schnittstabil / csrf-tokenservice
Stateless CSRF (Cross-Site Request Forgery) token service.
Installs: 155 483
Dependents: 2
Suggesters: 0
Security: 0
Stars: 15
Watchers: 2
Forks: 2
Open Issues: 0
Requires
- php: >=5.6.0
- spomky-labs/base64url: ^1.0
Requires (Dev)
README
Stateless CSRF (Cross-Site Request Forgery) token service 🍖
Install
$ composer require schnittstabil/csrf-tokenservice
Usage
<?php require __DIR__.'/vendor/autoload.php'; use Schnittstabil\Csrf\TokenService\TokenService; // Shared secret key used for generating and validating token signatures: $key = 'This key is not so secret - change it!'; // Time to Live in seconds; default is 1440 seconds === 24 minutes: $ttl = 1440; // create the TokenService $tokenService = new TokenService($key, $ttl); // generate a URL-safe token, using the name of the authenticated user as nonce: $token = $tokenService->generate($_SERVER['PHP_AUTH_USER']); // validate the token - stateless; no session needed if (!$tokenService->validate($_SERVER['PHP_AUTH_USER'], $token)) { http_response_code(403); echo '<h2>403 Access Forbidden, bad CSRF token</h2>'; exit(); }
Related
- schnittstabil/psr7-csrf-middleware – (stateless) PSR-7 CSRF protection middleware
- schnittstabil/csrf-twig-helpers – Twig helpers for token rendering
License
MIT © Michael Mayer