            $matches = true;
+
+            if($this->regexMatch) {
+                $parameters = $this->parseParameters($url, true, $this->regexMatch);
+
+                // If regex doesn't match, make sure to return an array
+                if(!is_array($parameters)) {
+                    $parameters = array();
+                }
+
+            } else {
+
+                $matches = (count(explode('/', rtrim($url, '/'))) == count(explode('/', rtrim($route, '/'))));
+
+                $url = explode('/', $url);
+                $route = explode('/', rtrim($route, '/'));
 
                 $parameters = array();
 
-                $matches = true;
-
                 // Check if url matches
-                foreach($route as $i => $path) {
-                    $parameter = $this->parseParameters($path);
+                foreach ($route as $i => $path) {
+                    $parameter = $this->parseParameters($path, false);
 
                     // Check if parameter of path matches, otherwise quit..
-                    if(is_null($parameter) && strtolower($path) != strtolower($url[$i])) {
+                    if (is_null($parameter) && strtolower($path) != strtolower($url[$i])) {
                         $matches = false;
                         break;
                     }
 
                     // Save parameter if we have one
-                    if($parameter) {
+                    if ($parameter) {
                         $parameterValue = $url[$i];
                         $regex = (isset($this->parametersRegex[$parameter]) ? $this->parametersRegex[$parameter] : null);
 
-                        if($regex !== null) {
+                        if ($regex !== null) {
                             // Use the regular expression rule provided to filter the value
                             $matches = array();
-                            preg_match('/'.$regex.'/is', $url[$i], $matches);
+                            preg_match('/' . $regex . '/is', $url[$i], $matches);
 
-                            if(count($matches)) {
+                            if (count($matches)) {
                                 $parameterValue = $matches[0];
                             }
                         }
 
-                        // Add parameter value
-                        $parameters[$parameter] = $parameterValue;
+                        // Add parameter value, if it doesn't exist - replace it with null value
+                        $parameters[$parameter] = ($parameterValue === '') ? null : $parameterValue;
                     }
                 }
+            }
 
-                // This route matches
-                if($matches) {
-                    $this->parameters = $parameters;
-                    return $this;
-                }
+            // This route matches
+            if($matches) {
+                $this->parameters = $parameters;
+                return $this;
             }
         }
 
@@ -120,51 +136,31 @@ class RouterRoute extends RouterEntry {
     }
 
     /**
-     * @param array $aliases
-     * @return self
+     * Get alias for the url which can be used when getting the url route.
+     * @return string
      */
-    public function setAliases(array $aliases) {
-        $this->aliases = $aliases;
-        return $this;
+    public function getAlias(){
+        return $this->alias;
     }
 
     /**
-     * Add alias
-     *
-     * @param $alias
+     * Set the url alias for easier getting the url route.
+     * @param string $alias
      * @return self
      */
-    public function addAlias($alias) {
-        $arr = $this->aliases;
-        $arr[] = $alias;
-        $this->aliases = $arr;
+    public function setAlias($alias){
+        $this->alias = $alias;
         return $this;
     }
 
-    public function getAliases() {
-        $this->aliases;
-    }
+    public function setSettings($settings) {
 
-    /**
-     * Add request type
-     *
-     * @param $type
-     * @return self
-     * @throws RouterException
-     */
-    public function addRequestType($type) {
-        if(!in_array($type, self::$allowedRequestTypes)) {
-            throw new RouterException('Invalid request method: ' . $type);
+        // Change as to alias
+        if(isset($settings{'as'})) {
+            $this->setAlias($settings['as']);
         }
 
-        $this->requestTypes[] = $type;
-        return $this;
+        return parent::setSettings($settings);
     }
 
-    /**
-     * @return mixed
-     */
-    public function getRequestTypes() {
-        return $this->requestTypes;
-    }
 }

src/Pecee/SimpleRouter/SimpleRouter.php

@@ -9,17 +9,33 @@
 
 namespace Pecee\SimpleRouter;
 
+use Pecee\Http\Middleware\BaseCsrfVerifier;
+
 class SimpleRouter {
 
+    /**
+     * Start/route request
+     * @param null $defaultNamespace
+     * @throws RouterException
+     */
     public static function start($defaultNamespace = null) {
         $router = RouterBase::GetInstance();
         $router->setDefaultNamespace($defaultNamespace);
         $router->routeRequest();
     }
 
-    public static function get($url, $callback) {
+    /**
+     * Set base csrf verifier
+     * @param BaseCsrfVerifier $baseCsrfVerifier
+     */
+    public static function csrfVerifier(BaseCsrfVerifier $baseCsrfVerifier) {
+        RouterBase::getInstance()->setBaseCsrfVerifier($baseCsrfVerifier);
+    }
+
+    public static function get($url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
-        $route->addRequestType(RouterRoute::REQUEST_TYPE_GET);
+        $route->addSettings($settings);
+        $route->setRequestMethods(array(RouterRoute::REQUEST_TYPE_GET));
 
         $router = RouterBase::getInstance();
         $router->addRoute($route);
@@ -27,9 +43,10 @@ class SimpleRouter {
         return $route;
     }
 
-    public static function post($url, $callback) {
+    public static function post($url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
-        $route->addRequestType(RouterRoute::REQUEST_TYPE_POST);
+        $route->addSettings($settings);
+        $route->setRequestMethods(array(RouterRoute::REQUEST_TYPE_POST));
 
         $router = RouterBase::getInstance();
         $router->addRoute($route);
@@ -37,9 +54,10 @@ class SimpleRouter {
         return $route;
     }
 
-    public static function put($url, $callback) {
+    public static function put($url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
-        $route->addRequestType(RouterRoute::REQUEST_TYPE_PUT);
+        $route->addSettings($settings);
+        $route->setRequestMethods(array(RouterRoute::REQUEST_TYPE_PUT, RouterRoute::REQUEST_TYPE_PATCH));
 
         $router = RouterBase::getInstance();
         $router->addRoute($route);
@@ -47,9 +65,10 @@ class SimpleRouter {
         return $route;
     }
 
-    public static function delete($url, $callback) {
+    public static function delete($url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
-        $route->addRequestType(RouterRoute::REQUEST_TYPE_DELETE);
+        $route->addSettings($settings);
+        $route->setRequestMethods(array(RouterRoute::REQUEST_TYPE_DELETE));
 
         $router = RouterBase::getInstance();
         $router->addRoute($route);
@@ -71,11 +90,10 @@ class SimpleRouter {
         return $group;
     }
 
-    public static function match(array $requestTypes, $url, $callback) {
+    public static function match(array $requestMethods, $url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
-        foreach($requestTypes as $requestType) {
-            $route->addRequestType($requestType);
-        }
+        $route->setRequestMethods($requestMethods);
+        $route->addSettings($settings);
 
         $router = RouterBase::getInstance();
         $router->addRoute($route);
@@ -83,31 +101,34 @@ class SimpleRouter {
         return $route;
     }
 
-    public static function all($url, $callback) {
+    public static function all($url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
+        $route->addSettings($settings);
         $router = RouterBase::getInstance();
         $router->addRoute($route);
 
         return $route;
     }
 
-    public static function controller($url, $controller) {
+    public static function controller($url, $controller, array $settings = null) {
         $route = new RouterController($url, $controller);
+        $route->addSettings($settings);
         $router = RouterBase::getInstance();
         $router->addRoute($route);
 
         return $route;
     }
 
-    public static function ressource($url, $controller) {
-        $route = new RouterRessource($url, $controller);
+    public static function resource($url, $controller, array $settings = null) {
+        $route = new RouterResource($url, $controller);
+        $route->addSettings($settings);
         $router = RouterBase::getInstance();
         $router->addRoute($route);
 
         return $route;
     }
 
-    public function getRoute($controller = null, $parameters = null, $getParams = null) {
+    public static function getRoute($controller = null, $parameters = null, $getParams = null) {
         return RouterBase::getInstance()->getRoute($controller, $parameters, $getParams);
     }