2017 © Pedro Peláez
 

library celo

csrf class

image

sunkan/celo

csrf class

  • Thursday, March 29, 2018
  • by sunkan
  • Repository
  • 0 Watchers
  • 0 Stars
  • 54 Installations
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 8 Versions
  • 29 % Grown

The README.md

CSRF Library

Inspiration

This library is heavily inspired by (https://github.com/paragonie/anti-csrf), (*1)

Installation

The preferred method of installing this library is with Composer by running the following from your project root:, (*2)

  $ composer require sunkan/celo

Using

This library is meant to be used in an application that utilizes Psr-15 dispatcher implementation., (*3)

We include a couple of middlewares that make it easy to use, (*4)

Validate csrf


$sessionFactory = new class() implements Celo\SessionFactoryInterface {
    public function newInstance(ServerRequestInterface $request): SessionInterface {
        return new Celo\NativeSession();
    }
};
$tokenValidator = new Celo\TokenValidator([new Celo\Validators\DefaultValidator()]);
$tokenGeneratorFactory = new Celo\TokenGeneratorFactory($sessionFactory);

$dispatcher = new PSR15Dispatcher();

// validates csrf token and set csrf attribute
$dispatcher->addMiddleware(new Celo\Middleware\CsrfValidate($tokenValidator, $tokenGeneratorFactory));

$dispatcher->handle($request, function($request) {
    //fallback handler

    /** @var Celo\Middleware\Csrf $csrf */
    $csrf = $request->getAttribute('csrf);
    if ($csrf->isValid()) {
        echo "Valid request";
    } else {
        $csrf->getException();
    }

    $generator = $csrf->getGenerator();
    $newToken = $generator->getToken('/url-to-lock-token to');
});

Auto inject token into forms and json responses


$sessionFactory = new class() implements Celo\SessionFactoryInterface {
    public function newInstance(ServerRequestInterface $request): SessionInterface {
        return new Celo\NativeSession();
    }
};
$tokenGeneratorFactory = new Celo\TokenGeneratorFactory($sessionFactory);
$injectorFactory = new Celo\Injectors\InjectorFactory();

$dispatcher = new PSR15Dispatcher();

// if response is html it will look for 

<

form and add the correct input fields
// if the response is json and request method is not GET it will add a new token to the response data
// all this is done in the InjectorFactory if you want to replace the html one you can replace it by
// calling $injectorFactory->addInjector('html', $conditonResolver, $injectorResolver);

$dispatcher->addMiddleware(new Celo\Middleware\CsrfFormInjector($tokenGeneratorFactory, $injectorFactory);

The Versions

29/03 2018

dev-develop

dev-develop https://bitbucket.org/sunkan/celo

csrf class

  Sources   Download

MIT

The Requires

 

The Development Requires

by Andreas Sundqvist

29/03 2018

3.x-dev

3.9999999.9999999.9999999-dev https://bitbucket.org/sunkan/celo

csrf class

  Sources   Download

MIT

The Requires

 

The Development Requires

by Andreas Sundqvist

28/03 2018

dev-master

9999999-dev https://bitbucket.org/sunkan/celo

csrf class

  Sources   Download

MIT

The Requires

 

The Development Requires

by Andreas Sundqvist

28/03 2018

2.2.0

2.2.0.0 https://bitbucket.org/sunkan/celo

csrf class

  Sources   Download

MIT

The Requires

 

The Development Requires

by Andreas Sundqvist

28/03 2018

2.x-dev

2.9999999.9999999.9999999-dev https://bitbucket.org/sunkan/celo

csrf class

  Sources   Download

MIT

The Requires

 

The Development Requires

by Andreas Sundqvist

22/02 2018

2.1.0

2.1.0.0 https://bitbucket.org/sunkan/celo

csrf class

  Sources   Download

MIT

The Requires

 

The Development Requires

by Andreas Sundqvist

22/02 2018

2.0.0

2.0.0.0 https://bitbucket.org/sunkan/celo

csrf class

  Sources   Download

MIT

The Requires

 

The Development Requires

by Andreas Sundqvist

23/02 2016

1.0.0

1.0.0.0 https://bitbucket.org/sunkan/celo

csrf class

  Sources   Download

MIT

The Requires

 

by Andreas Sundqvist