/**
* Execute the middleware.
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param callable $next
*
* @return ResponseInterface
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
if (!self::hasAttribute($request, ClientIp::KEY)) {
throw new RuntimeException('Csrf middleware needs ClientIp executed before');
}
if (Utils\Helpers::getMimeType($response) !== 'text/html') {
return $next($request, $response);
}
$tokens =& self::getStorage($request, self::KEY);
if (Utils\Helpers::isPost($request) && !$this->validateRequest($request, $tokens)) {
return $response->withStatus(403);
}
$generator = function ($action = null) use($request, &$tokens) {
if (empty($action)) {
$action = $request->getUri()->getPath();
}
return $this->generateTokens($request, $action, $tokens);
};
if (!$this->autoInsert) {
$request = self::setAttribute($request, self::KEY_GENERATOR, $generator);
return $next($request, $response);
}
$response = $next($request, $response);
return $this->insertIntoPostForms($response, function ($match) use($generator) {
preg_match('/action=["\']?([^"\'\\s]+)["\']?/i', $match[0], $matches);
return $match[0] . $generator(isset($matches[1]) ? $matches[1] : null);
});
}