Readme

binaryk · binaryk · commit eb7990043e15 · 2020-04-06T00:28:08.000+03:00
diff --git a/README.md b/README.md
@@ -27,20 +27,41 @@ composer require binarcode/laravel-stateless-session
 1. Trigger session, make a GET request to: `/api/csrf-header`. This will return a header with the session key and an optional header with CSRF token `XSRF-TOKEN`. 
 The header name could be configured in: `stateless.header`
 
-2. Use this session key for every request you want to take care of the session.
+2. Use this header session key/value for every request you want to take care of the session.
 
-3. If you want to benefit of the CSRF protection of your requests, you should add the follow middleware to your routes:
+3. If you want to benefit of the CSRF protection of your requests, you should add the follow middlewares to your routes:
 ```php
-->middleware(Binarcode\LaravelStatelessSession\Http\Middleware\VerifyHeaderCsrfToken::class);
+use Binarcode\LaravelStatelessSession\Http\Middleware\StatelessStartSession;
+use Binarcode\LaravelStatelessSession\Http\Middleware\StatelessVerifyCsrfToken;
+
+->middleware([
+    StatelessStartSession::class,
+    StatelessVerifyCsrfToken::class,
+]);
+```
+
+You can create a middleware group in your Http\Kernel with these 2 routes as:
+
+```php
+protected $middlewareGroups = [
+// ...
+    'stateless.csrf' => [
+        StatelessStartSession::class,
+        StatelessVerifyCsrfToken::class,
+    ],
+// ...
+]
 ```
 
-Now the server will return 419 (Page expired code). Unless you send back a request header named: `X-CSRF-TOKEN` with the value received by the first GET request in the `XSRF-TOKEN` header.
+Now the server will return 419 (Page expired code).
+ 
+Unless you send back a request header named: `X-CSRF-TOKEN` with the value received by the first GET request in the `XSRF-TOKEN` header.
 
-That's it.
+Done.
 
-At this point you have CSRF protection. 
+- At this point you have CSRF protection. 
 
-And you can play with `SessionManager` and use the `session()` helper to store/get information (e.g. flash sessions).
+- And you can play with `SessionManager` and use the `session()` helper to store/get information (e.g. flash sessions).
 
 ## Config
 
diff --git a/src/Http/Middleware/StatelessStartSession.php b/src/Http/Middleware/StatelessStartSession.php
@@ -9,7 +9,7 @@
 use Illuminate\Session\Store;
 use Symfony\Component\HttpFoundation\Response;
 
-class StartStatelessSession extends StartSession
+class StatelessStartSession extends StartSession
 {
     public function handle($request, Closure $next)
     {
diff --git a/src/Http/Middleware/StatelessVerifyCsrfToken.php b/src/Http/Middleware/StatelessVerifyCsrfToken.php
@@ -6,7 +6,7 @@
 use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
 use Illuminate\Session\TokenMismatchException;
 
-class VerifyHeaderCsrfToken extends Middleware
+class StatelessVerifyCsrfToken extends Middleware
 {
     /**
      * Handle an incoming request.
diff --git a/src/LaravelStatelessSessionServiceProvider.php b/src/LaravelStatelessSessionServiceProvider.php
@@ -2,10 +2,11 @@
 
 namespace Binarcode\LaravelStatelessSession;
 
-use Binarcode\LaravelStatelessSession\Http\Middleware\StartStatelessSession;
-use Illuminate\Support\ServiceProvider;
-use Illuminate\Support\Facades\Route;
 use Binarcode\LaravelStatelessSession\Http\Controllers\CsrfHeaderController;
+use Binarcode\LaravelStatelessSession\Http\Middleware\StatelessStartSession;
+use Binarcode\LaravelStatelessSession\Http\Middleware\StatelessVerifyCsrfToken;
+use Illuminate\Support\Facades\Route;
+use Illuminate\Support\ServiceProvider;
 
 class LaravelStatelessSessionServiceProvider extends ServiceProvider
 {
@@ -18,7 +19,7 @@ public function boot()
 
         if ($this->app->runningInConsole()) {
             $this->publishes([
-                __DIR__.'/../config/config.php' => config_path('stateless.php'),
+                __DIR__ . '/../config/config.php' => config_path('stateless.php'),
             ], 'config');
         }
     }
@@ -31,7 +32,7 @@ public function register()
         $this->registerSessionManager();
 
         // Automatically apply the package configuration
-        $this->mergeConfigFrom(__DIR__.'/../config/config.php', 'stateless');
+        $this->mergeConfigFrom(__DIR__ . '/../config/config.php', 'stateless');
 
         $this->app->singleton('laravel-stateless-session', function () {
             return new LaravelStatelessSession;
@@ -59,8 +60,11 @@ protected function defineRoutes()
         Route::group(['prefix' => config('stateless.prefix', 'api')], function () {
             Route::get(
                 '/csrf-header',
-                CsrfHeaderController::class.'@show'
-            )->middleware(StartStatelessSession::class);
+                CsrfHeaderController::class . '@show'
+            )->middleware([
+                StatelessStartSession::class,
+                StatelessVerifyCsrfToken::class,
+            ]);
         });
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`	`use Illuminate\Session\Store;`
`10`	`10`	`use Symfony\Component\HttpFoundation\Response;`
`11`	`11`
`12`		`-class StartStatelessSession extends StartSession`
	`12`	`+class StatelessStartSession extends StartSession`
`13`	`13`	`{`
`14`	`14`	`public function handle($request, Closure $next)`
`15`	`15`	`{`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;`
`7`	`7`	`use Illuminate\Session\TokenMismatchException;`
`8`	`8`
`9`		`-class VerifyHeaderCsrfToken extends Middleware`
	`9`	`+class StatelessVerifyCsrfToken extends Middleware`
`10`	`10`	`{`
`11`	`11`	`/**`
`12`	`12`	`* Handle an incoming request.`