Improve typehinting (#116)

Greg Bowler · web-flow · commit 8f58938d5704 · 2021-01-29T11:32:07.000Z
diff --git a/composer.json b/composer.json
@@ -5,7 +5,7 @@
 	"license": "MIT",
 
 	"require": {
-		"php": ">=7.2",
+		"php": ">=7.4",
 		"phpgt/dom": "2.*",
 		"phpgt/session": "1.*"
 	},
diff --git a/composer.lock b/composer.lock
diff --git a/src/ArrayTokenStore.php b/src/ArrayTokenStore.php
@@ -9,7 +9,8 @@
  * session - it has no other way of remembering the tokens!
  */
 class ArrayTokenStore extends TokenStore {
-	private $arrayStore = [];
+	/** @var array<string, ?int> */
+	private array $arrayStore = [];
 
 	public function __construct(int $maxTokens = null) {
 		parent::__construct($maxTokens);
diff --git a/src/HTMLDocumentProtector.php b/src/HTMLDocumentProtector.php
@@ -16,8 +16,8 @@ class HTMLDocumentProtector {
 	 */
 	const TOKEN_NAME = "csrf-token";
 
-	private $document;
-	private $tokenStore;
+	private HTMLDocument $document;
+	private TokenStore $tokenStore;
 
 	public function __construct(
 		HTMLDocument $document,
diff --git a/src/TokenStore.php b/src/TokenStore.php
@@ -10,12 +10,8 @@
  * the tokens is provided by the base class, but can be overridden.
  */
 abstract class TokenStore {
-	/**
-	 * @var int|null The maximum number of tokens to be retained.
-	 */
-	protected $maxTokens = 1000;
-	protected $tokenLength = 32;
-	protected $tokenGenerator;
+	protected ?int $maxTokens = 1000;
+	protected int $tokenLength = 32;
 
 	/**
 	 * An optional limit of the number of valid tokens the TokenStore will retain may be passed.
@@ -57,6 +53,7 @@ public function generateNewToken():string {
 	 * If a $_POST global exists, check that it contains a token and that the token is valid.
 	 * The name the token is stored-under is contained in HTMLDocumentProtector::TOKEN_NAME.
 	 *
+	 * @param array<string, int>|callable $postData
 	 * @throws CsrfTokenMissingException There's a $_POST request present but no
 	 * token present
 	 * @throws CsrfTokenInvalidException There's a token included on the $_POST,
