sunkan/celo

csrf class

2.2.2 2019-01-16 17:45 UTC

This package is auto-updated.

Last update: 2024-10-17 10:40:16 UTC


README

Inspiration

This library is heavily inspired by (https://github.com/paragonie/anti-csrf)

Installation

The preferred method of installing this library is with Composer by running the following from your project root:

$ composer require sunkan/celo

Using

This library is meant to be used in an application that utilizes Psr-15 dispatcher implementation.

We include a couple of middlewares that make it easy to use

Validate csrf


$sessionFactory = new class() implements Celo\SessionFactoryInterface {
    public function newInstance(ServerRequestInterface $request): SessionInterface {
        return new Celo\NativeSession();
    }
};

$dispatcher = new PSR15Dispatcher();

// validates csrf token and set csrf attribute
$dispatcher->addMiddleware(new Celo\Middleware\CsrfValidate($sessionFactory));

$dispatcher->handle($request, function($request) {
    //fallback handler
    
    /** @var Celo\Middleware\Csrf $csrf */
    $csrf = $request->getAttribute('csrf);
    if ($csrf->isValid()) {
        echo "Valid request";
    } else {
        $csrf->getException();
    }
    
    $generator = $csrf->getGenerator();
    $newToken = $generator->getToken('/url-to-lock-token to');
});

Auto inject token into forms and json responses


$sessionFactory = new class() implements Celo\SessionFactoryInterface {
    public function newInstance(ServerRequestInterface $request): SessionInterface {
        return new Celo\NativeSession();
    }
};

$dispatcher = new PSR15Dispatcher();

// if response is html it will look for <form and add the correct input fields
// if the response is json and request method is not GET it will add a new token to the response data
$dispatcher->addMiddleware(new Celo\Middleware\CsrfFormInjector(new Celo\Renderer(), $sessionFactory);