Woles-Framework/app/Core/Middleware/CsrfMiddleware.php

<?php

namespace App\Core\Middleware;

/**
 * CSRF Middleware
 * Cross-Site Request Forgery protection
 */
class CsrfMiddleware
{
    public function handle(string $method, string $uri, callable $next): void
    {
        // Skip CSRF check for GET requests
        if ($method === 'GET') {
            $next();
            return;
        }

        // Skip CSRF check for API routes (if Accept header is application/json)
        if (isset($_SERVER['HTTP_ACCEPT']) && str_contains($_SERVER['HTTP_ACCEPT'], 'application/json')) {
            $next();
            return;
        }

        // Check CSRF token
        $token = $_POST['_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;

        if (!$token || !$this->verifyToken($token)) {
            http_response_code(419);
            echo "<h1>419 - Page Expired</h1>";
            echo "<p>CSRF token mismatch. Please refresh the page and try again.</p>";
            return;
        }

        // Continue to next middleware
        $next();
    }

    /**
     * Verify CSRF token
     */
    private function verifyToken(string $token): bool
    {
        if (!isset($_SESSION['csrf_token'])) {
            return false;
        }

        return hash_equals($_SESSION['csrf_token'], $token);
    }
}
feat: Complete Woles Framework v1.0 with enterprise-grade UI - Add comprehensive error handling system with custom error pages - Implement professional enterprise-style design with Tailwind CSS - Create modular HMVC architecture with clean separation of concerns - Add security features: CSRF protection, XSS filtering, Argon2ID hashing - Include CLI tools for development workflow - Add error reporting dashboard with system monitoring - Implement responsive design with consistent slate color scheme - Replace all emoji icons with professional SVG icons - Add comprehensive test suite with PHPUnit - Include database migrations and seeders - Add proper exception handling with fallback pages - Implement template engine with custom syntax support - Add helper functions and facades for clean code - Include proper logging and debugging capabilities 2025-10-11 07:08:23 +07:00			`<?php`

			`namespace App\Core\Middleware;`

			`/**`
			`* CSRF Middleware`
			`* Cross-Site Request Forgery protection`
			`*/`
			`class CsrfMiddleware`
			`{`
			`public function handle(string $method, string $uri, callable $next): void`
			`{`
			`// Skip CSRF check for GET requests`
			`if ($method === 'GET') {`
			`$next();`
			`return;`
			`}`

			`// Skip CSRF check for API routes (if Accept header is application/json)`
			`if (isset($_SERVER['HTTP_ACCEPT']) && str_contains($_SERVER['HTTP_ACCEPT'], 'application/json')) {`
			`$next();`
			`return;`
			`}`

			`// Check CSRF token`
			`$token = $_POST['_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;`

			`if (!$token \|\| !$this->verifyToken($token)) {`
			`http_response_code(419);`
			`echo "<h1>419 - Page Expired</h1>";`
			`echo "<p>CSRF token mismatch. Please refresh the page and try again.</p>";`
			`return;`
			`}`

			`// Continue to next middleware`
			`$next();`
			`}`

			`/**`
			`* Verify CSRF token`
			`*/`
			`private function verifyToken(string $token): bool`
			`{`
			`if (!isset($_SESSION['csrf_token'])) {`
			`return false;`
			`}`

			`return hash_equals($_SESSION['csrf_token'], $token);`
			`}`
			`}`