PHP/Web
PHP/Web
2
0
Fork 0
Code

add cookie manager

Browse Source
This commit is contained in:
Sky Johnson 2025-09-11 10:35:42 -05:00
parent 65bfec8078
commit 74ffbcb651
5 changed files with 296 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Context.php
View File

@ -2,6 +2,7 @@
require_once __DIR__ . '/Session.php'; require_once __DIR__ . '/Session.php';
require_once __DIR__ . '/Validator.php'; require_once __DIR__ . '/Validator.php';
require_once __DIR__ . '/Cookies.php';
/** /**
* Context holds the request, response, and shared state for a request * Context holds the request, response, and shared state for a request
@ -11,17 +12,20 @@ class Context
public Request $request; public Request $request;
public Response $response; public Response $response;
public Session $session; public Session $session;
public Cookies $cookie;
public array $state = []; public array $state = [];
/** /**
* __construct creates a new Context with request and response * __construct creates a new Context with request and response
*/ */
public function __construct() public function __construct(?Cookie $cookie = null)
{ {
$this->request = new Request(); $this->request = new Request();
$this->response = new Response(); $this->response = new Response();
$this->session = new Session(); $this->session = new Session();
$this->session->start(); $this->session->start();
$this->cookie = $cookie ?: new Cookies();
$this->response->setCookieManager($this->cookie);
} }
/** /**

240
Cookies.php Normal file
View File

@ -0,0 +1,240 @@
<?php
/**
* Cookie manager for consistent cookie handling
*/
class Cookies
{
private array $defaults;
public function __construct(array $defaults = [])
{
$this->defaults = array_merge([
'expires' => 0,
'path' => '/',
'domain' => '',
'secure' => false,
'httponly' => true,
'samesite' => 'Lax'
], $defaults);
}
/**
* Set a cookie
*/
public function set(string $name, string $value, array $options = []): bool
{
$options = array_merge($this->defaults, $options);
// Convert lifetime to expires timestamp if provided
if (isset($options['lifetime'])) {
$options['expires'] = time() + $options['lifetime'];
unset($options['lifetime']);
}
return setcookie($name, $value, $options);
}
/**
* Get a cookie value
*/
public function get(string $name, ?string $default = null): ?string
{
return $_COOKIE[$name] ?? $default;
}
/**
* Check if a cookie exists
*/
public function has(string $name): bool
{
return isset($_COOKIE[$name]);
}
/**
* Delete a cookie
*/
public function delete(string $name, array $options = []): bool
{
$options = array_merge($this->defaults, $options);
$options['expires'] = time() - 3600;
// Remove from $_COOKIE superglobal
unset($_COOKIE[$name]);
return setcookie($name, '', $options);
}
/**
* Set a cookie that expires when browser closes
*/
public function setSession(string $name, string $value, array $options = []): bool
{
$options['expires'] = 0;
return $this->set($name, $value, $options);
}
/**
* Set a cookie with specific lifetime in seconds
*/
public function setWithLifetime(string $name, string $value, int $lifetime, array $options = []): bool
{
$options['lifetime'] = $lifetime;
return $this->set($name, $value, $options);
}
/**
* Set a cookie that expires in specified days
*/
public function setForDays(string $name, string $value, int $days, array $options = []): bool
{
return $this->setWithLifetime($name, $value, $days * 86400, $options);
}
/**
* Set a cookie that expires in specified hours
*/
public function setForHours(string $name, string $value, int $hours, array $options = []): bool
{
return $this->setWithLifetime($name, $value, $hours * 3600, $options);
}
/**
* Set a cookie that expires in specified minutes
*/
public function setForMinutes(string $name, string $value, int $minutes, array $options = []): bool
{
return $this->setWithLifetime($name, $value, $minutes * 60, $options);
}
/**
* Set a forever cookie (5 years)
*/
public function forever(string $name, string $value, array $options = []): bool
{
return $this->setWithLifetime($name, $value, 157680000, $options); // 5 years
}
/**
* Get all cookies
*/
public function all(): array
{
return $_COOKIE;
}
/**
* Clear all cookies
*/
public function clear(): void
{
foreach ($_COOKIE as $name => $value) $this->delete($name);
}
/**
* Set default options
*/
public function setDefaults(array $defaults): void
{
$this->defaults = array_merge($this->defaults, $defaults);
}
/**
* Get default options
*/
public function getDefaults(): array
{
return $this->defaults;
}
/**
* Create a signed cookie value
*/
public function sign(string $value, string $secret): string
{
$signature = hash_hmac('sha256', $value, $secret);
return base64_encode($value . '|' . $signature);
}
/**
* Verify and extract signed cookie value
*/
public function verify(string $signedValue, string $secret): ?string
{
$decoded = base64_decode($signedValue);
if (!$decoded || !str_contains($decoded, '|')) return null;
[$value, $signature] = explode('|', $decoded, 2);
$expectedSignature = hash_hmac('sha256', $value, $secret);
if (!hash_equals($expectedSignature, $signature)) return null;
return $value;
}
/**
* Set a signed cookie
*/
public function setSigned(string $name, string $value, string $secret, array $options = []): bool
{
$signedValue = $this->sign($value, $secret);
return $this->set($name, $signedValue, $options);
}
/**
* Get and verify a signed cookie
*/
public function getSigned(string $name, string $secret, ?string $default = null): ?string
{
$signedValue = $this->get($name);
if ($signedValue === null) return $default;
$value = $this->verify($signedValue, $secret);
return $value !== null ? $value : $default;
}
/**
* Encrypt a cookie value
*/
public function encrypt(string $value, string $key): string
{
$iv = random_bytes(16);
$encrypted = openssl_encrypt($value, 'AES-256-CBC', $key, 0, $iv);
return base64_encode($iv . '|' . $encrypted);
}
/**
* Decrypt a cookie value
*/
public function decrypt(string $encryptedValue, string $key): ?string
{
$decoded = base64_decode($encryptedValue);
if (!$decoded || !str_contains($decoded, '|')) return null;
[$iv, $encrypted] = explode('|', $decoded, 2);
$decrypted = openssl_decrypt($encrypted, 'AES-256-CBC', $key, 0, $iv);
return $decrypted !== false ? $decrypted : null;
}
/**
* Set an encrypted cookie
*/
public function setEncrypted(string $name, string $value, string $key, array $options = []): bool
{
$encryptedValue = $this->encrypt($value, $key);
return $this->set($name, $encryptedValue, $options);
}
/**
* Get and decrypt a cookie
*/
public function getEncrypted(string $name, string $key, ?string $default = null): ?string
{
$encryptedValue = $this->get($name);
if ($encryptedValue === null) return $default;
$value = $this->decrypt($encryptedValue, $key);
return $value !== null ? $value : $default;
}
}

49
Response.php
View File

@ -1,5 +1,7 @@
<?php <?php
require_once __DIR__ . '/Cookies.php';
/** /**
* Response class represents an HTTP response * Response class represents an HTTP response
*/ */
@ -9,6 +11,16 @@ class Response
private array $headers = []; private array $headers = [];
private string $body = ''; private string $body = '';
private bool $sent = false; private bool $sent = false;
private ?Cookies $cookie = null;
/**
* Set the cookie manager for this response
*/
public function setCookieManager(Cookies $cookie): Response
{
$this->cookie = $cookie;
return $this;
}
/** /**
* Set the HTTP status code for the response * Set the HTTP status code for the response
@ -76,23 +88,28 @@ class Response
*/ */
public function cookie(string $name, string $value, array $options = []): Response public function cookie(string $name, string $value, array $options = []): Response
{ {
$options = array_merge([ if ($this->cookie) {
'expires' => 0, $this->cookie->set($name, $value, $options);
'path' => '/', } else {
'domain' => '', // Fallback to direct setcookie if no Cookie manager is set
'secure' => false, $options = array_merge([
'httponly' => true, 'expires' => 0,
'samesite' => 'Lax' 'path' => '/',
], $options); 'domain' => '',
'secure' => false,
'httponly' => true,
'samesite' => 'Lax'
], $options);
setcookie($name, $value, [ setcookie($name, $value, [
'expires' => $options['expires'], 'expires' => $options['expires'],
'path' => $options['path'], 'path' => $options['path'],
'domain' => $options['domain'], 'domain' => $options['domain'],
'secure' => $options['secure'], 'secure' => $options['secure'],
'httponly' => $options['httponly'], 'httponly' => $options['httponly'],
'samesite' => $options['samesite'] 'samesite' => $options['samesite']
]); ]);
}
return $this; return $this;
} }

7
Web.php
View File

@ -6,6 +6,7 @@ require_once __DIR__ . '/Response.php';
require_once __DIR__ . '/Context.php'; require_once __DIR__ . '/Context.php';
require_once __DIR__ . '/Router.php'; require_once __DIR__ . '/Router.php';
require_once __DIR__ . '/ErrorHandler.php'; require_once __DIR__ . '/ErrorHandler.php';
require_once __DIR__ . '/Cookies.php';
/** /**
* Web is the application controller itself * Web is the application controller itself
@ -16,11 +17,13 @@ class Web
private array $middleware = []; private array $middleware = [];
private Context $context; private Context $context;
private ErrorHandler $errorHandler; private ErrorHandler $errorHandler;
private Cookies $cookie;
public function __construct(bool $debug = false) public function __construct(bool $debug = false, array $cookieDefaults = [])
{ {
$this->router = new Router(); $this->router = new Router();
$this->errorHandler = new ErrorHandler($debug); $this->errorHandler = new ErrorHandler($debug);
$this->cookie = new Cookies($cookieDefaults);
} }
public function use(callable $middleware): self public function use(callable $middleware): self
@ -118,7 +121,7 @@ class Web
public function run(): void public function run(): void
{ {
$this->context = new Context(); $this->context = new Context($this->cookie);
try { try {
$next = function() { $next = function() {

42
auth/Auth.php
View File

@ -2,6 +2,7 @@
require_once __DIR__ . '/User.php'; require_once __DIR__ . '/User.php';
require_once __DIR__ . '/../Session.php'; require_once __DIR__ . '/../Session.php';
require_once __DIR__ . '/../Cookies.php';
/** /**
* Simplified Auth handles user authentication with external verification * Simplified Auth handles user authentication with external verification
@ -9,6 +10,7 @@ require_once __DIR__ . '/../Session.php';
class Auth class Auth
{ {
private Session $session; private Session $session;
private Cookies $cookie;
private ?User $user = null; private ?User $user = null;
private array $config; private array $config;
@ -16,17 +18,17 @@ class Auth
const REMEMBER_COOKIE = 'remember_token'; const REMEMBER_COOKIE = 'remember_token';
const REMEMBER_DURATION = 2592000; // 30 days in seconds const REMEMBER_DURATION = 2592000; // 30 days in seconds
public function __construct(Session $session, array $config = []) public function __construct(Session $session, ?Cookie $cookie = null, array $config = [])
{ {
$this->session = $session; $this->session = $session;
$this->cookie = $cookie ?: new Cookies([
'path' => '/',
'httponly' => true,
'samesite' => 'Lax'
]);
$this->config = array_merge([ $this->config = array_merge([
'cookie_name' => self::REMEMBER_COOKIE, 'cookie_name' => self::REMEMBER_COOKIE,
'cookie_lifetime' => self::REMEMBER_DURATION, 'cookie_lifetime' => self::REMEMBER_DURATION
'cookie_path' => '/',
'cookie_domain' => '',
'cookie_secure' => false,
'cookie_httponly' => true,
'cookie_samesite' => 'Lax'
], $config); ], $config);
$this->initializeFromSession(); $this->initializeFromSession();
@ -176,17 +178,10 @@ class Auth
*/ */
private function setRememberCookie(string $value): void private function setRememberCookie(string $value): void
{ {
setcookie( $this->cookie->setWithLifetime(
$this->config['cookie_name'], $this->config['cookie_name'],
$value, $value,
[ $this->config['cookie_lifetime']
'expires' => time() + $this->config['cookie_lifetime'],
'path' => $this->config['cookie_path'],
'domain' => $this->config['cookie_domain'],
'secure' => $this->config['cookie_secure'],
'httponly' => $this->config['cookie_httponly'],
'samesite' => $this->config['cookie_samesite']
]
); );
} }
@ -195,18 +190,7 @@ class Auth
*/ */
private function clearRememberCookie(): void private function clearRememberCookie(): void
{ {
setcookie( $this->cookie->delete($this->config['cookie_name']);
$this->config['cookie_name'],
'',
[
'expires' => time() - 3600,
'path' => $this->config['cookie_path'],
'domain' => $this->config['cookie_domain'],
'secure' => $this->config['cookie_secure'],
'httponly' => $this->config['cookie_httponly'],
'samesite' => $this->config['cookie_samesite']
]
);
} }
/** /**
@ -214,7 +198,7 @@ class Auth
*/ */
private function getUserDataFromRememberCookie(): ?array private function getUserDataFromRememberCookie(): ?array
{ {
$cookie = $_COOKIE[$this->config['cookie_name']] ?? null; $cookie = $this->cookie->get($this->config['cookie_name']);
if (!$cookie || !str_contains($cookie, '|')) return null; if (!$cookie || !str_contains($cookie, '|')) return null;