Merge pull request #311 from skipperbent/v3-development

V3 development

README.md

@@ -212,6 +212,18 @@ Simply create a new `web.config` file in your projects `public` directory and pa
 </configuration>
 ```
 
+#### Troubleshoting
+
+If you do not have a favicon.ico file in your project, you can get `404 Router::notFoundException()` constantly.
+To add `favicon.ico` as exception, you can add this line to the `<conditions>` group: 
+```<add input="{REQUEST_FILENAME}" negate="true" pattern="favicon.ico" ignoreCase="true" />```
+
+You can also make one exception for files with some extensions: 
+```<add input="{REQUEST_FILENAME}" pattern="\.ico|\.png|\.css|\.jpg" negate="true" ignoreCase="true" />```
+
+If you are using `$_SERVER['ORIG_PATH_INFO']`, you will get `\index.php\` as part of the returned value. By sample: 
+```/index.php/test/mypage.php```
+
 ### Configuration
 
 Create a new file, name it `routes.php` and place it in your library folder. This will be the file where you define all the routes for your project.
@@ -249,7 +261,8 @@ We recommend that you add these helper functions to your project. These will all
 To implement the functions below, simply copy the code to a new file and require the file before initializing the router or copy the `helpers.php` we've included in this library.
 
 ```php
-<?php
+use Pecee\SimpleRouter\SimpleRouter as Router;
+
 /**
  * Get url for a route by using either name/alias, class or method name.
  *
@@ -269,7 +282,7 @@ To implement the functions below, simply copy the code to a new file and require
  */
 function url($name = null, $parameters = null, $getParams = null)
 {
-    return SimpleRouter::getUrl($name, $parameters, $getParams);
+    return Router::getUrl($name, $parameters, $getParams);
 }
 
 /**
@@ -277,7 +290,7 @@ function url($name = null, $parameters = null, $getParams = null)
  */
 function response()
 {
-    return SimpleRouter::response();
+    return Router::response();
 }
 
 /**
@@ -285,7 +298,7 @@ function response()
  */
 function request()
 {
-    return SimpleRouter::request();
+    return Router::request();
 }
 
 /**
@@ -297,8 +310,7 @@ function request()
  */
 function input($index = null, $defaultValue = null, $methods = null)
 {
-    if($index !== null)
-    {
+    if ($index !== null) {
         return request()->getInput()->get($index, $defaultValue, $methods);
     }
 
@@ -313,6 +325,20 @@ function redirect($url, $code = null)
 
     response()->redirect($url);
 }
+
+/**
+ * Get current csrf-token
+ * @return string|null
+ */
+function csrf_token()
+{
+    $baseVerifier = Router::router()->getCsrfVerifier();
+    if ($baseVerifier !== null) {
+        return $baseVerifier->getToken();
+    }
+
+    return null;
+}
 ```
 
 ---
@@ -695,6 +721,20 @@ You can get the CSRF-token by calling the helper method:
 csrf_token();
 ```
 
+The default name/key for the input-field is `csrf_token` and is defined in the `POST_KEY` constant in the `BaseCsrfVerifier` class.
+You can change the key by overwriting the constant in your own CSRF-verifier class.
+
+**Example:**
+
+The example below will post to the current url with a hidden field "`csrf_token`".
+
+```html
+<form method="post" action="<?= url(); ?>">
+    <input type="hidden" name="csrf_token" value="<?= csrf_token(); ?>">
+    <!-- other input elements here -->
+</form>
+```
+
 ---
 
 # Middlewares

helpers.php

@@ -63,4 +63,18 @@ function redirect($url, $code = null)
     }
 
     response()->redirect($url);
+}
+
+/**
+ * Get current csrf-token
+ * @return string|null
+ */
+function csrf_token()
+{
+    $baseVerifier = Router::router()->getCsrfVerifier();
+    if ($baseVerifier !== null) {
+        return $baseVerifier->getToken();
+    }
+
+    return null;
 }

src/Pecee/CsrfToken.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace Pecee;
 
 class CsrfToken
@@ -15,7 +16,7 @@ class CsrfToken
      */
     public static function generateToken()
     {
-        if (function_exists('random_bytes')) {
+        if (function_exists('random_bytes') === true) {
             return bin2hex(random_bytes(32));
         }
 
@@ -46,25 +47,36 @@ class CsrfToken
 
     /**
      * Set csrf token cookie
+     * Overwrite this method to save the token to another storage like session etc.
      *
-     * @param $token
+     * @param string $token
      */
     public function setToken($token)
     {
+        $this->token = $token;
         setcookie(static::CSRF_KEY, $token, time() + 60 * 120, '/');
     }
 
     /**
      * Get csrf token
+     * @param string|null $defaultValue
      * @return string|null
      */
-    public function getToken()
+    public function getToken($defaultValue = null)
     {
-        if ($this->hasToken() === true) {
-            return $_COOKIE[static::CSRF_KEY];
-        }
+        $this->token = ($this->hasToken() === true) ? $_COOKIE[static::CSRF_KEY] : null;
 
-        return null;
+        return ($this->token !== null) ? $this->token : $defaultValue;
+    }
+
+    /**
+     * Refresh existing token
+     */
+    public function refresh()
+    {
+        if ($this->token !== null) {
+            $this->setToken($this->token);
+        }
     }
 
     /**

src/Pecee/Http/Middleware/BaseCsrfVerifier.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace Pecee\Http\Middleware;
 
 use Pecee\CsrfToken;
@@ -19,7 +20,7 @@ class BaseCsrfVerifier implements IMiddleware
         $this->csrfToken = new CsrfToken();
 
         // Generate or get the CSRF-Token from Cookie.
-        $this->token = ($this->hasToken() === false) ? $this->generateToken() : $this->csrfToken->getToken();
+        $this->token = $this->csrfToken->getToken($this->generateToken());
     }
 
     /**
@@ -72,6 +73,9 @@ class BaseCsrfVerifier implements IMiddleware
 
         }
 
+        // Refresh existing token
+        $this->csrfToken->refresh();
+
     }
 
     public function generateToken()

src/Pecee/Http/Request.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace Pecee\Http;
 
 use Pecee\Http\Input\Input;
@@ -42,13 +43,7 @@ class Request
     {
         $this->headers = [];
 
-        $max = count($_SERVER) - 1;
-        $keys = array_keys($_SERVER);
-
-        for ($i = $max; $i >= 0; $i--) {
-            $key = $keys[$i];
-            $value = $_SERVER[$key];
-
+        foreach ($_SERVER as $key => $value) {
             $this->headers[strtolower($key)] = $value;
             $this->headers[strtolower(str_replace('_', '-', $key))] = $value;
         }
@@ -167,24 +162,7 @@ class Request
      */
     public function getHeader($name, $defaultValue = null)
     {
-        if (array_key_exists(strtolower($name), $this->headers) === true) {
-            return $this->headers[strtolower($name)];
-        }
-
-        $max = count($_SERVER) - 1;
-        $keys = array_keys($_SERVER);
-
-        for ($i = $max; $i >= 0; $i--) {
-
-            $key = $keys[$i];
-            $name = $_SERVER[$key];
-
-            if ($key === $name) {
-                return $name;
-            }
-        }
-
-        return $defaultValue;
+        return isset($this->headers[strtolower($name)]) ? $this->headers[strtolower($name)] : $defaultValue;
     }
 
     /**

src/Pecee/SimpleRouter/Router.php

@@ -285,7 +285,8 @@ class Router
         }
 
         if ($routeNotAllowed === true) {
-            $this->handleException(new HttpException('Route or method not allowed', 403));
+			$message = sprintf('Route "%s" or method "%s" not allowed.', $this->request->getUri()->getPath(), $this->request->getMethod());
+            $this->handleException(new HttpException($message, 403));
         }
 
         if ($this->request->getLoadedRoute() === null) {
@@ -329,25 +330,31 @@ class Router
                 throw new HttpException('Exception handler must implement the IExceptionHandler interface.', 500);
             }
 
-            if ($handler->handleError($this->request, $e) !== null) {
+            try {
 
-                $rewriteRoute = $this->request->getRewriteRoute();
+                if ($handler->handleError($this->request, $e) !== null) {
 
-                if ($rewriteRoute !== null) {
-                    $rewriteRoute->loadMiddleware($this->request);
+                    $rewriteRoute = $this->request->getRewriteRoute();
 
-                    return $rewriteRoute->renderRoute($this->request);
+                    if ($rewriteRoute !== null) {
+                        $rewriteRoute->loadMiddleware($this->request);
+
+                        return $rewriteRoute->renderRoute($this->request);
+                    }
+
+                    $rewriteUrl = $this->request->getRewriteUrl();
+
+                    /* If the request has changed */
+                    if ($rewriteUrl !== null && $rewriteUrl !== $url) {
+                        unset($this->exceptionHandlers[$i]);
+                        $this->exceptionHandlers = array_values($this->exceptionHandlers);
+
+                        return $this->routeRequest(true);
+                    }
                 }
 
-                $rewriteUrl = $this->request->getRewriteUrl();
+            } catch (\Exception $e) {
 
-                /* If the request has changed */
-                if ($rewriteUrl !== null && $rewriteUrl !== $url) {
-                    unset($this->exceptionHandlers[$i]);
-                    $this->exceptionHandlers = array_values($this->exceptionHandlers);
-
-                    return $this->routeRequest(true);
-                }
             }
         }
 
@@ -588,4 +595,4 @@ class Router
         return $this;
     }
 
-}
+}