2017 © Pedro PelĂĄez
 

library slim3-csrf-utilities

Slim Framework 3 CSRF protection middleware utilities

image

aurmil/slim3-csrf-utilities

Slim Framework 3 CSRF protection middleware utilities

  • Tuesday, October 3, 2017
  • by aurmil
  • Repository
  • 1 Watchers
  • 9 Stars
  • 565 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 1 Forks
  • 0 Open issues
  • 4 Versions
  • 7 % Grown

The README.md

Slim 3 CSRF middleware utilities

Requires Slim 3 CSRF component, (*1)

Basically, this package passes CSRF token to view (currently, official Slim Twig and PHP renderers are supported) or in response headers (for AJAX calls)., (*2)

Installation

Requires Composer, (*3)

composer require aurmil/slim3-csrf-utilities

Then require Composer autoload file, (*4)

require 'vendor/autoload.php';

Usage

For an action that needs to display CSRF token in a view, add Aurmil\Slim\CsrfTokenToView middleware before Slim\Csrf\Guard., (*5)

For an AJAX called action that needs to return new token to the caller in response headers, add Aurmil\Slim\CsrfTokenToHeaders middleware before Slim\Csrf\Guard., (*6)

Let's consider a really light Slim app:, (*7)

index.php, (*8)

getContainer();

// If a route needs a view renderer
$container['renderer'] = function ($c) {
    return new \Slim\Views\Twig(__DIR__, ['cache' => false]); // Twig
    return new \Slim\Views\PhpRenderer(__DIR__.'/'); // Or PHP
};

// CSRF component
$container['csrf'] = function ($c) {
    return new \Slim\Csrf\Guard;
};

// HTML form including fields for CSRF token
$app->get('/', function ($request, $response) {
    return $this->renderer->render($response, 'view.twig'); // Twig
    return $this->renderer->render($response, 'view.php'); // Or PHP
})->add(new CsrfTokenToView($container->csrf, $container->renderer))
    ->add($container->csrf);

// CSRF protected action, can be called by AJAX
$app->post('/submit', function ($request, $response) {
    if ($request->isXhr()) {
        return $response->withJson(['success' => true]);
    } else {
        return $response->withRedirect('/');
    }
})->add(new CsrfTokenToHeaders($container->csrf))
    ->add($container->csrf);

// Slim dispatching
$app->run();
```

Twig view

```twig


    
        
        CSRF
{% if csrf_token is defined and csrf_token %} {% for key, value in csrf_token %} {% endfor %} {% endif %}
``` Or PHP view ```php CSRF
<?php foreach ($csrf_token as $key => $value): ?> <input type="hidden" name="<?php echo $key ?>" value="<?php echo $value ?>" class="csrf"> <?php endforeach ?> <?php endif ?> <button type="submit">Submit</button> </form> <!-- for AJAX calls --> <script src="http://code.jquery.com/jquery-2.2.1.min.js"></script> <script src="main.js"></script> </body> </html>

JS file (fox AJAX calls) using jQuery, (*9)

$(function () {
    var form = $('form');
    form.on('submit', function () {
        $.ajax({
            url: form.attr('action'),
            method: form.attr('method'),
            data: form.serialize(),
            cache: false,
            dataType: 'json',
            success: function (data) {
                console.log('OK');
            },
            error: function () {
                console.log('error')
            },
            complete: function (jqXHR) {
                var csrfToken = jqXHR.getResponseHeader('X-CSRF-Token');

                if (csrfToken) {
                    try {
                        csrfToken = $.parseJSON(csrfToken);
                        var csrfTokenKeys = Object.keys(csrfToken);
                        var hiddenFields = form.find('input.csrf[type="hidden"]');

                        if (csrfTokenKeys.length === hiddenFields.length) {
                            hiddenFields.each(function(i) {
                                $(this).attr('name', csrfTokenKeys[i]);
                                $(this).val(csrfToken[csrfTokenKeys[i]]);
                            });
                        }
                    } catch (e) {

                    }
                }
            }
        });

        return false;
    });
});

And .htaccess, (*10)

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [QSA,L]
</IfModule>

License

The MIT License (MIT). Please see License File for more information., (*11)

The Versions

03/10 2017

dev-master

9999999-dev https://github.com/aurmil/slim3-csrf-utilities

Slim Framework 3 CSRF protection middleware utilities

  Sources   Download

MIT

The Requires

 

The Development Requires

by Aurélien Millet

middleware framework slim slimphp csrf

03/10 2017

v1.0.2

1.0.2.0 https://github.com/aurmil/slim3-csrf-utilities

Slim Framework 3 CSRF protection middleware utilities

  Sources   Download

MIT

The Requires

 

The Development Requires

by Aurélien Millet

middleware framework slim slimphp csrf

14/10 2016

v1.0.1

1.0.1.0 https://github.com/aurmil/slim3-csrf-utilities

Slim Framework 3 CSRF protection middleware utilities

  Sources   Download

MIT

The Requires

 

The Development Requires

by Aurélien Millet

middleware framework slim slimphp csrf

15/03 2016

v1.0.0

1.0.0.0 https://github.com/aurmil/slim3-csrf-utilities

Slim Framework 3 CSRF protection middleware utilities

  Sources   Download

MIT

The Requires

 

The Development Requires

by Aurélien Millet

middleware framework slim slimphp csrf