/**
* Init routes
*/
private function initRoutes()
{
$this->di->set('router', function () {
$router = new Router();
/* Add middleroute for CSRF token */
$router->respond(function ($request, $response, $service, $app) {
/* Get the token */
$headers = $request->headers();
$tokenValue = '';
foreach (Csrf::getHeaderNames() as $headerName) {
if ($headers->exists($headerName)) {
$tokenValue = $headers[$headerName];
break;
}
}
$toSend = false;
/*
* Test if must test the token
* @todo better management with middleware global implementation
*/
$excludeRoute = array('/api');
$matchingRoute = array_filter($excludeRoute, function ($route) use($request) {
$route = rtrim(Di::getDefault()->get('config')->get('global', 'base_url'), '/') . $route;
if ($route == substr($request->pathname(), 0, strlen($route))) {
return true;
}
return false;
});
if (count($matchingRoute) == 0) {
if (false === Csrf::checkToken($tokenValue, $request->method())) {
$toSend = true;
$response->code(403)->json(array("message" => "CSRF Token is no valid"));
$response->send();
// @todo Exception
exit;
} else {
if (Csrf::mustBeGenerate($request->method())) {
/* Generate and send a new csrf cookie */
$response->cookie(Csrf::getCookieName(), Csrf::generateToken(), 0);
$response->sendCookies(true);
}
}
}
});
/* Parsing route */
$router->parseRoutes();
return $router;
});
}
