sethrensei/ren-router

Secure lightweight PHP router with RBAC, CSRF and HTTP error handling

Maintainers

Package info

github.com/SethRensei/RenRouter

pkg:composer/sethrensei/ren-router

Statistics

Installs: 11

Dependents: 0

Suggesters: 0

Stars: 1

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

1.0.3 2026-04-02 12:55 UTC

Requires

MIT 60e258c693688f1608db5f579d9f6ca16d609c21

  • SethRensei <eddisethsita.woop@proton.me>

This package is auto-updated.

Last update: 2026-04-02 12:58:26 UTC

README

RenRouter is a modern, lightweight and secure PHP micro‑router, designed for projects without a full framework or as the core of a custom micro‑framework.

It provides clean HTTP orchestration (routing, dispatching, views, errors), declarative security (authentication and roles), and a proper HTTP request abstraction.

✨ Key Features

  • HTTP routing powered by AltoRouter
  • Fluent and readable route definitions
  • Route protection with authentication and roles
  • Centralized HTTP exception handling (401, 403, 404, 500)
  • Dedicated error pages
  • AJAX / Turbo / XHR support
  • HTTP request abstraction (Request)
  • Secure file uploads (UploadedFile)
  • Optional PSR‑3 logger support

🧱 Architecture

RenRouter/
β”œβ”€β”€ src/
β”‚   β”œβ”€β”€ Router.php
β”‚   β”œβ”€β”€ Security/
β”‚   β”‚   └── Auth.php
β”‚   β”œβ”€β”€ Http/
β”‚   β”‚   β”œβ”€β”€ Request.php
β”‚   β”‚   β”œβ”€β”€ UploadedFile.php
β”‚   β”‚   └── Exception/
β”‚   β”‚       β”œβ”€β”€ HttpException.php
β”‚   β”‚       β”œβ”€β”€ UnauthorizedHttpException.php
β”‚   β”‚       β”œβ”€β”€ ForbiddenHttpException.php
β”‚   β”‚       └── NotFoundHttpException.php
β”œβ”€β”€ views/
β”‚   β”œβ”€β”€ base.php
β”‚   └── errors/
β”‚       β”œβ”€β”€ 401.php
β”‚       β”œβ”€β”€ 403.php
β”‚       β”œβ”€β”€ 404.php
β”‚       └── 500.php
└── public/
    └── index.php

πŸš€ Usage Example

$router->route(
    '/user/[i:id]',
    [$userController, 'show'],
    'GET',
    'user.show',
    [
        'auth'  => true,
        'roles' => ['admin', 'editor']
    ]
);
  • The user must be authenticated
  • The user must have at least one of the required roles

πŸ” Security & Roles

RenRouter follows a declarative security model:

  • No authentication logic inside controllers
  • Security rules are defined at route level
  • A user may have one or multiple roles
['auth' => true, 'roles' => ['user']]

Automatically thrown exceptions:

Situation Exception HTTP Code
Not authenticated UnauthorizedHttpException 401
Invalid role ForbiddenHttpException 403
Route not found NotFoundHttpException 404

❗ Error Handling

HTTP errors are centrally handled by the router and rendered using dedicated views:

views/errors/403.php
views/errors/404.php

The exception message is available in the view through $errorMessage.

πŸ“¦ Requirements

  • PHP β‰₯ 8.1
  • fileinfo extension enabled
  • Composer

🎯 Philosophy

RenRouter focuses on:

  • clarity over magic
  • security by default
  • a solid and extensible core

It is not a framework, but a reliable foundation to build one.

πŸ“„ License

MIT β€” free to use and modify.