misuzu/src/CSRF.php

<?php
namespace Misuzu;

use Index\CsrfToken;

final class CSRF {
    private static ?CsrfToken $instance = null;
    private static string $secretKey = '';

    public static function available(): bool {
        return self::$instance !== null;
    }

    public static function create(string $identity, ?string $secretKey = null): CsrfToken {
        if($secretKey === null)
            $secretKey = self::$secretKey;
        else
            self::$secretKey = $secretKey;

        return new CsrfToken($secretKey, $identity);
    }

    public static function init(string $secretKey, string $identity): void {
        self::$instance = self::create($identity, $secretKey);
    }

    public static function validate(string $token, int $tolerance = -1): bool {
        return self::$instance?->verifyToken($token, $tolerance) ?? false;
    }

    public static function token(): string {
        return self::$instance?->createToken() ?? '';
    }

    public static function validateRequest(int $tolerance = -1): bool {
        if(self::$instance === null)
            return false;

        $token = (string)filter_input(INPUT_POST, '_csrf');
        if(empty($token))
            $token = (string)filter_input(INPUT_GET, 'csrf');

        return self::$instance->verifyToken($token, $tolerance);
    }
}
CSRF from Hanyuu. 2019-12-11 19:10:54 +01:00			`<?php`
			`namespace Misuzu;`

Updated to latest Index version. 2024-10-05 02:40:29 +00:00			`use Index\CsrfToken;`
CSRF from Hanyuu. 2019-12-11 19:10:54 +01:00
			`final class CSRF {`
Added template layer below the master template in preparation for other things. 2025-01-30 12:07:59 +00:00			`private static ?CsrfToken $instance = null;`
Added interop endpoints for Hanyuu. 2024-07-20 19:35:50 +00:00			`private static string $secretKey = '';`

Added template layer below the master template in preparation for other things. 2025-01-30 12:07:59 +00:00			`public static function available(): bool {`
			`return self::$instance !== null;`
			`}`

Updated to latest Index version. 2024-10-05 02:40:29 +00:00			`public static function create(string $identity, ?string $secretKey = null): CsrfToken {`
Added interop endpoints for Hanyuu. 2024-07-20 19:35:50 +00:00			`if($secretKey === null)`
			`$secretKey = self::$secretKey;`
			`else`
			`self::$secretKey = $secretKey;`

Updated to latest Index version. 2024-10-05 02:40:29 +00:00			`return new CsrfToken($secretKey, $identity);`
Added interop endpoints for Hanyuu. 2024-07-20 19:35:50 +00:00			`}`
CSRF from Hanyuu. 2019-12-11 19:10:54 +01:00
Use Index for CSRF protection tokens. 2023-07-11 22:13:56 +00:00			`public static function init(string $secretKey, string $identity): void {`
Added interop endpoints for Hanyuu. 2024-07-20 19:35:50 +00:00			`self::$instance = self::create($identity, $secretKey);`
CSRF from Hanyuu. 2019-12-11 19:10:54 +01:00			`}`

Use Index for CSRF protection tokens. 2023-07-11 22:13:56 +00:00			`public static function validate(string $token, int $tolerance = -1): bool {`
Added template layer below the master template in preparation for other things. 2025-01-30 12:07:59 +00:00			`return self::$instance?->verifyToken($token, $tolerance) ?? false;`
CSRF from Hanyuu. 2019-12-11 19:10:54 +01:00			`}`

Use Index for CSRF protection tokens. 2023-07-11 22:13:56 +00:00			`public static function token(): string {`
Added template layer below the master template in preparation for other things. 2025-01-30 12:07:59 +00:00			`return self::$instance?->createToken() ?? '';`
CSRF from Hanyuu. 2019-12-11 19:10:54 +01:00			`}`

Use Index for CSRF protection tokens. 2023-07-11 22:13:56 +00:00			`public static function validateRequest(int $tolerance = -1): bool {`
Added template layer below the master template in preparation for other things. 2025-01-30 12:07:59 +00:00			`if(self::$instance === null)`
			`return false;`

Fixed possible NULL in CSRF check. 2023-07-12 19:14:40 +00:00			`$token = (string)filter_input(INPUT_POST, '_csrf');`
CSRF and URL cleanup. 2023-07-11 20:51:24 +00:00			`if(empty($token))`
Fixed possible NULL in CSRF check. 2023-07-12 19:14:40 +00:00			`$token = (string)filter_input(INPUT_GET, 'csrf');`
CSRF from Hanyuu. 2019-12-11 19:10:54 +01:00
Use Index for CSRF protection tokens. 2023-07-11 22:13:56 +00:00			`return self::$instance->verifyToken($token, $tolerance);`
CSRF from Hanyuu. 2019-12-11 19:10:54 +01:00			`}`
			`}`