update

autoload/Shared/Security/CsrfToken.php

@@ -0,0 +1,26 @@
+<?php
+namespace Shared\Security;
+
+class CsrfToken
+{
+    const SESSION_KEY = 'csrf_token';
+
+    public static function getToken(): string
+    {
+        if (empty($_SESSION[self::SESSION_KEY])) {
+            $_SESSION[self::SESSION_KEY] = bin2hex(random_bytes(32));
+        }
+        return (string) $_SESSION[self::SESSION_KEY];
+    }
+
+    public static function validate(string $token): bool
+    {
+        $sessionToken = isset($_SESSION[self::SESSION_KEY]) ? (string) $_SESSION[self::SESSION_KEY] : '';
+        return $sessionToken !== '' && hash_equals($sessionToken, $token);
+    }
+
+    public static function regenerate(): void
+    {
+        $_SESSION[self::SESSION_KEY] = bin2hex(random_bytes(32));
+    }
+}