Add RequireCsrfToken.

Signed-off-by: crynobone <[email protected]>

Middleware/RequireCsrfToken.php

@@ -0,0 +1,61 @@
+<?php namespace Orchestra\Http\Middleware;
+
+use Closure;
+use Illuminate\Support\Str;
+use Illuminate\Contracts\Encryption\Encrypter;
+use Illuminate\Session\TokenMismatchException;
+
+class RequireCsrfToken
+{
+    /**
+     * The encrypter implementation.
+     *
+     * @var \Illuminate\Contracts\Encryption\Encrypter
+     */
+    protected $encrypter;
+
+    /**
+     * Create a new filter instance.
+     *
+     * @param  \Illuminate\Contracts\Encryption\Encrypter  $encrypter
+     */
+    public function __construct(Encrypter $encrypter)
+    {
+        $this->encrypter = $encrypter;
+    }
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        if (! $this->tokensMatch($request)) {
+            throw new TokenMismatchException();
+        }
+
+        return $next($request);
+    }
+
+    /**
+     * Determine if the session and input CSRF tokens match.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     *
+     * @return bool
+     */
+    protected function tokensMatch($request)
+    {
+        $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
+
+        if (! $token && $header = $request->header('X-XSRF-TOKEN')) {
+            $token = $this->encrypter->decrypt($header);
+        }
+
+        return Str::equals($request->session()->token(), $token);
+    }
+}