README

灵感来源

这个库深受以下库的启发 (https://github.com/paragonie/anti-csrf)

安装

安装此库的首选方法是通过运行以下命令从您的项目根目录使用 Composer

$ composer require sunkan/celo

使用

此库旨在在利用 Psr-15 分发器实现的程序中使用。

我们包括了一些中间件，使用起来非常方便

验证csrf

$sessionFactory = new class() implements Celo\SessionFactoryInterface {
    public function newInstance(ServerRequestInterface $request): SessionInterface {
        return new Celo\NativeSession();
    }
};

$dispatcher = new PSR15Dispatcher();

// validates csrf token and set csrf attribute
$dispatcher->addMiddleware(new Celo\Middleware\CsrfValidate($sessionFactory));

$dispatcher->handle($request, function($request) {
    //fallback handler
    
    /** @var Celo\Middleware\Csrf $csrf */
    $csrf = $request->getAttribute('csrf);
    if ($csrf->isValid()) {
        echo "Valid request";
    } else {
        $csrf->getException();
    }
    
    $generator = $csrf->getGenerator();
    $newToken = $generator->getToken('/url-to-lock-token to');
});

自动将令牌注入表单和JSON响应中

$sessionFactory = new class() implements Celo\SessionFactoryInterface {
    public function newInstance(ServerRequestInterface $request): SessionInterface {
        return new Celo\NativeSession();
    }
};

$dispatcher = new PSR15Dispatcher();

// if response is html it will look for <form and add the correct input fields
// if the response is json and request method is not GET it will add a new token to the response data
$dispatcher->addMiddleware(new Celo\Middleware\CsrfFormInjector(new Celo\Renderer(), $sessionFactory);