mirror of
https://github.com/skipperbent/simple-php-router.git
synced 2026-07-10 22:22:29 +00:00
a9c03f9271
- Updated `helpers.php` and helpers example in documentation. - MalformedUrlException is now handled properly by Router to avoid phpStorm syntax highlights in routes. - Added `getUrlCopy` to `Request` class, used to clone the current route (to keep domain etc.) - `setUrl` in `Request` are now strict and requires `Url` object and no longer accepts strings. - Renamed `hasRewrite` property to `hasPendingRewrite` in `Request` class. - Renamed `hasRewrite` and `setHasRewrite` methods to `hasPendingRewrite` and `setHasPendingRewrite` in `Request` class. - Added better usage of `Url` class. When calling `url` you can now use the methods on the `Url` class to filter params, get relative/absolute url etc. See documentation for more info. - Renamed `get` method to `getValue` in `InputHandler` class. - Renamed `getObject` to `get` and removed `$defaultValue` argument in `InputHandler` class. - Optimized `InputHandler` class. - Fixed issue with `$token` not being proper string in `BaseCsrfVerifier` when token is not found. - Added php.ini configuration settings to `setcookie` in `CookieTokenProvider` for improved security. - Added `$router` parameter to `boot` method in `IRouterBootManager` which allows for further manipulation of the router within the bootmanager. - Renamed `$processingRoute` property to `$isProcessingRoute` in `Router` class. - Fixed `reset` method not resetting CSRF-verifier in `Router` class. - Moved `arrayToParams` helper-method from `Router` to `Url` class. - Began to add Event-functionality to router. - Added `addEventHandler` method to `SimpleRouter` class. - Moved `Pecee\SimpleRouter\Handler\CallbackExceptionHandler` to `Pecee\SimpleRouter\Handlers\CallbackExceptionHandler`. - Moved `Pecee\SimpleRouter\Handler\IExceptionHandler` to `Pecee\SimpleRouter\Handlers\IExceptionHandler`. - Added Events section to documentation. - Added more information on url-handling in documentation. - Optimisations.
118 lines
2.7 KiB
PHP
118 lines
2.7 KiB
PHP
<?php
|
|
|
|
namespace Pecee\Http\Security;
|
|
|
|
use Pecee\Http\Security\Exceptions\SecurityException;
|
|
|
|
class CookieTokenProvider implements ITokenProvider
|
|
{
|
|
public const CSRF_KEY = 'CSRF-TOKEN';
|
|
|
|
protected $token;
|
|
protected $cookieTimeoutMinutes = 120;
|
|
|
|
/**
|
|
* CookieTokenProvider constructor.
|
|
* @throws SecurityException
|
|
*/
|
|
public function __construct()
|
|
{
|
|
$this->token = $this->getToken();
|
|
|
|
if ($this->token === null) {
|
|
$this->token = $this->generateToken();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Generate random identifier for CSRF token
|
|
*
|
|
* @return string
|
|
* @throws SecurityException
|
|
*/
|
|
public function generateToken(): string
|
|
{
|
|
try {
|
|
return bin2hex(random_bytes(32));
|
|
} catch (\Exception $e) {
|
|
throw new SecurityException($e->getMessage(), (int)$e->getCode(), $e->getPrevious());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Validate valid CSRF token
|
|
*
|
|
* @param string $token
|
|
* @return bool
|
|
*/
|
|
public function validate(string $token): bool
|
|
{
|
|
if ($this->getToken() !== null) {
|
|
return hash_equals($token, $this->getToken());
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Set csrf token cookie
|
|
* Overwrite this method to save the token to another storage like session etc.
|
|
*
|
|
* @param string $token
|
|
*/
|
|
public function setToken(string $token): void
|
|
{
|
|
$this->token = $token;
|
|
setcookie(static::CSRF_KEY, $token, (int)((time() + 60) * $this->cookieTimeoutMinutes), '/', ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
|
|
}
|
|
|
|
/**
|
|
* Get csrf token
|
|
* @param string|null $defaultValue
|
|
* @return string|null
|
|
*/
|
|
public function getToken(?string $defaultValue = null): ?string
|
|
{
|
|
$this->token = ($this->hasToken() === true) ? $_COOKIE[static::CSRF_KEY] : null;
|
|
|
|
return $this->token ?? $defaultValue;
|
|
}
|
|
|
|
/**
|
|
* Refresh existing token
|
|
*/
|
|
public function refresh(): void
|
|
{
|
|
if ($this->token !== null) {
|
|
$this->setToken($this->token);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns whether the csrf token has been defined
|
|
* @return bool
|
|
*/
|
|
public function hasToken(): bool
|
|
{
|
|
return isset($_COOKIE[static::CSRF_KEY]);
|
|
}
|
|
|
|
/**
|
|
* Get timeout for cookie in minutes
|
|
* @return int
|
|
*/
|
|
public function getCookieTimeoutMinutes(): int
|
|
{
|
|
return $this->cookieTimeoutMinutes;
|
|
}
|
|
|
|
/**
|
|
* Set cookie timeout in minutes
|
|
* @param int $minutes
|
|
*/
|
|
public function setCookieTimeoutMinutes(int $minutes): void
|
|
{
|
|
$this->cookieTimeoutMinutes = $minutes;
|
|
}
|
|
|
|
} |