1 | <?php |
||
10 | final class CsrfMiddleware |
||
11 | { |
||
12 | /** |
||
13 | * @var CsrfTokenGeneratorInterface |
||
14 | */ |
||
15 | private $csrfTokenGenerator; |
||
16 | |||
17 | /** |
||
18 | * @var SessionInterface |
||
19 | */ |
||
20 | private $session; |
||
21 | |||
22 | const CSRF_KEY = 'csrf'; |
||
23 | |||
24 | const EXCEPTION_STATUS = 424; |
||
25 | |||
26 | const EXCEPTION_MISSING_IN_SESSION = 'Csrf token is missing within session'; |
||
27 | const EXCEPTION_MISSING_IN_BODY = 'Csrf token is missing within body'; |
||
28 | const EXCEPTION_IS_NOT_SAME = 'Csrf token within body is not the same as in session'; |
||
29 | |||
30 | /** |
||
31 | * @param CsrfTokenGeneratorInterface $csrfTokenGenerator |
||
32 | * @param SessionInterface $session |
||
33 | */ |
||
34 | public function __construct(CsrfTokenGeneratorInterface $csrfTokenGenerator, SessionInterface $session) |
||
39 | |||
40 | /** |
||
41 | * @param Request $request |
||
42 | * @param Response $response |
||
43 | * @param callable $next |
||
44 | * |
||
45 | * @return Response |
||
46 | */ |
||
47 | public function __invoke(Request $request, Response $response, callable $next = null) |
||
63 | |||
64 | /** |
||
65 | * @param Request $request |
||
66 | * @param Response $response |
||
67 | * |
||
68 | * @throws HttpException |
||
69 | */ |
||
70 | private function checkCsrf(Request $request, Response $response) |
||
86 | |||
87 | /** |
||
88 | * @param Request $request |
||
89 | * @param Response $response |
||
90 | * @param string $message |
||
91 | * |
||
92 | * @throws HttpException |
||
93 | */ |
||
94 | private function throwException(Request $request, Response $response, string $message) |
||
98 | } |
||
99 |