From 3f21ddeab134bcc4a0a43ffe0c01b539a15cf946 Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Fri, 31 Oct 2025 12:10:00 +0200
Subject: [PATCH] add auth and csrf-twig middleware

---
 src/MiddleWare/AuthMiddleware.php       | 27 ++++++++++++++++++++++++
 src/MiddleWare/CsrfToTwigMiddleware.php | 28 +++++++++++++++++++++++++
 2 files changed, 55 insertions(+)
 create mode 100644 src/MiddleWare/AuthMiddleware.php
 create mode 100644 src/MiddleWare/CsrfToTwigMiddleware.php

diff --git a/src/MiddleWare/AuthMiddleware.php b/src/MiddleWare/AuthMiddleware.php
new file mode 100644
index 0000000..b95db60
--- /dev/null
+++ b/src/MiddleWare/AuthMiddleware.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace FreightQuote\MiddleWare;
+
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface as Handler;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Message\ResponseInterface as Response;
+use Slim\Psr7\Response as SlimResponse;
+
+class AuthMiddleware implements MiddlewareInterface
+{
+    public function process(Request $request, Handler $handler): Response
+    {
+        if (isset($_SESSION['user_id'])) {
+            return $handler->handle($request);
+        }
+
+        $uri = $request->getUri()->getPath();
+        if ($uri !== '/login' && $uri !== '/logout') {
+            $_SESSION['intended'] = $uri;
+        }
+        $resp = new SlimResponse(302);
+
+        return $resp->withHeader('Location', '/login');
+    }
+}
diff --git a/src/MiddleWare/CsrfToTwigMiddleware.php b/src/MiddleWare/CsrfToTwigMiddleware.php
new file mode 100644
index 0000000..c17bc1d
--- /dev/null
+++ b/src/MiddleWare/CsrfToTwigMiddleware.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace FreightQuote\MiddleWare;
+
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Server\RequestHandlerInterface as Handler;
+use Psr\Http\Server\MiddlewareInterface;
+use Slim\Views\Twig;
+
+class CsrfToTwigMiddleware implements MiddlewareInterface
+{
+    public function __construct(private Twig $twig) {}
+
+    public function process(Request $request, Handler $handler): Response
+    {
+        // These will be null on some requests (like first GET), so we guard it
+        $nameKey  = $request->getAttribute('csrf_name');
+        $valueKey = $request->getAttribute('csrf_value');
+
+        $this->twig->getEnvironment()->addGlobal('csrf', [
+            'name'  => $nameKey,
+            'value' => $valueKey,
+        ]);
+
+        return $handler->handle($request);
+    }
+}