public function getTokenString(string $lockTo = '') : string
{
if (!isset($_SESSION[$this->sessionIndex])) {
$_SESSION[$this->sessionIndex] = [];
}
if (empty($lockTo)) {
$lockTo = $_SERVER['REQUEST_URI'] ?? '/';
}
if (\preg_match('#/$#', $lockTo)) {
$lockTo = Util::subString($lockTo, 0, Util::stringLength($lockTo) - 1);
}
list($index, $token) = $this->generateToken($lockTo);
if ($this->hmacIP) {
// Use a keyed BLAKE2b hash to only allow this particular IP to send this request
$token = Base64UrlSafe::encode(\Sodium\crypto_generichash($_SERVER['REMOTE_ADDR'] ?? '127.0.0.1', Base64UrlSafe::decode($token), \Sodium\CRYPTO_GENERICHASH_BYTES));
}
return $index . ':' . $token;
}