PHP Classes

File: src/Discretion/Middleware/HTTPPost.php

Recommend this page to a friend!
  Classes of Scott Arciszewski   Discretion   src/Discretion/Middleware/HTTPPost.php   Download  
File: src/Discretion/Middleware/HTTPPost.php
Role: Class source
Content type: text/plain
Description: Class source
Class: Discretion
Show contact forms and deliver encrypted mail
Author: By
Last change:
Date: 2 years ago
Size: 2,455 bytes
 

Contents

Class file image Download
<?php
declare(strict_types=1);
namespace
ParagonIE\Discretion\Middleware;

use
ParagonIE\AntiCSRF\AntiCSRF;
use
ParagonIE\Discretion\Discretion;
use
ParagonIE\Discretion\Exception\SecurityException;
use
ParagonIE\Discretion\MiddlewareInterface;
use
Psr\Http\Message\{
   
RequestInterface,
   
ResponseInterface
};
use
Slim\Http\Request;

/**
 * Class HTTPPost
 * @package ParagonIE\Discretion\Middleware
 */
class HTTPPost implements MiddlewareInterface
{
    const
PROPERTIES_TO_SET = ['csrf_mitigated'];

   
/**
     * @return void
     * @throws SecurityException
     * @throws \Error
     */
   
protected function assertCSRFPassed()
    {
       
$antiCSRF = new AntiCSRF();

        if (!
$antiCSRF->validateRequest()) {
            throw new
SecurityException('This request has triggered our Anti-CSRF Protection');
        }
    }

   
/**
     * Ensure all requests are immune to CSRF.
     *
     * @param RequestInterface $request
     * @param ResponseInterface $response
     * @param callable $next
     * @return ResponseInterface
     * @throws \Error
     * @throws \Twig_Error_Loader
     * @throws \Twig_Error_Runtime
     * @throws \Twig_Error_Syntax
     */
   
public function __invoke(
       
RequestInterface $request,
       
ResponseInterface $response,
        callable
$next
   
): ResponseInterface {
        if (
$request instanceof Request) {
            if (
$request->isPost()) {
                try {
                   
$this->assertCSRFPassed();
                   
/** @var string $prop */
                   
foreach (static::PROPERTIES_TO_SET as $prop) {
                        if (!\
is_string($prop)) {
                            continue;
                        }
                       
$request = $request->withAttribute($prop, true);
                    }
                } catch (
SecurityException $ex) {
                    return
Discretion::errorResponse(
                       
$ex->getMessage(),
                       
403
                   
);
                } catch (\
Throwable $ex) {
                    return
Discretion::errorResponse('An unknown error has occurred.');
                }
            }
        }
       
/** @var ResponseInterface $response */
       
$response = $next($request, $response);
        if (!(
$response instanceof ResponseInterface)) {
            throw new \
TypeError('Response not an instance of ResponseInterface');
        }
        return
$response;
    }
}