use router interface more strictly

Message/Socket/PacketManager.php

@@ -77,7 +77,7 @@ class PacketManager
         $response = new SocketResponse();
 
         $this->dispatcher->dispatch(
-            $this->router->route($data, RouteVerb::ANY, 'Socket', 1, $client->getAccount()),
+            $this->router->route($data, null, RouteVerb::ANY, 'Socket', 1, $client->getAccount()),
             $request,
             $response
         );

Router/RouterInterface.php

@@ -14,6 +14,8 @@ declare(strict_types=1);
 
 namespace phpOMS\Router;
 
+use phpOMS\Account\Account;
+
 /**
  * Router interface.
  *
@@ -42,4 +44,52 @@ interface RouterInterface
      * @since 1.0.0
      */
     public function clear() : void;
+
+    /**
+     * Add route.
+     *
+     * @param string $route       Route regex
+     * @param mixed  $destination Destination e.g. Module:function string or callback
+     * @param int    $verb        Request verb
+     * @param bool   $csrf        Is CSRF token required
+     * @param array  $validation  Validation patterns
+     * @param string $dataPattern Data patterns
+     *
+     * @return void
+     *
+     * @since 1.0.0
+     */
+    public function add(
+        string $route,
+        mixed $destination,
+        int $verb = RouteVerb::GET,
+        bool $csrf = false,
+        array $validation = [],
+        string $dataPattern = ''
+    ) : void;
+
+    /**
+     * Route request.
+     *
+     * @param string  $uri     Route
+     * @param string  $csrf    CSRF token
+     * @param int     $verb    Route verb
+     * @param string  $app     Application name
+     * @param int     $orgId   Organization id
+     * @param Account $account Account
+     * @param array   $data    Data
+     *
+     * @return array
+     *
+     * @since 1.0.0
+     */
+    public function route(
+        string $uri,
+        string $csrf = null,
+        int $verb = RouteVerb::GET,
+        string $app = null,
+        int $orgId = null,
+        Account $account = null,
+        array $data = null
+    ) : array;
 }

Router/SocketRouter.php

@@ -82,22 +82,13 @@ final class SocketRouter implements RouterInterface
     }
 
     /**
-     * Add route.
+     * {@inheritdoc}
-     *
-     * @param string $route       Route regex
-     * @param mixed  $destination Destination e.g. Module:function string or callback
-     * @param int    $verb        Request verb
-     * @param array  $validation  Validation patterns
-     * @param string $dataPattern Data patterns
-     *
-     * @return void
-     *
-     * @since 1.0.0
      */
     public function add(
         string $route,
         mixed $destination,
         int $verb = RouteVerb::GET,
+        bool $csrf = false,
         array $validation = [],
         string $dataPattern = ''
     ) : void
@@ -109,27 +100,18 @@ final class SocketRouter implements RouterInterface
         $this->routes[$route][] = [
             'dest'       => $destination,
             'verb'       => $verb,
+            'csrf'       => $csrf,
             'validation' => empty($validation) ? null : $validation,
             'pattern'    => empty($dataPattern) ? null : $dataPattern,
         ];
     }
 
     /**
-     * Route request.
+     * {@inheritdoc}
-     *
-     * @param string  $uri     Route
-     * @param int     $verb    Route verb
-     * @param string  $app     Application name
-     * @param int     $orgId   Organization id
-     * @param Account $account Account
-     * @param array   $data    Data
-     *
-     * @return array
-     *
-     * @since 1.0.0
      */
     public function route(
         string $uri,
+        string $csrf = null,
         int $verb = RouteVerb::GET,
         string $app = null,
         int $orgId = null,
@@ -148,6 +130,11 @@ final class SocketRouter implements RouterInterface
                     || $verb === RouteVerb::ANY
                     || ($verb & $d['verb']) === $verb
                 ) {
+                    // if csrf is required but not set
+                    if (isset($d['csrf']) && $d['csrf'] && $csrf === null) {
+                        return ['dest' => RouteStatus::INVALID_CSRF];
+                    }
+
                     // if permission check is invalid
                     if (isset($d['permission']) && !empty($d['permission'])
                         && ($account === null || $account instanceof NullAccount)

Router/WebRouter.php

@@ -84,24 +84,14 @@ final class WebRouter implements RouterInterface
     }
 
     /**
-     * Add route.
+     * {@inheritdoc}
-     *
-     * @param string $route       Route regex
-     * @param mixed  $destination Destination e.g. Module:function string or callback
-     * @param int    $verb        Request verb
-     * @param bool   $csrf        Is CSRF token required
-     * @param array  $validation  Validation patterns
-     * @param string $dataPattern Data patterns
-     *
-     * @return void
-     *
-     * @since 1.0.0
      */
     public function add(
         string $route,
         mixed $destination,
         int $verb = RouteVerb::GET,
-        bool $csrf = false, array $validation = [],
+        bool $csrf = false,
+        array $validation = [],
         string $dataPattern = ''
     ) : void
     {
@@ -119,19 +109,7 @@ final class WebRouter implements RouterInterface
     }
 
     /**
-     * Route request.
+     * {@inheritdoc}
-     *
-     * @param string  $uri     Route
-     * @param string  $csrf    CSRF token
-     * @param int     $verb    Route verb
-     * @param string  $app     Application name
-     * @param int     $orgId   Organization id
-     * @param Account $account Account
-     * @param array   $data    Validation
-     *
-     * @return array
-     *
-     * @since 1.0.0
      */
     public function route(
         string $uri,