Skip to content

CsrfProtectionMiddleware

  • Full name: \Codefy\Framework\Http\Middleware\Csrf\CsrfProtectionMiddleware
  • This class implements: MiddlewareInterface

Properties

configContainer

protected \Qubus\Config\ConfigContainer $configContainer

protected \Qubus\Http\Cookies\Factory\HttpCookieFactory $cookie

Methods

__construct

public __construct(\Qubus\Config\ConfigContainer $configContainer, \Qubus\Http\Cookies\Factory\HttpCookieFactory $cookie): mixed

Parameters:

Parameter Type Description
$configContainer \Qubus\Config\ConfigContainer
$cookie \Qubus\Http\Cookies\Factory\HttpCookieFactory

process

public process(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Server\RequestHandlerInterface $handler): \Psr\Http\Message\ResponseInterface

Parameters:

Parameter Type Description
$request \Psr\Http\Message\ServerRequestInterface
$handler \Psr\Http\Server\RequestHandlerInterface

Throws:

needsProtection

Check for methods not defined as safe.

private needsProtection(\Psr\Http\Message\ServerRequestInterface $request): bool

Parameters:

Parameter Type Description
$request \Psr\Http\Message\ServerRequestInterface

tokensMatch

private tokensMatch(\Psr\Http\Message\ServerRequestInterface $request): bool

Parameters:

Parameter Type Description
$request \Psr\Http\Message\ServerRequestInterface

Throws:

fetchToken

private fetchToken(\Psr\Http\Message\ServerRequestInterface $request): string

Parameters:

Parameter Type Description
$request \Psr\Http\Message\ServerRequestInterface

Throws:

getTokenFromRequest

private getTokenFromRequest(\Psr\Http\Message\ServerRequestInterface $request): string

Parameters:

Parameter Type Description
$request \Psr\Http\Message\ServerRequestInterface

Throws:

Inherited methods

sign

Sign the value.

protected sign(string $value): string

Parameters:

Parameter Type Description
$value string

Throws:

unsign

Unsign the value.

protected unsign(string $value): string

Parameters:

Parameter Type Description
$value string Encrypted value.

Return Value:

Return the value if signature is valid.

Throws:

compareTokens

protected compareTokens(string $knownString, string $userString): bool

Parameters:

Parameter Type Description
$knownString string
$userString string

generateToken

protected generateToken(): string

prepareToken

protected prepareToken(\Psr\Http\Message\ServerRequestInterface $request): string

Parameters:

Parameter Type Description
$request \Psr\Http\Message\ServerRequestInterface

Throws:

getTokenFromCookie

Get the token from the request cookie if it's present.

private getTokenFromCookie(array $cookies): string|null

Decrypt the cookie token value using the app crypto key.

Return null if the cookie is missing or if the decryption fails.

Parameters:

Parameter Type Description
$cookies array

Throws:

createCookie

Create CSRF cookie to store the encrypted token value.

private createCookie(\Psr\Http\Message\ResponseInterface $response, string $token): \Psr\Http\Message\ResponseInterface

Encrypt the value for better security (in case of XSS attack).

Parameters:

Parameter Type Description
$response \Psr\Http\Message\ResponseInterface
$token string

Throws: