codeguy
diff --git a/‎Log Writers/TimestampLogFileWriter.php‎
Lines changed: 133 additions & 0 deletions b/‎Log Writers/TimestampLogFileWriter.php‎
Lines changed: 133 additions & 0 deletions
diff --git a/‎Middleware/CsrfGuard.php‎
Lines changed: 80 additions & 0 deletions b/‎Middleware/CsrfGuard.php‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎Middleware/HttpBasicAuth.php‎
Lines changed: 89 additions & 0 deletions b/‎Middleware/HttpBasicAuth.php‎
Lines changed: 89 additions & 0 deletions
@@ -0,0 +1,133 @@
+<?php
+/**
+ * Timestamp Log File Writer
+ *
+ * Use this custom log writer to output log messages
+ * to a daily, weekly, monthly, or yearly log file. Log
+ * files will inherently rotate based on the specified
+ * log file name format and the current time.
+ *
+ * USAGE
+ *
+ * $app = new Slim(array(
+ *     'log.writer' => new TimestampLogFileWriter()
+ * ));
+ *
+ * SETTINGS
+ *
+ * You may customize this log writer by passing an array of
+ * settings into the class constructor. Available options
+ * are shown above the constructor method below.
+ *
+ * @author Josh Lockhart <[email protected]>
+ * @copyright 2012 Josh Lockhart
+ *
+ * MIT LICENSE
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+class TimestampLogFileWriter {
+    /**
+     * @var resource
+     */
+    protected $resource;
+
+    /**
+     * @var array
+     */
+    protected $settings;
+
+    /**
+     * Constructor
+     *
+     * Prepare this log writer. Available settings are:
+     *
+     * path:
+     * (string) The relative or absolute filesystem path to a writable directory.
+     *
+     * name_format:
+     * (string) The log file name format; parsed with `date()`.
+     *
+     * message_format:
+     * (string) The log message format; available tokens are...
+     *     %label%      Replaced with the log message level (e.g. FATAL, ERROR, WARN).
+     *     %date%       Replaced with a ISO8601 date string for current timezone.
+     *     %message%    Replaced with the log message, coerced to a string.
+     *
+     * @param   array $settings
+     * @return  void
+     */
+    public function __construct( $settings = array() ) {
+        //Merge user settings
+        $this->settings = array_merge(array(
+            'path' => './logs',
+            'name_format' => 'Y-m-d',
+            'message_format' => '%label% - %date% - %message%'
+        ), $settings);
+
+        //Remove trailing slash from log path
+        $this->settings['path'] = rtrim($this->settings['path'], DIRECTORY_SEPARATOR);
+    }
+
+    /**
+     * Write to log
+     *
+     * @param   mixed $object
+     * @param   int   $level
+     * @return  void
+     */
+    public function write( $object, $level ) {
+        //Determine label
+        $label = 'DEBUG';
+        switch ( $level ) {
+            case 0:
+                $label = 'FATAL';
+                break;
+            case 1:
+                $label = 'ERROR';
+                break;
+            case 2:
+                $label = 'WARN';
+                break;
+            case 3:
+                $label = 'INFO';
+                break;
+        }
+
+        //Get formatted log message
+        $message = str_replace(array(
+            '%label%',
+            '%date%',
+            '%message%'
+        ), array(
+            $label,
+            date('c'),
+            (string)$object
+        ), $this->settings['message_format']);
+
+        //Open resource handle to log file
+        if (! $this->resource) {
+            $this->resource = fopen($this->settings['path'] . DIRECTORY_SEPARATOR . date($this->settings['name_format']), 'a');
+        }
+
+        //Output to resource
+        fwrite($this->resource, $message . PHP_EOL);
+    }
+}
@@ -0,0 +1,80 @@
+<?php
+
+/**
+ * CsrfGuard
+ *
+ * This middleware provides protection from CSRF attacks
+ * USAGE
+ *
+ * // Adding middleware
+ * $app = new Slim();
+ * $app->add(new CsrfGuard());
+ *
+ * // Setting token in view
+ * <input type="hidden" name="<?=$csrf_key?>" value="<?=$csrf_token?>">
+ *
+ * @author Mikhail Osher, https://github.com/miraage
+ * @version 1.0
+ */
+class CsrfGuard extends Slim_Middleware {
+    /**
+     * Request key
+     *
+     * @var string
+     */
+    protected $key;
+
+    /**
+     * Constructor
+     *
+     * @param string $key Request key
+     */
+    public function __construct( $key = 'csrf_token' ) {
+        // Validate key (i won't use htmlspecialchars)
+        if ( !is_string($key) || empty($key) || preg_match('/[^a-zA-Z0-9\-\_]/', $key) ) {
+            throw new OutOfBoundsException('Invalid key' . $key);
+        }
+
+        $this->key = $key;
+    }
+
+    /**
+     * Call middleware
+     */
+    public function call() {
+        // Attach as hook
+        $this->app->hook('slim.before', array($this, 'check'));
+
+        // Call next middleware
+        $this->next->call();
+    }
+
+    /**
+     * Check token
+     */
+    public function check() {
+        // Create token
+        if ( session_id() !== "" ){
+            if ( ! isset( $_SESSION[ $this->key ] ) ){
+                $_SESSION[ $this->key ] = sha1( serialize( $_SERVER ) . rand( 0, 0xffffffff ) );
+            }
+        } else {
+            throw new Exception( "Session are required to use CSRF Guard" );
+        }
+        $token = $_SESSION[ $this->key ];
+
+        // Validate
+        if ( in_array($this->app->request()->getMethod(), array('POST', 'PUT', 'DELETE')) ) {
+            $usertoken = $this->app->request()->post($this->key);
+            if ( $token !== $usertoken ) {
+                $this->app->halt(400, 'Missing token');
+            }
+        }
+
+        // Assign to view
+        $this->app->view()->appendData(array(
+            'csrf_key' => $this->key,
+            'csrf_token' => $token,
+        ));
+    }
+}
@@ -0,0 +1,89 @@
+<?php
+/**
+ * HTTP Basic Authentication
+ *
+ * Use this middleware with your Slim Framework application
+ * to require HTTP basic auth for all routes.
+ *
+ * @author Josh Lockhart <[email protected]>
+ * @version 1.0
+ * @copyright 2012 Josh Lockhart
+ *
+ * USAGE
+ *
+ * $app = new Slim();
+ * $app->add(new HttpBasicAuth('theUsername', 'thePassword'));
+ *
+ * MIT LICENSE
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+class HttpBasicAuth extends Slim_Middleware {
+    /**
+     * @var string
+     */
+    protected $realm;
+
+    /**
+     * @var string
+     */
+    protected $username;
+
+    /**
+     * @var string
+     */
+    protected $password;
+
+    /**
+     * Constructor
+     *
+     * @param   string  $username   The HTTP Authentication username
+     * @param   string  $password   The HTTP Authentication password
+     * @param   string  $realm      The HTTP Authentication realm
+     * @return  void
+     */
+    public function __construct( $username, $password, $realm = 'Protected Area' ) {
+        $this->username = $username;
+        $this->password = $password;
+        $this->realm = $realm;
+    }
+
+    /**
+     * Call
+     *
+     * This method will check the HTTP request headers for previous authentication. If
+     * the request has already authenticated, the next middleware is called. Otherwise,
+     * a 401 Authentication Required response is returned to the client.
+     *
+     * @return void
+     */
+    public function call() {
+        $req = $this->app->request();
+        $res = $this->app->response();
+        $authUser = $req->headers('PHP_AUTH_USER');
+        $authPass = $req->headers('PHP_AUTH_PW');
+        if ( $authUser && $authPass && $authUser === $this->username && $authPass === $this->password ) {
+            $this->next->call();
+        } else {
+            $res->status(401);
+            $res->header('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realm));
+        }
+    }
+}