settings = $settings; $this->session = new Session($settings); } /** * Generate a CSRF token. * * @return string */ public function token(): string { if (!$this->session->has('csrf_token')) { $token = bin2hex(random_bytes(32)); $this->session->put('csrf_token', $token); } return $this->session->get('csrf_token'); } /** * Validate a CSRF token. * * @param string $token * @return bool */ public function validate(string $token): bool { $stored = $this->session->get('csrf_token'); return hash_equals($stored ?? '', $token); } /** * Regenerate CSRF token. */ public function regenerate(): void { $token = bin2hex(random_bytes(32)); $this->session->put('csrf_token', $token); }}