sunkan / celo
csrf class
2.2.2
2019-01-16 17:45 UTC
Requires
- php: >=7.1.0
- http-interop/http-factory: ^0.3.0
- paragonie/constant_time_encoding: ^2.2
- psr/http-message: ~1.0
- psr/http-server-middleware: ^1.0
Requires (Dev)
- aura/session: ^2.0
- mockery/mockery: dev-master
- phpunit/phpunit: ~6.0
This package is auto-updated.
Last update: 2024-10-17 10:40:16 UTC
README
Inspiration
This library is heavily inspired by (https://github.com/paragonie/anti-csrf)
Installation
The preferred method of installing this library is with Composer by running the following from your project root:
$ composer require sunkan/celo
Using
This library is meant to be used in an application that utilizes Psr-15 dispatcher implementation.
We include a couple of middlewares that make it easy to use
Validate csrf
$sessionFactory = new class() implements Celo\SessionFactoryInterface {
public function newInstance(ServerRequestInterface $request): SessionInterface {
return new Celo\NativeSession();
}
};
$dispatcher = new PSR15Dispatcher();
// validates csrf token and set csrf attribute
$dispatcher->addMiddleware(new Celo\Middleware\CsrfValidate($sessionFactory));
$dispatcher->handle($request, function($request) {
//fallback handler
/** @var Celo\Middleware\Csrf $csrf */
$csrf = $request->getAttribute('csrf);
if ($csrf->isValid()) {
echo "Valid request";
} else {
$csrf->getException();
}
$generator = $csrf->getGenerator();
$newToken = $generator->getToken('/url-to-lock-token to');
});
Auto inject token into forms and json responses
$sessionFactory = new class() implements Celo\SessionFactoryInterface {
public function newInstance(ServerRequestInterface $request): SessionInterface {
return new Celo\NativeSession();
}
};
$dispatcher = new PSR15Dispatcher();
// if response is html it will look for <form and add the correct input fields
// if the response is json and request method is not GET it will add a new token to the response data
$dispatcher->addMiddleware(new Celo\Middleware\CsrfFormInjector(new Celo\Renderer(), $sessionFactory);