Merge pull request #52 from skipperbent/development

[TASK] Csrf-token fixes + readded BaseCsrfVerifier.

README.md

@@ -1,5 +1,5 @@
 # Simple PHP router
-Simple, fast PHP router that is easy to get integrated and in almost any project. Heavily inspired by the Laravel router.
+Simple, fast and yet powerful PHP router that is easy to get integrated and in any project. Heavily inspired by the Laravel router.
 
 ## Installation
 Add the latest version pf Simple PHP Router to your ```composer.json```
@@ -17,13 +17,25 @@ Add the latest version pf Simple PHP Router to your ```composer.json```
 
 ## Notes
 
+The goal of this project is to create a router that is 100% compatible with the Laravel documentation, but as simple as possible and as easy to integrate and change as possible.
+
+### Features
+
+- Basic routing (get, post, put, delete) with support for custom multiple verbs.
+- Regular Expression Constraints for parameters.
+- Named routes.
+- Generating url to routes.
+- Route groups.
+- Middleware (classes that intercepts before the route is rendered).
+- Namespaces.
+- Route prefixes.
+- CSRF protection.
+- Optional parameters
+- Sub-domain routing
+
 ### Features currently "in-the-works"
 
 - Global Constraints
-- Named Routes
-- Sub-Domain Routing
-- CSRF Protection
-- Optinal/required parameters
 
 ## Initialising the router
 
@@ -44,7 +56,7 @@ SimpleRouter::init($defaultControllerNamespace);
 ```
 
 ## Adding routes
-Remember the ```routes.php``` file you required in your ```index.php```? This file will contain all your custom rules for routing. 
+Remember the ```routes.php``` file you required in your ```index.php```? This file will contain all your custom rules for routing.
 This router is heavily inspired by the Laravel 5.* router, so anything you find in the Laravel documentation should work here as well.
 
 ### Basic example
@@ -54,25 +66,33 @@ use Pecee\SimpleRouter\SimpleRouter;
 
 /*
  * This route will match the url /v1/services/answers/1/
- 
- * The middleware is just a class that renders before the 
+
+ * The middleware is just a class that renders before the
  * Controller or callback is loaded. This is useful for stopping
  * the request, for instance if a user is not authenticated.
  */
 
 SimpleRouter::group(['prefix' => 'v1', 'middleware' => '\MyWebsite\Middleware\SomeMiddlewareClass'], function() {
 
-    SimpleRouter::group(['prefix' => 'services'], function() {
+    SimpleRouter::group(['prefix' => '/services', 'exceptionHandler' => '\MyProject\Handler\CustomExceptionHandler'], function() {
 
-        SimpleRouter::get('/answers/{id}', 'ControllerAnswers@show')
-        ->where(['id' => '[0-9]+');
-        
-        // Resetful ressource
-        SimpleRouter::ressource('/rest', 'ControllerRessource');
+        SimpleRouter::get('/answers/{id}', 'ControllerAnswers@show')->where(['id' => '[0-9]+');
         
+        // Optional parameter
+        SimpleRouter::get('/answers/{id?}', 'ControllerAnswers@show');
+
+        /**
+         * This example will route url when matching the regular expression to the method.
+         * For example route: domain.com/ajax/music/world -> ControllerAjax@process (parameter: music/world)
+         */
+        SimpleRouter::all('/ajax', 'ControllerAjax@process')->match('.*?\\/ajax\\/([A-Za-z0-9\\/]+)');
+
+        // Restful resource
+        SimpleRouter::resource('/rest', 'ControllerRessource');
+
         // Load the entire controller (where url matches method names - getIndex(), postIndex() etc)
         SimpleRouter::controller('/controller', 'ControllerDefault');
-        
+
         // Example of providing callback instead of Controller
         SimpleRouter::get('/something', function() {
             die('Callback example');
@@ -82,9 +102,23 @@ SimpleRouter::group(['prefix' => 'v1', 'middleware' => '\MyWebsite\Middleware\So
 });
 ```
 
+### Sub-domain routing
+
+Route groups may also be used to route wildcard sub-domains. Sub-domains may be assigned route parameters just like route URIs, allowing you to capture a portion of the sub-domain for usage in your route or controller. The sub-domain may be specified using the ```domain``` key on the group attribute array:
+
+```php
+Route::group(['domain' => '{account}.myapp.com'], function () {
+    Route::get('user/{id}', function ($account, $id) {
+        //
+    });
+});
+```
+
+The prefix group array attribute may be used to prefix each route in the group with a given URI. For example, you may want to prefix all route URIs within the group with admin:
+
 ### Doing it the object oriented (hardcore) way
 
-The ```SimpleRouter``` class referenced in the previous example, is just a simple helper class that knows how to communicate with the ```RouterBase``` class. 
+The ```SimpleRouter``` class referenced in the previous example, is just a simple helper class that knows how to communicate with the ```RouterBase``` class.
 If you are up for a challenge, want the full control or simply just want to create your own ```Router``` helper class, this example is for you.
 
 ```php
@@ -113,44 +147,57 @@ The framework has it's own ```Router``` class which inherits from the ```SimpleR
 namespace MyProject;
 
 use Pecee\Handler\ExceptionHandler;
+use Pecee\SimpleRouter\RouterBase;
 use Pecee\SimpleRouter\SimpleRouter;
 
 class Router extends SimpleRouter {
 
-    protected static $exceptionHandlers = array();
+    protected static $defaultExceptionHandler;
 
-    public static function start() {
-
-        Debug::getInstance()->add('Router initialised.');
+    public static function start($defaultNamespace = null) {
 
         // Load routes.php
-        $file = $_ENV['basePath'] . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR . 'routes.php';
+        $file = $_ENV['base_path'] . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR . 'routes.php';
         if(file_exists($file)) {
             require_once $file;
         }
 
-        // Init locale settings
-        Locale::getInstance();
-
         // Set default namespace
-        $defaultNamespace = '\\'.Registry::getInstance()->get('AppName') . '\\Controller';
+        $defaultNamespace = '\\'.$_ENV['app_name'] . '\\Controller';
 
         // Handle exceptions
         try {
             parent::start($defaultNamespace);
         } catch(\Exception $e) {
-            /* @var $handler ExceptionHandler */
-            foreach(self::$exceptionHandlers as $handler) {
-                $class = new $handler();
-                $class->handleError($e);
+
+            $route = RouterBase::getInstance()->getLoadedRoute();
+
+            $exceptionHandler = null;
+
+            // Load and use exception-handler defined on group
+            
+            if($route && $route->getGroup()) {
+                $exceptionHandler = $route->getGroup()->getExceptionHandler();
+                
+                if($exceptionHandler !== null) {
+                    $class = new $exceptionHandler();
+                    $class->handleError(RouterBase::getInstance()->getRequest(), $route, $e);
+                }
+            }
+
+            // Otherwise use the fallback default exceptions handler
+           
+            if(self::$defaultExceptionHandler !== null) {
+                $class = new self::$defaultExceptionHandler();
+                $class->handleError(RouterBase::getInstance()->getRequest(), $route, $e);
             }
 
             throw $e;
         }
     }
 
-    public static function addExceptionHandler($handler) {
-        self::$exceptionHandlers[] = $handler;
+    public static function setDefaultExceptionHandler($handler) {
+        self::$defaultExceptionHandler = $handler;
     }
 
 }
@@ -165,17 +212,62 @@ function url($controller, $parameters = null, $getParams = null) {
 }
 ```
 
-In ```routes.php``` we have added this route:
+This is a basic example for getting the current csrf token
 
-```SimpleRouter::get('/item/{id}', 'myController@show');```
+```php
+/**
+ * Get current csrf-token
+ * @return null|string
+ */
+function csrf_token() {
+    $token = new \Pecee\CsrfToken();
+    return $token->getToken();
+}
+```
 
-In the template we then call:
+## Getting urls
 
-```url('myController@show', ['id' => 22], ['category' => 'shoes']);``` 
+**In ```routes.php``` we have added this route:**
 
-Result url is:
+```php
+SimpleRouter::get('/item/{id}', 'myController@show', ['as' => 'item']);
+```
 
-```/item/22?category=shoes ```
+**In the template we then call:**
+
+```php
+url('item', ['id' => 22], ['category' => 'shoes']);
+```
+
+**Result url is:**
+
+```php
+/item/22/?category=shoes
+```
+
+## Custom CSRF verifier
+
+Create a new class and extend the ```BaseCsrfVerifier``` middleware class provided with simple-php-router.
+
+Add the property ```except``` with an array of the urls to the routes you would like to exclude from the CSRF validation. Using ```*``` at the end for the url will match the entire url.
+
+Querystrings are ignored.
+
+```php
+use Pecee\Http\Middleware\BaseCsrfVerifier;
+
+class CsrfVerifier extends BaseCsrfVerifier {
+
+    protected $except = ['/companies/*', '/user/save'];
+
+}
+```
+
+Register the new class in your ```routes.php```, custom ```Router``` class or wherever you register your routes.
+
+```php
+SimpleRouter::csrfVerifier(new \Demo\Middleware\CsrfVerifier());
+```
 
 ## Documentation
 While I work on a better documentation, please refer to the Laravel 5 routing documentation here:
@@ -183,4 +275,26 @@ While I work on a better documentation, please refer to the Laravel 5 routing do
 http://laravel.com/docs/5.1/routing
 
 ## Easily extendable
-The router can be easily extended to customize your needs. 
+The router can be easily extended to customize your needs.
+
+## The MIT License (MIT)
+
+Copyright (c) 2015 Simon Sessingø / simple-php-router
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

composer.json

@@ -20,7 +20,7 @@
     },
     "autoload": {
         "psr-4": {
-            "Pecee\\": "src/"
+            "Pecee\\": "src/Pecee/"
         }
     }
 }

src/Pecee/CsrfToken.php

@@ -3,37 +3,15 @@ namespace Pecee;
 
 class CsrfToken {
 
-    const CSRF_KEY = 'csrf_token';
+    const CSRF_KEY = 'XSRF-TOKEN';
 
-    protected static $instance;
-
-    protected $lastToken;
-    protected $currentToken;
-
-    public static function getInstance() {
-        if(self::$instance === null) {
-            self::$instance = new static();
-        }
-        return self::$instance;
-    }
-
-    public function __construct() {
-        $this->lastToken = isset($_SESSION[self::CSRF_KEY]) ? $_SESSION[self::CSRF_KEY] : null;
-        $this->currentToken = $this->generate();
-
-        // Initialise session, if it hasn't been initialised.
-        if(!isset($_SESSION)) {
-            session_start();
-        }
-
-        $_SESSION['csrf_token'] = $this->currentToken;
-    }
+    protected $token;
 
     /**
      * Generate random identifier for CSRF token
      * @return string
      */
-    public static function generate() {
+    public static function generateToken() {
         if (function_exists('mcrypt_create_iv')) {
             return bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
         }
@@ -47,28 +25,38 @@ class CsrfToken {
      * @return bool
      */
     public function validate($token) {
-        return hash_equals($token, $_SESSION[self::CSRF_KEY]);
+        if($token !== null && $this->getToken() !== null) {
+            return hash_equals($token, $this->getToken());
+        }
+        return false;
     }
 
     /**
+     * Set csrf token cookie
+     *
+     * @param $token
+     */
+    public function setToken($token) {
+        setcookie(self::CSRF_KEY, $token, time() + 60 * 120, '/');
+    }
+
+    /**
+     * Get csrf token
      * @return string|null
      */
-    public function getLastToken(){
-        return $this->lastToken;
+    public function getToken(){
+        if($this->hasToken()) {
+            return $_COOKIE[self::CSRF_KEY];
+        }
+        return null;
     }
 
     /**
-     * @param string|null $lastToken
+     * Returns whether the csrf token has been defined
+     * @return bool
      */
-    public function setLastToken($lastToken){
-        $this->lastToken = $lastToken;
-    }
-
-    /**
-     * @return string|null
-     */
-    public function getCurrentToken(){
-        return $this->currentToken;
+    public function hasToken() {
+        return isset($_COOKIE[self::CSRF_KEY]);
     }
 
 }

src/Pecee/Exception/TokenMismatchException.php

@@ -0,0 +1,4 @@
+<?php
+namespace Pecee\Exception;
+
+class TokenMismatchException extends \Exception {}

src/Pecee/Http/Middleware/BaseCsrfVerifier.php

@@ -0,0 +1,68 @@
+<?php
+namespace Pecee\Http\Middleware;
+
+use Pecee\CsrfToken;
+use Pecee\Exception\TokenMismatchException;
+use Pecee\Http\Request;
+
+class BaseCsrfVerifier implements IMiddleware {
+
+    const POST_KEY = 'csrf-token';
+    const HEADER_KEY = 'X-CSRF-TOKEN';
+
+    protected $except;
+    protected $csrfToken;
+
+
+    public function __construct() {
+        $this->csrfToken = new CsrfToken();
+    }
+
+    /**
+     * Check if the url matches the urls in the except property
+     * @param Request $request
+     * @return bool
+     */
+    protected function skip(Request $request) {
+
+        if($this->except === null || !is_array($this->except)) {
+            return false;
+        }
+
+        foreach($this->except as $url) {
+            $url = rtrim($url, '/');
+            if($url[strlen($url)-1] === '*') {
+                $url = rtrim($url, '*');
+                $skip = (stripos($request->getUri(), $url) === 0);
+            } else {
+                $skip = ($url === rtrim($request->getUri(), '/'));
+            }
+
+            if($skip) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    public function handle(Request $request) {
+
+        if($request->getMethod() != 'get' && !$this->skip($request)) {
+
+            $token = (isset($_POST[self::POST_KEY])) ? $_POST[self::POST_KEY] : null;
+
+            // If the token is not posted, check headers for valid x-csrf-token
+            if($token === null) {
+                $token = $request->getHeader(self::HEADER_KEY);
+            }
+
+            if( !$this->csrfToken->validate( $token ) ) {
+                throw new TokenMismatchException('Invalid csrf-token.');
+            }
+
+        }
+
+    }
+
+}

src/Pecee/Http/Middleware/IMiddleware.php

@@ -0,0 +1,8 @@
+<?php
+namespace Pecee\Http\Middleware;
+
+use Pecee\Http\Request;
+
+interface IMiddleware {
+    public function handle(Request $request);
+}

src/Pecee/Http/Middleware/Middleware.php

@@ -1,13 +0,0 @@
-<?php
-
-namespace Pecee\Http\Middleware;
-
-use Pecee\Http\Request;
-use Pecee\SimpleRouter\RouterEntry;
-
-abstract class Middleware
-{
-    public function handle(Request $request) {
-        return true;
-    }
-}

src/Pecee/Http/Middleware/VerifyCsrfToken.php

@@ -1,9 +0,0 @@
-<?php
-
-namespace Pecee\Http\Middleware;
-
-class VerifyCsrfToken extends Middleware {
-
-
-
-}

src/Pecee/Http/Request.php

@@ -3,14 +3,35 @@ namespace Pecee\Http;
 
 class Request {
 
+    protected static $instance;
+
+    protected $data;
     protected $uri;
     protected $host;
     protected $method;
+    protected $headers;
+
+    /**
+     * Return new instance
+     * @return static
+     */
+    public static function getInstance() {
+        if(self::$instance === null) {
+            self::$instance = new static();
+        }
+        return self::$instance;
+    }
 
     public function __construct() {
+        $this->data = array();
         $this->host = $_SERVER['HTTP_HOST'];
-        $this->uri = rtrim($_SERVER['REQUEST_URI'], '/') . '/';
+        $this->uri = $_SERVER['REQUEST_URI'];
         $this->method = (isset($_POST['_method'])) ? strtolower($_POST['_method']) : strtolower($_SERVER['REQUEST_METHOD']);
+        $this->headers = array_change_key_case(getallheaders(), CASE_LOWER);
+    }
+
+    public function getIsSecure() {
+        return isset($_SERVER['HTTPS']) ? true : (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] === 443);
     }
 
     /**
@@ -39,8 +60,74 @@ class Request {
      * @return string|null
      */
     public function getUser() {
-        $data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);
-        return (isset($data['username'])) ? $data['username'] : null;
+        return (isset($_SERVER['PHP_AUTH_USER'])) ? $_SERVER['PHP_AUTH_USER']: null;
+    }
+
+    /**
+     * Get http basic auth password
+     * @return string|null
+     */
+    public function getPassword() {
+        return (isset($_SERVER['PHP_AUTH_PW'])) ? $_SERVER['PHP_AUTH_PW']: null;
+    }
+
+    /**
+     * Get headers
+     * @return array
+     */
+    public function getHeaders() {
+        return $this->headers;
+    }
+
+    /**
+     * Get id address
+     * @return string
+     */
+    public function getIp() {
+        return isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
+    }
+
+    /**
+     * Get referer
+     * @return string
+     */
+    public function getReferer() {
+        return isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
+    }
+
+    /**
+     * Get user agent
+     * @return string
+     */
+    public function getUserAgent() {
+        return isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
+    }
+
+    /**
+     * Get header value by name
+     * @param string $name
+     * @return string|null
+     */
+    public function getHeader($name) {
+        return (isset($this->headers[strtolower($name)])) ? $this->headers[strtolower($name)] : null;
+    }
+
+    /**
+     * Get request input or default value
+     * @param string $name
+     * @param string $defaultValue
+     * @return mixed
+     */
+    public function getInput($name, $defaultValue) {
+        return (isset($_REQUEST[$name]) ? $_REQUEST[$name] : $defaultValue);
+    }
+
+    public function __set($name, $value = null) {
+        $this->data[$name] = $value;
+    }
+
+    public function __get($name) {
+        return isset($this->data[$name]) ? $this->data[$name] : null;
     }
 
 }

src/Pecee/Http/Response.php

@@ -21,7 +21,78 @@ class Response {
      * @param string $url
      */
     public function redirect($url) {
-        header('location: ' . $url);
+        $this->header('Location: ' . $url);
+        die();
+    }
+
+    public function refresh() {
+        $this->redirect(Request::getInstance()->getUri());
+    }
+
+    /**
+     * Add http authorisation
+     * @param string $name
+     * @return self $this
+     */
+    public function auth($name = '') {
+        $this->headers([
+            'WWW-Authenticate: Basic realm="' . $name . '"',
+            'HTTP/1.0 401 Unauthorized'
+        ]);
+        return $this;
+    }
+
+    public function cache($eTag, $lastModified = 2592000) {
+
+        $this->headers([
+            'Cache-Control: public',
+            'Last-Modified: ' . gmdate("D, d M Y H:i:s", $lastModified) . ' GMT',
+            'Etag: ' . $eTag
+        ]);
+
+        if(isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) === $lastModified ||
+            isset($_SERVER['HTTP_IF_NONE_MATCH']) && $_SERVER['HTTP_IF_NONE_MATCH'] === $eTag) {
+
+            $this->headers([
+                'HTTP/1.1 304 Not Modified'
+            ]);
+
+            exit();
+        }
+
+        return $this;
+    }
+
+    /**
+     * Json encode array
+     * @param array $value
+     */
+    public function json(array $value) {
+        $this->header('Content-type: application/json');
+        echo json_encode($value);
+        die();
+    }
+
+    /**
+     * Add header to response
+     * @param string $value
+     * @return self $this
+     */
+    public function header($value) {
+        header($value);
+        return $this;
+    }
+
+    /**
+     * Add multiple headers to response
+     * @param array $headers
+     * @return self $this
+     */
+    public function headers(array $headers) {
+        foreach($headers as $header) {
+            header($header);
+        }
+        return $this;
     }
 
 }

src/Pecee/SimpleRouter/RouterBase.php

@@ -1,8 +1,9 @@
 <?php
 namespace Pecee\SimpleRouter;
 
+use Pecee\CsrfToken;
+use Pecee\Http\Middleware\BaseCsrfVerifier;
 use Pecee\Http\Request;
-use Pecee\Url;
 
 class RouterBase {
 
@@ -13,33 +14,47 @@ class RouterBase {
     protected $routes;
     protected $processedRoutes;
     protected $controllerUrlMap;
-    protected $backstack;
+    protected $backStack;
     protected $loadedRoute;
     protected $defaultNamespace;
+    protected $baseCsrfVerifier;
 
     // TODO: make interface for controller routers, so they can be easily detected
     // TODO: clean up - cut some of the methods down to smaller pieces
 
     public function __construct() {
         $this->routes = array();
-        $this->backstack = array();
+        $this->backStack = array();
         $this->controllerUrlMap = array();
-        $this->request = new Request();
+        $this->baseCsrfVerifier = new BaseCsrfVerifier();
+        $this->request = Request::getInstance();
+
+        $csrf = new CsrfToken();
+        $token = ($csrf->hasToken()) ? $csrf->getToken() : $csrf->generateToken();
+        $csrf->setToken($token);
     }
 
     public function addRoute(RouterEntry $route) {
         if($this->currentRoute !== null) {
-            $this->backstack[] = $route;
+            $this->backStack[] = $route;
         } else {
             $this->routes[] = $route;
         }
     }
 
-    protected function processRoutes(array $routes, array $settings = array(), array $prefixes = array(), $backstack = false) {
+    protected function processRoutes(array $routes, array $settings = array(), array $prefixes = array(), $backStack = false, $group = null) {
         // Loop through each route-request
 
+        $activeGroup = null;
+        $routesCount = count($routes);
+        $mergedSettings = array();
+
         /* @var $route RouterEntry */
-        foreach($routes as $route) {
+        for($i = 0; $i < $routesCount; $i++) {
+
+            $route = $routes[$i];
+
+            $route->setGroup($group);
 
             if($this->defaultNamespace && !$route->getNamespace()) {
                 $namespace = null;
@@ -53,14 +68,15 @@ class RouterBase {
             }
 
             $newPrefixes = $prefixes;
-            $mergedSettings = array_merge($settings, $route->getMergeableSettings());
+
             if($route->getPrefix()) {
                 array_push($newPrefixes, rtrim($route->getPrefix(), '/'));
             }
-            $route->addSettings($mergedSettings);
+
+            $route->addSettings($settings);
 
             if(!($route instanceof RouterGroup)) {
-                if(is_array($newPrefixes) && count($newPrefixes) && $backstack) {
+                if(is_array($newPrefixes) && count($newPrefixes) && $backStack) {
                     $route->setUrl( join('/', $newPrefixes) . $route->getUrl() );
                 }
 
@@ -68,41 +84,69 @@ class RouterBase {
             }
 
             $this->currentRoute = $route;
+
             if($route instanceof RouterGroup && is_callable($route->getCallback())) {
                 $route->renderRoute($this->request);
+                $activeGroup = $route;
+                $mergedSettings = array_merge($route->getMergeableSettings(), $settings);
             }
+
             $this->currentRoute = null;
 
-            if(count($this->backstack)) {
-                $backstack = $this->backstack;
-                $this->backstack = array();
+            if(count($this->backStack)) {
+                $backStack = $this->backStack;
+                $this->backStack = array();
 
                 // Route any routes added to the backstack
-                $this->processRoutes($backstack, $mergedSettings, $newPrefixes, true);
+                $this->processRoutes($backStack, $mergedSettings, $newPrefixes, true, $activeGroup);
             }
         }
     }
 
     public function routeRequest() {
-        // Loop through each route-request
 
+        // Verify csrf token for request
+        if($this->baseCsrfVerifier !== null) {
+            /* @var $csrfVerifier BaseCsrfVerifier */
+            $csrfVerifier = $this->baseCsrfVerifier;
+            $csrfVerifier = new $csrfVerifier();
+            $csrfVerifier->handle($this->request);
+        }
+
+        // Loop through each route-request
         $this->processRoutes($this->routes);
 
-        // Make sure the urls is in the right order when comparing
-        usort($this->controllerUrlMap, function($a, $b) {
-            return strcmp($b->getUrl(), $a->getUrl());
-        });
+        $routeNotAllowed = false;
+
+        $max = count($this->controllerUrlMap);
+
+        /* @var $route RouterEntry */
+        for($i = 0; $i < $max; $i++) {
+
+            $route = $this->controllerUrlMap[$i];
 
-        foreach($this->controllerUrlMap as $route) {
             $routeMatch = $route->matchRoute($this->request);
 
-            if($routeMatch && !($routeMatch instanceof RouterGroup)) {
-                $this->loadedRoute = $routeMatch;
-                $routeMatch->renderRoute($this->request);
+            if($routeMatch) {
+
+                if(count($route->getRequestMethods()) && !in_array($this->request->getMethod(), $route->getRequestMethods())) {
+                    $routeNotAllowed = true;
+                    continue;
+                }
+
+                $routeNotAllowed = false;
+
+                $this->loadedRoute = $route;
+                $route->loadMiddleware($this->request);
+                $route->renderRoute($this->request);
                 break;
             }
         }
 
+        if($routeNotAllowed) {
+            throw new RouterException('Route or method not allowed', 403);
+        }
+
         if(!$this->loadedRoute) {
             throw new RouterException(sprintf('Route not found: %s', $this->request->getUri()), 404);
         }
@@ -136,7 +180,7 @@ class RouterBase {
      * @return array
      */
     public function getBackstack() {
-        return $this->backstack;
+        return $this->backStack;
     }
 
     /**
@@ -162,15 +206,46 @@ class RouterBase {
         return $this->request;
     }
 
+    /**
+     * Get base csrf verifier class
+     * @return BaseCsrfVerifier
+     */
+    public function getBaseCsrfVerifier() {
+        return $this->baseCsrfVerifier;
+    }
+
+    /**
+     * Set base csrf verifier class
+     *
+     * @param BaseCsrfVerifier $baseCsrfVerifier
+     * @return self
+     */
+    public function setBaseCsrfVerifier(BaseCsrfVerifier $baseCsrfVerifier) {
+        $this->baseCsrfVerifier = $baseCsrfVerifier;
+        return $this;
+    }
+
+    public function arrayToParams(array $getParams = null, $includeEmpty = true) {
+        if (is_array($getParams) && count($getParams) > 0) {
+            foreach ($getParams as $key => $val) {
+                if (!empty($val) || empty($val) && $includeEmpty) {
+                    $getParams[$key] = $key . '=' . $val;
+                }
+            }
+            return join('&', $getParams);
+        }
+        return '';
+    }
+
     protected function processUrl($route, $method = null, $parameters = null, $getParams = null) {
 
-        $url = rtrim($route->getUrl(), '/') . '/';
+        $url = '/' . trim($route->getUrl(), '/');
 
-        if(($route instanceof RouterController || $route instanceof RouterRessource) && $method !== null) {
-            $url .= $method . '/';
+        if(($route instanceof RouterController || $route instanceof RouterResource) && $method !== null) {
+            $url .= $method;
         }
 
-        if($route instanceof RouterController || $route instanceof RouterRessource) {
+        if($route instanceof RouterController || $route instanceof RouterResource) {
             if(count($parameters)) {
                 $url .= join('/', $parameters);
             }
@@ -181,18 +256,22 @@ class RouterBase {
                 $i = 0;
                 foreach($params as $param => $value) {
                     $value = (isset($parameters[$param])) ? $parameters[$param] : $value;
-                    $url = str_ireplace('{' . $param. '}', $value, $route->getUrl());
+                    $url = str_ireplace(array('{' . $param. '}', '{' . $param. '?}'), $value, $url);
                     $i++;
                 }
+            } else {
+                // If no parameters are specified in the route, assume that the provided parameters should be used.
+                if(count($parameters)) {
+                    $url = rtrim($url, '/') . '/' . join('/', $parameters);
+                }
             }
         }
 
-        $p = '';
-        if($getParams !== null && count($getParams)) {
-            $p = '?'.Url::arrayToParams($getParams);
-        }
+        $url = rtrim($url, '/') . '/';
 
-        $url .= $p;
+        if($getParams !== null && count($getParams)) {
+            $url .= '?' . $this->arrayToParams($getParams);
+        }
 
         return $url;
     }
@@ -207,15 +286,38 @@ class RouterBase {
             throw new \InvalidArgumentException('Invalid type for getParams. Must be array or null');
         }
 
+        // Return current route if no options has been specified
+        if($controller === null && $parameters === null && $this->loadedRoute !== null) {
+            $getParams = (is_array($getParams)) ? array_merge($_GET, $getParams) : $_GET;
+
+            $url = parse_url(Request::getInstance()->getUri());
+            $url = $url['path'];
+
+            if(count($getParams)) {
+                $url .= '?' . $this->arrayToParams($getParams);
+            }
+
+            return $url;
+        }
+
         $c = '';
         $method = null;
 
+        $max = count($this->controllerUrlMap);
+
         /* @var $route RouterRoute */
-        foreach($this->controllerUrlMap as $route) {
+        for($i = 0; $i < $max; $i++) {
+
+            $route = $this->controllerUrlMap[$i];
+
+            // Check an alias exist, if the matches - use it
+            if($route instanceof RouterRoute && strtolower($route->getAlias()) === strtolower($controller)) {
+                return $this->processUrl($route, $route->getMethod(), $parameters, $getParams);
+            }
 
             if($route instanceof RouterRoute && !is_callable($route->getCallback()) && stripos($route->getCallback(), '@') !== false) {
                 $c = $route->getCallback();
-            } else if($route instanceof RouterController || $route instanceof RouterRessource) {
+            } else if($route instanceof RouterController || $route instanceof RouterResource) {
                 $c = $route->getController();
             }
 
@@ -227,10 +329,13 @@ class RouterBase {
         $c = '';
 
         // No match has yet been found, let's try to guess what url that should be returned
-        foreach($this->controllerUrlMap as $route) {
+        for($i = 0; $i < $max; $i++) {
+
+            $route = $this->controllerUrlMap[$i];
+
             if($route instanceof RouterRoute && !is_callable($route->getCallback()) && stripos($route->getCallback(), '@') !== false) {
                 $c = $route->getClass();
-            } else if($route instanceof RouterController || $route instanceof RouterRessource) {
+            } else if($route instanceof RouterController || $route instanceof RouterResource) {
                 $c = $route->getController();
             }
 
@@ -245,15 +350,23 @@ class RouterBase {
             }
         }
 
-        // Nothing found - return current route
-        if($this->loadedRoute) {
-            $getParams = ($getParams === null) ? array() : $getParams;
-            $params = ($this->loadedRoute->getParameters() == null) ? array() : $this->loadedRoute->getParameters();
-            $parameters = ($parameters === null) ? array() : $parameters;
-            return $this->processUrl($this->loadedRoute, null, array_merge($params, $parameters), array_merge($_GET, $getParams));
+        $controller = ($controller === null) ? '/' : $controller;
+        $url = array($controller);
+
+        if(is_array($parameters)) {
+            foreach($parameters as $key => $value) {
+                array_push($url,$value);
+            }
         }
 
-        return '/';
+        $url = '/' . trim(join('/', $url), '/') . '/';
+
+
+        if($getParams !== null && count($getParams)) {
+            $url .= '?' . $this->arrayToParams($getParams);
+        }
+
+        return $url;
     }
 
     public static function getInstance() {

src/Pecee/SimpleRouter/RouterController.php

@@ -17,6 +17,31 @@ class RouterController extends RouterEntry {
         $this->controller = $controller;
     }
 
+    public function renderRoute(Request $request) {
+        if(is_object($this->getCallback()) && is_callable($this->getCallback())) {
+
+            // When the callback is a function
+            call_user_func_array($this->getCallback(), $this->getParameters());
+        } else {
+            // When the callback is a method
+            $controller = explode('@', $this->getCallback());
+            $className = $this->getNamespace() . '\\' . $controller[0];
+
+            $class = $this->loadClass($className);
+            $method = $request->getMethod() . ucfirst($controller[1]);
+
+            if (!method_exists($class, $method)) {
+                throw new RouterException(sprintf('Method %s does not exist in class %s', $method, $className), 404);
+            }
+
+            call_user_func_array(array($class, $method), $this->getParameters());
+
+            return $class;
+        }
+
+        return null;
+    }
+
     public function matchRoute(Request $request) {
         $url = parse_url($request->getUri());
         $url = rtrim($url['path'], '/') . '/';
@@ -38,7 +63,7 @@ class RouterController extends RouterEntry {
                 // Set callback
                 $this->setCallback($this->controller . '@' . $this->method);
 
-                return $this;
+                return true;
             }
         }
         return null;

src/Pecee/SimpleRouter/RouterEntry.php

@@ -2,7 +2,7 @@
 
 namespace Pecee\SimpleRouter;
 
-use Pecee\Http\Middleware\Middleware;
+use Pecee\Http\Middleware\IMiddleware;
 use Pecee\Http\Request;
 
 abstract class RouterEntry {
@@ -10,24 +10,25 @@ abstract class RouterEntry {
     const REQUEST_TYPE_POST = 'post';
     const REQUEST_TYPE_GET = 'get';
     const REQUEST_TYPE_PUT = 'put';
+    const REQUEST_TYPE_PATCH = 'patch';
     const REQUEST_TYPE_DELETE = 'delete';
 
     public static $allowedRequestTypes = array(
         self::REQUEST_TYPE_DELETE,
         self::REQUEST_TYPE_GET,
         self::REQUEST_TYPE_POST,
-        self::REQUEST_TYPE_PUT
+        self::REQUEST_TYPE_PUT,
+        self::REQUEST_TYPE_PATCH
     );
 
     protected $settings;
     protected $callback;
-    protected $parameters;
-    protected $parametersRegex;
 
     public function __construct() {
         $this->settings = array();
-        $this->parameters = array();
-        $this->parametersRegex = array();
+        $this->settings['requestMethods'] = array();
+        $this->settings['parametersRegex'] = array();
+        $this->settings['parameters'] = array();
     }
 
     /**
@@ -135,7 +136,7 @@ abstract class RouterEntry {
      * @return mixed
      */
     public function getParameters(){
-        return $this->parameters;
+        return ($this->parameters === null) ? array() : $this->parameters;
     }
 
     /**
@@ -158,6 +159,17 @@ abstract class RouterEntry {
         return $this;
     }
 
+    /**
+     * Add regular expression match for url
+     *
+     * @param string $regex
+     * @return self
+     */
+    public function match($regex) {
+        $this->regexMatch = $regex;
+        return $this;
+    }
+
     /**
      * Get settings that are allowed to be inherited by child routes.
      *
@@ -166,9 +178,9 @@ abstract class RouterEntry {
     public function getMergeableSettings() {
         $settings = $this->settings;
 
-        if(isset($settings['middleware'])) {
+        /*if(isset($settings['middleware'])) {
             unset($settings['middleware']);
-        }
+        }*/
 
         if(isset($settings['prefix'])) {
             unset($settings['prefix']);
@@ -181,8 +193,10 @@ abstract class RouterEntry {
      * @param array $settings
      * @return self
      */
-    public function addSettings(array $settings) {
-        $this->settings = array_merge($this->settings, $settings);
+    public function addSettings(array $settings = null) {
+        if(is_array($settings)) {
+            $this->settings = array_merge($this->settings, $settings);
+        }
         return $this;
     }
 
@@ -193,7 +207,7 @@ abstract class RouterEntry {
     public function setSettings($settings) {
         $this->settings = $settings;
 
-        if($settings['prefix']) {
+        if(isset($settings['prefix'])) {
             $this->setPrefix($settings['prefix']);
         }
 
@@ -201,7 +215,7 @@ abstract class RouterEntry {
     }
 
     /**
-     * Dynamicially access settings value
+     * Dynamically access settings value
      *
      * @param $name
      * @return mixed|null
@@ -228,21 +242,112 @@ abstract class RouterEntry {
         return new $name();
     }
 
-    protected function loadMiddleware(Request $request) {
-        if($this->getMiddleware()) {
-            if (!($this->getMiddleware() instanceof Middleware)) {
-                throw new RouterException($this->getMiddleware() . ' must be instance of Middleware');
+    protected function parseParameters($route, $url, $parameterRegex = '[a-z0-9]*?') {
+        $parameterNames = array();
+        $regex = '';
+        $lastCharacter = '';
+        $isParameter = false;
+        $parameter = '';
+
+        // Use custom parameter regex if it exists
+        if(is_array($this->parametersRegex) && isset($this->parametersRegex[$parameter])) {
+            $parameterRegex = $this->parametersRegex[$parameter];
+        }
+
+        $routeLength = strlen($route);
+        for($i = 0; $i < $routeLength; $i++) {
+
+            $character = $route[$i];
+
+            // Skip "/" if we are at the end of a parameter
+            if($lastCharacter === '}' && $character === '/') {
+                $lastCharacter = $character;
+                continue;
             }
 
-            /* @var $class Middleware */
-            $class = $this->loadClass($this->getMiddleware());
-            $class->handle($request);
+            if($character === '{') {
+                // Remove "/" and "\" from regex
+                if(substr($regex, strlen($regex)-1) === '/') {
+                    $regex = substr($regex, 0, strlen($regex) - 2);
+                }
+
+                $isParameter = true;
+            } elseif($isParameter && $character === '}') {
+                $required = true;
+                // Check for optional parameter
+                if($lastCharacter === '?') {
+                    $parameter = substr($parameter, 0, strlen($parameter)-1);
+                    $regex .= '(?:(?:\/{0,1}(?P<'.$parameter.'>'.$parameterRegex.')){0,1}\\/{0,1})';
+                    $required = false;
+                } else {
+                    $regex .= '(?:\\/{0,1}(?P<' . $parameter . '>'. $parameterRegex .')\\/{0,1})';
+                }
+                $parameterNames[] = array('name' => $parameter, 'required' => $required);
+                $parameter = '';
+                $isParameter = false;
+
+            } elseif($isParameter) {
+                $parameter .= $character;
+            } elseif($character === '/') {
+                $regex .= '\\' . $character;
+            } else {
+                $regex .= str_replace('.', '\\.', $character);
+            }
+
+            $lastCharacter = $character;
+        }
+
+        $parameterValues = array();
+
+        if(preg_match('/^'.$regex.'$/is', $url, $parameterValues)) {
+            $parameters = array();
+
+            $max = count($parameterNames);
+
+            if($max) {
+                for($i = 0; $i < $max; $i++) {
+                    $name = $parameterNames[$i];
+                    $parameterValue = (isset($parameterValues[$name['name']]) && !empty($parameterValues[$name['name']])) ? $parameterValues[$name['name']] : null;
+
+                    if($name['required'] && $parameterValue === null) {
+                        throw new RouterException('Missing required parameter ' . $name['name'], 404);
+                    }
+
+                    $parameters[$name['name']] = $parameterValue;
+                }
+            }
+
+            return $parameters;
+        }
+
+        return null;
+    }
+
+    public function loadMiddleware(Request $request) {
+        if($this->getMiddleware()) {
+            if(is_array($this->getMiddleware())) {
+                foreach($this->getMiddleware() as $middleware) {
+                    $middleware = $this->loadClass($middleware);
+                    if (!($middleware instanceof IMiddleware)) {
+                        throw new RouterException($middleware . ' must be instance of Middleware');
+                    }
+
+                    /* @var $class IMiddleware */
+                    $middleware->handle($request);
+                }
+            } else {
+                $middleware = $this->loadClass($this->getMiddleware());
+                if (!($middleware instanceof IMiddleware)) {
+                    throw new RouterException($this->getMiddleware() . ' must be instance of Middleware');
+                }
+
+                /* @var $class IMiddleware */
+                $middleware->handle($request);
+            }
         }
     }
 
     public function renderRoute(Request $request) {
-        // Load middleware
-        $this->loadMiddleware($request);
 
         if(is_object($this->getCallback()) && is_callable($this->getCallback())) {
 
@@ -254,7 +359,7 @@ abstract class RouterEntry {
             $className = $this->getNamespace() . '\\' . $controller[0];
 
             $class = $this->loadClass($className);
-            $method = $request->getMethod() . ucfirst($controller[1]);
+            $method = $controller[1];
 
             if (!method_exists($class, $method)) {
                 throw new RouterException(sprintf('Method %s does not exist in class %s', $method, $className), 404);
@@ -268,6 +373,39 @@ abstract class RouterEntry {
         return null;
     }
 
+    /**
+     * Set allowed request methods
+     *
+     * @param array $methods
+     * @return self $this
+     */
+    public function setRequestMethods(array $methods) {
+        $this->settings['requestMethods'] = $methods;
+        return $this;
+    }
+
+    /**
+     * Get allowed requeset methods
+     *
+     * @return array
+     */
+    public function getRequestMethods() {
+        if(!isset($this->settings['requestMethods']) || isset($this->settings['requestMethods']) && !is_array($this->settings['requestMethods'])) {
+            $value = isset($this->settings['requestMethods']) ? $this->settings['requestMethods'] : null;
+            return array($value);
+        }
+        return $this->settings['requestMethods'];
+    }
+
+    public function getGroup() {
+        return $this->group;
+    }
+
+    public function setGroup($group) {
+        $this->group = $group;
+        return $this;
+    }
+
     abstract function matchRoute(Request $request);
 
 }

src/Pecee/SimpleRouter/RouterGroup.php

@@ -10,30 +10,74 @@ class RouterGroup extends RouterEntry {
         parent::__construct();
     }
 
-    public function matchRoute(Request $request) {
-        // Check if request method is allowed
+    protected function matchDomain(Request $request) {
+        if($this->domain !== null) {
 
-        if(strtolower($request->getUri()) == strtolower($this->prefix) || stripos($request->getUri(), $this->prefix) === 0) {
+            if(is_array($this->domain)) {
 
-            $hasAccess = (!$this->method);
+                $max = count($this->domain);
 
-            if($this->method) {
-                if(is_array($this->method)) {
-                    $hasAccess = (in_array($request->getMethod(), $this->method));
-                } else {
-                    $hasAccess = strtolower($this->method) == strtolower($request->getMethod());
+                for($i = 0; $i < $max; $i++) {
+                    $domain = $this->domain[$i];
+
+                    $parameters = $this->parseParameters($domain, $request->getHost(), '[^.]*');
+
+                    if($parameters !== null) {
+                        $this->parameters = $parameters;
+                        return true;
+                    }
                 }
+
+                return null;
             }
 
-            if(!$hasAccess) {
-                throw new RouterException('Method not allowed');
+            $parameters = $this->parseParameters($this->domain, $request->getHost(), '[^.]*');
+
+            if ($parameters !== null) {
+                $this->parameters = $parameters;
+                return true;
             }
 
-            return $this;
+            return null;
         }
 
-        // No match here, move on...
+        return false;
+    }
+
+    public function renderRoute(Request $request) {
+        // Check if request method is allowed
+        $hasAccess = (!$this->method);
+
+        if($this->method) {
+            if(is_array($this->method)) {
+                $hasAccess = (in_array($request->getMethod(), $this->getRequestMethods()));
+            } else {
+                $hasAccess = strtolower($this->getRequestMethods()) == strtolower($request->getMethod());
+            }
+        }
+
+        if(!$hasAccess) {
+            throw new RouterException('Method not allowed');
+        }
+
+        if($this->matchDomain($request) === null) {
+            return null;
+        }
+
+        return parent::renderRoute($request);
+    }
+
+    public function matchRoute(Request $request) {
         return null;
     }
 
+    public function setExceptionHandler($class) {
+        $this->exceptionHandler = $class;
+        return $this;
+    }
+
+    public function getExceptionHandler() {
+        return $this->exceptionHandler;
+    }
+
 }

src/Pecee/SimpleRouter/RouterResource.php

@@ -3,7 +3,7 @@ namespace Pecee\SimpleRouter;
 
 use Pecee\Http\Request;
 
-class RouterRessource extends RouterEntry {
+class RouterResource extends RouterEntry {
 
     const DEFAULT_METHOD = 'index';
 
@@ -20,9 +20,6 @@ class RouterRessource extends RouterEntry {
     }
 
     public function renderRoute(Request $request) {
-        // Load middleware
-        $this->loadMiddleware($request);
-
         if(is_object($this->getCallback()) && is_callable($this->getCallback())) {
             // When the callback is a function
             call_user_func_array($this->getCallback(), $this->getParameters());
@@ -48,7 +45,7 @@ class RouterRessource extends RouterEntry {
     protected function call($method, $parameters) {
         $this->setCallback($this->controller . '@' . $method);
         $this->parameters = $parameters;
-        return $this;
+        return true;
     }
 
     public function matchRoute(Request $request) {

src/Pecee/SimpleRouter/RouterRoute.php

@@ -6,8 +6,9 @@ use Pecee\Http\Request;
 
 class RouterRoute extends RouterEntry {
 
+    const PARAMETERS_REGEX_MATCH = '{([A-Za-z\-\_]*?)\?{0,1}}';
+
     protected $url;
-    protected $requestTypes;
 
     public function __construct($url, $callback) {
         parent::__construct();
@@ -15,82 +16,39 @@ class RouterRoute extends RouterEntry {
         $this->setCallback($callback);
 
         $this->settings['aliases'] = array();
-        $this->requestTypes = array();
-    }
-
-    protected function parseParameters($url, $multiple = false) {
-        $parameters = array();
-
-        if($multiple) {
-            preg_match_all('/{([A-Za-z\-\_]*?)}/is', $url, $parameters);
-        } else {
-            preg_match('/{([A-Za-z\-\_]*?)}/is', $url, $parameters);
-        }
-
-        if(isset($parameters[1]) && count($parameters[1]) > 0) {
-            return $parameters[1];
-        }
-
-        return null;
     }
 
     public function matchRoute(Request $request) {
 
-        // Check if request method is allowed
-        if(count($this->requestTypes) === 0 || in_array($request->getMethod(), $this->requestTypes)) {
+        $url = parse_url($request->getUri());
+        $url = rtrim($url['path'], '/') . '/';
 
-            $url = parse_url($request->getUri());
-            $url = $url['path'];
-
-            $url = explode('/', trim($url, '/'));
-            $route = explode('/', trim($this->url, '/'));
-
-            // Check if url parameter count matches
-            if(count($url) === count($route)) {
-
-                $parameters = array();
-
-                $matches = true;
-
-                // Check if url matches
-                foreach($route as $i => $path) {
-                    $parameter = $this->parseParameters($path);
-
-                    // Check if parameter of path matches, otherwise quit..
-                    if(is_null($parameter) && strtolower($path) != strtolower($url[$i])) {
-                        $matches = false;
-                        break;
-                    }
-
-                    // Save parameter if we have one
-                    if($parameter) {
-                        $parameterValue = $url[$i];
-                        $regex = (isset($this->parametersRegex[$parameter]) ? $this->parametersRegex[$parameter] : null);
-
-                        if($regex !== null) {
-                            // Use the regular expression rule provided to filter the value
-                            $matches = array();
-                            preg_match('/'.$regex.'/is', $url[$i], $matches);
-
-                            if(count($matches)) {
-                                $parameterValue = $matches[0];
-                            }
-                        }
-
-                        // Add parameter value
-                        $parameters[$parameter] = $parameterValue;
-                    }
-                }
-
-                // This route matches
-                if($matches) {
-                    $this->parameters = $parameters;
-                    return $this;
-                }
+        // Match on custom defined regular expression
+        if($this->regexMatch) {
+            $parameters = array();
+            if(preg_match('/('.$this->regexMatch.')/is', $request->getHost() . $url, $parameters)) {
+                $this->parameters = (!is_array($parameters[0]) ? array($parameters[0]) : $parameters[0]);
+                return true;
             }
+            return null;
+        }
+
+        // Make regular expression based on route
+        $route = rtrim($this->url, '/') . '/';
+
+        $parameters = $this->parseParameters($route, $url);
+
+        if($parameters !== null) {
+
+            if(is_array($this->parameters)) {
+                $this->parameters = array_merge($this->parameters, $parameters);
+            } else {
+                $this->parameters = $parameters;
+            }
+
+            return true;
         }
 
-        // No match here, move on...
         return null;
     }
 
@@ -106,13 +64,19 @@ class RouterRoute extends RouterEntry {
      * @return self
      */
     public function setUrl($url) {
+        $parameters = array();
+        $matches = array();
 
-        $parameters = $this->parseParameters($url, true);
+        if(preg_match_all('/'.self::PARAMETERS_REGEX_MATCH.'/is', $url, $matches)) {
+            $parameters = $matches[1];
+        }
 
-        if($parameters !== null) {
+        if(count($parameters)) {
+            $tmp = array();
             foreach($parameters as $param) {
-                $this->parameters[$param] = '';
+                $tmp[$param] = '';
             }
+            $this->parameters = $tmp;
         }
 
         $this->url = $url;
@@ -120,51 +84,31 @@ class RouterRoute extends RouterEntry {
     }
 
     /**
-     * @param array $aliases
-     * @return self
+     * Get alias for the url which can be used when getting the url route.
+     * @return string
      */
-    public function setAliases(array $aliases) {
-        $this->aliases = $aliases;
-        return $this;
+    public function getAlias(){
+        return $this->alias;
     }
 
     /**
-     * Add alias
-     *
-     * @param $alias
+     * Set the url alias for easier getting the url route.
+     * @param string $alias
      * @return self
      */
-    public function addAlias($alias) {
-        $arr = $this->aliases;
-        $arr[] = $alias;
-        $this->aliases = $arr;
+    public function setAlias($alias){
+        $this->alias = $alias;
         return $this;
     }
 
-    public function getAliases() {
-        $this->aliases;
-    }
+    public function setSettings($settings) {
 
-    /**
-     * Add request type
-     *
-     * @param $type
-     * @return self
-     * @throws RouterException
-     */
-    public function addRequestType($type) {
-        if(!in_array($type, self::$allowedRequestTypes)) {
-            throw new RouterException('Invalid request method: ' . $type);
+        // Change as to alias
+        if(isset($settings{'as'})) {
+            $this->setAlias($settings['as']);
         }
 
-        $this->requestTypes[] = $type;
-        return $this;
+        return parent::setSettings($settings);
     }
 
-    /**
-     * @return mixed
-     */
-    public function getRequestTypes() {
-        return $this->requestTypes;
-    }
 }

src/Pecee/SimpleRouter/SimpleRouter.php

@@ -4,22 +4,38 @@
  * ---------------------------
  * Router helper class
  * ---------------------------
- * This class is added so calls can be made staticly like Router::get() making the code look more pretty.
+ * This class is added so calls can be made statically like Router::get() making the code look more pretty.
  */
 
 namespace Pecee\SimpleRouter;
 
+use Pecee\Http\Middleware\BaseCsrfVerifier;
+
 class SimpleRouter {
 
+    /**
+     * Start/route request
+     * @param null $defaultNamespace
+     * @throws RouterException
+     */
     public static function start($defaultNamespace = null) {
-        $router = RouterBase::GetInstance();
+        $router = RouterBase::getInstance();
         $router->setDefaultNamespace($defaultNamespace);
         $router->routeRequest();
     }
 
-    public static function get($url, $callback) {
+    /**
+     * Set base csrf verifier
+     * @param BaseCsrfVerifier $baseCsrfVerifier
+     */
+    public static function csrfVerifier(BaseCsrfVerifier $baseCsrfVerifier) {
+        RouterBase::getInstance()->setBaseCsrfVerifier($baseCsrfVerifier);
+    }
+
+    public static function get($url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
-        $route->addRequestType(RouterRoute::REQUEST_TYPE_GET);
+        $route->addSettings($settings);
+        $route->setRequestMethods(array(RouterRoute::REQUEST_TYPE_GET));
 
         $router = RouterBase::getInstance();
         $router->addRoute($route);
@@ -27,9 +43,10 @@ class SimpleRouter {
         return $route;
     }
 
-    public static function post($url, $callback) {
+    public static function post($url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
-        $route->addRequestType(RouterRoute::REQUEST_TYPE_POST);
+        $route->addSettings($settings);
+        $route->setRequestMethods(array(RouterRoute::REQUEST_TYPE_POST));
 
         $router = RouterBase::getInstance();
         $router->addRoute($route);
@@ -37,9 +54,10 @@ class SimpleRouter {
         return $route;
     }
 
-    public static function put($url, $callback) {
+    public static function put($url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
-        $route->addRequestType(RouterRoute::REQUEST_TYPE_PUT);
+        $route->addSettings($settings);
+        $route->setRequestMethods(array(RouterRoute::REQUEST_TYPE_PUT, RouterRoute::REQUEST_TYPE_PATCH));
 
         $router = RouterBase::getInstance();
         $router->addRoute($route);
@@ -47,9 +65,10 @@ class SimpleRouter {
         return $route;
     }
 
-    public static function delete($url, $callback) {
+    public static function delete($url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
-        $route->addRequestType(RouterRoute::REQUEST_TYPE_DELETE);
+        $route->addSettings($settings);
+        $route->setRequestMethods(array(RouterRoute::REQUEST_TYPE_DELETE));
 
         $router = RouterBase::getInstance();
         $router->addRoute($route);
@@ -71,11 +90,10 @@ class SimpleRouter {
         return $group;
     }
 
-    public static function match(array $requestTypes, $url, $callback) {
+    public static function match(array $requestMethods, $url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
-        foreach($requestTypes as $requestType) {
-            $route->addRequestType($requestType);
-        }
+        $route->setRequestMethods($requestMethods);
+        $route->addSettings($settings);
 
         $router = RouterBase::getInstance();
         $router->addRoute($route);
@@ -83,31 +101,34 @@ class SimpleRouter {
         return $route;
     }
 
-    public static function all($url, $callback) {
+    public static function all($url, $callback, array $settings = null) {
         $route = new RouterRoute($url, $callback);
+        $route->addSettings($settings);
         $router = RouterBase::getInstance();
         $router->addRoute($route);
 
         return $route;
     }
 
-    public static function controller($url, $controller) {
+    public static function controller($url, $controller, array $settings = null) {
         $route = new RouterController($url, $controller);
+        $route->addSettings($settings);
         $router = RouterBase::getInstance();
         $router->addRoute($route);
 
         return $route;
     }
 
-    public static function ressource($url, $controller) {
-        $route = new RouterRessource($url, $controller);
+    public static function resource($url, $controller, array $settings = null) {
+        $route = new RouterResource($url, $controller);
+        $route->addSettings($settings);
         $router = RouterBase::getInstance();
         $router->addRoute($route);
 
         return $route;
     }
 
-    public function getRoute($controller = null, $parameters = null, $getParams = null) {
+    public static function getRoute($controller = null, $parameters = null, $getParams = null) {
         return RouterBase::getInstance()->getRoute($controller, $parameters, $getParams);
     }