CsrfTrait.php

Pfad: src/Framework/Http/CsrfTrait.php
Namespace: Framework\Http
Zeilen: 50 | Größe: 1,144 Bytes
Geändert: 2025-12-29 00:18:47 | Gescannt: 2025-12-31 10:22:15

Code Hygiene Score: 100

Dependencies: 100 (25%)
LOC: 100 (20%)
Methods: 100 (20%)
Secrets: 100 (15%)
Classes: 100 (10%)
Magic Numbers: 100 (10%)

Keine Issues gefunden.

Dependencies 1

use Framework\CsrfService

Klassen 1

CsrfTrait trait Zeile 11

Funktionen 5

csrfToken() protected Zeile 13
csrfField() protected Zeile 18
validateCsrf() protected Zeile 23
requireCsrf() protected Zeile 30
isJsonRequest() private Zeile 42

Verwendet von 2

Controller.php use
Controller.php trait

Versionen 1

v1 2025-12-29 00:18 | claude-code-hook | modified
Claude Code Pre-Hook Backup vor Edit-Operation

Code

<?php

declare(strict_types=1);

namespace Framework\Http;

// @responsibility: CSRF-Token-Handling für Controller

use Framework\CsrfService;

trait CsrfTrait
{
    protected function csrfToken(): string
    {
        return CsrfService::getToken();
    }

    protected function csrfField(): string
    {
        return CsrfService::getTokenField();
    }

    protected function validateCsrf(): bool
    {
        $token = $_POST['_csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;

        return CsrfService::validateToken($token);
    }

    protected function requireCsrf(): void
    {
        if (!$this->validateCsrf()) {
            if ($this->isJsonRequest()) {
                $this->json(['error' => 'CSRF token invalid'], 403);
            } else {
                $this->text('CSRF token invalid', 403);
            }
            exit;
        }
    }

    private function isJsonRequest(): bool
    {
        $accept = $_SERVER['HTTP_ACCEPT'] ?? '';
        $contentType = $_SERVER['CONTENT_TYPE'] ?? '';

        return str_contains($accept, 'application/json') || str_contains($contentType, 'application/json');
    }
}

← Übersicht Graph