initial commit

and maybe the only commit needed :)

.cradle.php

@@ -0,0 +1,44 @@
+<?php //-->
+
+use Cradle\Http\Request;
+use Cradle\Http\Response;
+
+/**
+ * Loads CSRF token in stage
+ *
+ * @param *Request  $request
+ * @param *Response $response
+ */
+$cradle->on('csrf-load', function (Request $request, Response $response) {
+    //render the key
+    $key = md5(uniqid());
+    if($request->hasSession('csrf')) {
+        $key = $request->getSession('csrf');
+    }
+
+    $request->setSession('csrf', $key);
+    $response->setStage('csrf', $key);
+});
+
+/**
+ * Validates CSRF
+ *
+ * @param *Request  $request
+ * @param *Response $response
+ */
+$cradle->on('csrf-validate', function (Request $request, Response $response) {
+    $actual = $request->getStage('csrf');
+    $expected = $request->getSession('csrf');
+
+    //no longer needed
+    $request->removeSession('csrf');
+
+    if($actual !== $expected) {
+        //prepare to error
+        $message = 'We prevented a potential attack on our servers coming from the request you just sent us.';
+        $message = $this->package('global')->translate($message);
+        $response->setError(true, $message);
+    }
+
+    //it passed
+});

README.md

@@ -1,2 +1,45 @@
 # cradle-csrf
 CSRF helpers
+
+## Install
+
+```
+composer require cradlephp/cradle-csrf
+```
+
+Then in `/bootstrap.php`, add
+
+```
+->register('cradlephp/cradle-csrf')
+```
+
+## Usage
+
+In any of your routes add the following code.
+
+```
+cradle()->trigger('csrf-load', $request, $response);
+```
+
+The CSRF token will be found in `$request->getStage('csrf')`. In your form
+template, be sure to add this key in a hidden field like the following.
+
+```
+<input name="csrf" value="{{csrf}}" />
+```
+
+When validating this form in a route you can use the following
+
+```
+cradle()->trigger('csrf-validate', $request, $response);
+```
+
+If there is an error, it will be found in the response error object message.
+You can check this using the following.
+
+```
+if($response->isError()) {
+    $message = $response->getMessage();
+    //report the error
+}
+```

composer.json

@@ -0,0 +1,25 @@
+{
+    "name": "cradlephp/cradle-csrf",
+    "type": "plugin",
+    "description": "CSRF handler for Cradle",
+    "minimum-stability": "dev",
+    "keywords": [
+        "cradle",
+        "cradlephp"
+    ],
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Christian Blanquera",
+            "email": "[email protected]"
+        }
+    ],
+    "require-dev": {
+        "phpunit/phpunit": "7.0.2",
+        "squizlabs/php_codesniffer": "3.2.3",
+        "satooshi/php-coveralls": "2.0.0"
+    },
+    "require": {
+        "cradlephp/framework": "~2.0.0"
+    }
+}