Added skipCSRF method to \Pecee\SimpleRouter\Route\RouteUrl to exclude a route from CSRF checking

Author: dariodelogu

src/Pecee/Http/Middleware/BaseCsrfVerifier.php

@@ -129,4 +129,13 @@ public function setTokenProvider(ITokenProvider $provider): void
         $this->tokenProvider = $provider;
     }
 
+    /**
+     * Add a URL to the exception list.
+     * @param string $url The URL to be added to the exception list.
+     */
+    public function addException(string $url)
+    {
+        $this->except[] = $url;
+    }
+
 }

src/Pecee/SimpleRouter/Route/RouteUrl.php

@@ -44,4 +44,16 @@ public function matchRoute(string $url, Request $request): bool
         return true;
     }
 
+    /**
+     * Add an exception to CSRF verifier
+     * Excludes the route from CSRF token verification.
+     * @example
+     * \Pecee\SimpleRouter\SimpleRouter::post("/some/url", ...)->skipCSRF();
+     */
+    public function skipCSRF()
+    {
+        \Pecee\SimpleRouter\SimpleRouter::router()->getCsrfVerifier()->addException($this->url);
+        return $this;
+    }
+
 }

tests/Pecee/SimpleRouter/Dummy/CsrfVerifier/DummyCsrfVerifier.php

@@ -15,4 +15,8 @@ public function testSkip(\Pecee\Http\Request $request) {
         return $this->skip($request);
     }
 
+    public function getExcept() {
+        return $this->except;
+    }
+
 }

tests/Pecee/SimpleRouter/SkipCSRFTest.php

@@ -0,0 +1,17 @@
+<?php
+require_once 'Dummy/CsrfVerifier/DummyCsrfVerifier.php';
+require_once 'Dummy/Security/SilentTokenProvider.php';
+require_once 'Dummy/DummyController.php';
+
+class SkipCSRFTest extends \PHPUnit\Framework\TestCase
+{
+
+    public function testSkipCSRF()
+    {
+        $csrf = new DummyCsrfVerifier();
+        TestRouter::csrfVerifier($csrf);
+        TestRouter::post("/skip-csrf", [DummyController::class, "method1"])->skipCSRF();
+        $this->assertContains("/skip-csrf/", $csrf->getExcept());
+    }
+
+}