/** * Handle an incoming request. * * @param Request $request * @param \Closure $next * @return Response * @throws InvalidCsrfTokenException */ public function handle(Request $request, Closure $next) : Response { $cookieData = $request->cookie('csrfToken'); if ($cookieData) { $this->_token = $cookieData; } $createCookie = false; if ($request->method() == 'GET' and $cookieData === null) { $this->_token = hash('sha1', Text::uuid()); $createCookie = true; } if (in_array($request->method(), ['PATCH', 'PUT', 'POST', 'DELETE'])) { $post = $request->data['_csrfToken']; $header = $request->header('X-CSRF-Token'); if (empty($cookieData)) { throw new InvalidCsrfTokenException('Missing CSRF token cookie'); } if ($post !== $cookieData and $header !== $cookieData) { throw new InvalidCsrfTokenException('CSRF token mismatch'); } } $response = $next($request); if ($createCookie) { $response->cookie('csrfToken', $this->_token); } return $response; }
/** * Handle an incoming request. * * @param Request $request * @param \Closure $next * @return mixed */ public function handle(Request $request, Closure $next) : Response { $encryption = Configuration::getInstance()->get("Cookie/Encryption/method", "rijndael"); foreach ($request->cookie() as $name => $value) { if ($this->isExcepted($name)) { continue; } $this->_cookies[$name] = $this->_decryptCookie($value, $encryption); } $response = $next($request); $encryption = Configuration::getInstance()->get("Cookie/Encryption/method", "rijndael"); foreach ($response->cookie() as $name => $value) { if ($this->isExcepted($name)) { continue; } $response->cookie($name, $this->_encryptCookie($value, $encryption)); } return $response; }