CsrfTokenMiddleware

Full name: \Codefy\Framework\Http\Middleware\Csrf\CsrfTokenMiddleware
This class implements: MiddlewareInterface

Constants

Constant	Visibility	Type	Value
`CSRF_SESSION_ATTRIBUTE`	public		'CSRF_TOKEN'

Properties

current

public static \Codefy\Framework\Http\Middleware\Csrf\CsrfTokenMiddleware $current

This property is static.

token

private ?string $token

configContainer

protected \Qubus\Config\ConfigContainer $configContainer

public \Qubus\Http\Cookies\Factory\HttpCookieFactory $cookie

Methods

__construct

public __construct(\Qubus\Config\ConfigContainer $configContainer, \Qubus\Http\Cookies\Factory\HttpCookieFactory $cookie): mixed

Parameters:

Parameter	Type	Description
`$configContainer`	\Qubus\Config\ConfigContainer
`$cookie`	\Qubus\Http\Cookies\Factory\HttpCookieFactory

getField

public static getField(): string

This method is static. Throws:
Exception

getFieldAttr

public getFieldAttr(): string

Throws:

Exception

process

public process(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Server\RequestHandlerInterface $handler): \Psr\Http\Message\ResponseInterface

Parameters:

Parameter	Type	Description
`$request`	\Psr\Http\Message\ServerRequestInterface
`$handler`	\Psr\Http\Server\RequestHandlerInterface

Throws:

Inherited methods

sign

Sign the value.

protected sign(string $value): string

Parameters:

Parameter	Type	Description
`$value`	string

Throws:

unsign

Unsign the value.

protected unsign(string $value): string

Parameters:

Parameter	Type	Description
`$value`	string	Encrypted value.

Return Value:

Return the value if signature is valid.

Throws:

compareTokens

protected compareTokens(string $knownString, string $userString): bool

Parameters:

Parameter	Type	Description
`$knownString`	string
`$userString`	string

generateToken

protected generateToken(): string

prepareToken

protected prepareToken(\Psr\Http\Message\ServerRequestInterface $request): string

Parameters:

Parameter	Type	Description
`$request`	\Psr\Http\Message\ServerRequestInterface

Throws:

getTokenFromCookie

Get the token from the request cookie if it's present.

private getTokenFromCookie(array $cookies): string|null

Decrypt the cookie token value using the app crypto key.

Return null if the cookie is missing or if the decryption fails.

Parameters:

Parameter	Type	Description
`$cookies`	array

Throws:

createCookie

Create CSRF cookie to store the encrypted token value.

private createCookie(\Psr\Http\Message\ResponseInterface $response, string $token): \Psr\Http\Message\ResponseInterface

Encrypt the value for better security (in case of XSS attack).

Parameters:

Parameter	Type	Description
`$response`	\Psr\Http\Message\ResponseInterface
`$token`	string

Throws:

2025-10-132025-10-14