Initial commit

Author: Mykolas Mankevicius

DynamicToken/DynamicTokenController.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace Statamic\Addons\DynamicToken;
+
+use Illuminate\Http\Request;
+use Statamic\Extend\Controller;
+
+class DynamicTokenController extends Controller
+{
+    /**
+     * Get refreshed CSRF token.
+     *
+     * @return string
+     */
+    public function getRefresh(Request $request)
+    {
+        // checks that the request is comming from your own website.
+        $referer = $request->headers->get('referer');
+        // where APP_URL WOULD BE `site.com`
+        $appUrl = env('APP_URL');
+        $httpUrl = "http://{$appUrl}";
+        $httpsUrl = "https://{$appUrl}";
+        $startWithAppUrl = starts_with($referer, $httpUrl) || starts_with($referer, $httpsUrl);
+        if (empty($referer) || !$startWithAppUrl) {
+            abort(404);
+        }
+
+        return csrf_token();
+    }
+}

DynamicToken/DynamicTokenTags.php

@@ -0,0 +1,62 @@
+<?php
+
+namespace Statamic\Addons\DynamicToken;
+
+use Statamic\Extend\Tags;
+
+class DynamicTokenTags extends Tags
+{
+  /**
+   * The {{ dynamic_token }} tag
+   * inserts a script which will add tokens to all forms which have an input with a name="_token"
+   * refreshes said token every 15 minutes
+   * @return string
+   */
+  public function index()
+  {
+    $route = '/!/DynamicToken/refresh';
+    $selector = 'form input[name="_token"]';
+    return "
+        <script>
+        if (document.querySelectorAll('{$selector}').length > 0) {
+          //add a ponyfill for IE11
+          if (window.NodeList && !NodeList.prototype.forEach) {
+            NodeList.prototype.forEach = function(callback, thisArg) {
+              thisArg = thisArg || window;
+              for (var i = 0; i < this.length; i++) {
+                callback.call(thisArg, this[i], i, this);
+              }
+            };
+          }
+
+          // simple httprequest
+          function httpGetAsync(theUrl, callback) {
+            var xmlHttp = new XMLHttpRequest();
+            xmlHttp.onreadystatechange = function() {
+              if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
+              callback(xmlHttp.responseText);
+            };
+            xmlHttp.open('GET', theUrl, true); // true for asynchronous
+            xmlHttp.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
+            xmlHttp.send(null);
+          }
+
+          function setToken(token) {
+            document
+              .querySelectorAll('{$selector}')
+              .forEach(function(item) {
+                item.value = token;
+              });
+          }
+
+          function updateToken() {
+            httpGetAsync('{$route}', setToken);
+          }
+
+          updateToken();
+
+          setInterval(updateToken, 15 * 60 * 1000); // Every 15 minutes.
+        }
+      </script>";
+  }
+}

DynamicToken/composer.json

@@ -0,0 +1,5 @@
+{
+    "name": "mykolas-mankevicius/dynamic-token",
+    "require": {
+    }
+}

DynamicToken/meta.yaml

@@ -0,0 +1,6 @@
+name: 'Dynamic Token'
+version: '1.0'
+description: 'With {{ dynamic_token }} tag, adds dynamic crsf tokens to all forms which contain input name="_token" effectivelly providing dynamic forms in static pages'
+developer: 'Mykolas Mankevicius'
+developer_url: 'https://www.co-openhagen.com/'
+commercial: true