/** * @return string */ public function __invoke() { $token = $this->session->get('csrf', null); $expiry = $this->session->get('csrfExpiry', 0); if ($expiry < time() || !$token) { $token = base64_encode(openssl_random_pseudo_bytes(32)); $this->session->set('csrf', $token); $this->session->set('csrfExpiry', time() + 3600); } return $token; }
/** * @param ArhitectRequest $request * @param callable $next * * @return mixed */ public function handle(ArhitectRequest $request, callable $next) { switch ($request->getMethod()) { case Request::METHOD_POST: case Request::METHOD_PUT: case Request::METHOD_DELETE: $crossSiteForgeryToken = $request->any('csrf'); if (!$crossSiteForgeryToken || $crossSiteForgeryToken != $this->session->get('csrf', NULL)) { $this->session->getErrorsBag()->add('csrf', $this->translator->translate('The request has expired. Please submit the form again.')); } break; } return $next($request); }
/** * @return mixed */ public function getIdentity() { return $this->session->get(get_class($this)); }