/** * @param ServerRequestInterface $request * @param callable $next * @return ResponseInterface */ public function auth(ServerRequestInterface $request, Closure $next) { if (Session::get('isLogin') === true) { return $next($request); } $csrf = new Csrf(); return Response::plain($this->view->render('admin/login', ['token' => $csrf->getToken()])); }
/** * @param string $token * @return bool */ public function isInSafety($token) { return Session::get('_csrf_token') === $token; }