For example, Illuminate\Contracts\Queue\Queue contract uses a method which is needed for queuing jobs and Illuminate\Contracts\Mail\Mailer uses the method for sending emails.

Every contract defined includes corresponding implementation of the framework. All the Laravel contracts are available in the GitHub repository as mentioned below −

https://github.com/illuminate/contracts

This repository provides a variety of contracts available in the Laravel framework which can be downloaded and used accordingly.

Important Points

While working with Laravel contracts, please note the following important points −

It is mandatory to define facades in the constructor of a class.
Contracts are explicitly defined in the classes and you need not define the contracts in constructors.

Example

Consider the contract used for Authorization in Laravel which is mentioned below −

<?php namespace Illuminate\Contracts\Auth\Access;
 interface Authorizable{   /**      * Determine if the entity has a given ability.      *      * @param string $ability      * @param array|mixed $arguments      * @return bool   */   public function can($ability, $arguments = []);

}

The contract uses a function can which includes a parameter named ability and arguments which uses the user identification in the form of an array.

You will have to define a contract as shown in the syntax below −

interface <contract-name>

Contracts are used like facades for creating robust, well-tested Laravel applications. There are various practical differences with usage of contracts and facades.

The following code shows using a contract for caching a repository −

<?php namespace App\Orders;use Illuminate\Contracts\Cache\Repository as Cache;
 class Repository{   /**      * The cache instance.   */      protected $cache;
      /**      * Create a new repository instance.      *      * @param Cache $cache      * @return void   */      public function __construct(Cache $cache) {      $this->cache = $cache;   }}

Contract contains no implementation and new dependencies; it is easy to write an alternative implementation of a specified contract, thus a user can replace cache implementation without modifying any code base.

Laravel – CSRF Protection

CSRF refers to Cross Site Forgery attacks on web applications. CSRF attacks are the unauthorized activities which the authenticated users of the system perform. As such, many web applications are prone to these attacks.

Laravel offers CSRF protection in the following way −

Laravel includes an in built CSRF plug-in, that generates tokens for each active user session. These tokens verify that the operations or requests are sent by the concerned authenticated user.

Implementation

The implementation of CSRF protection in Laravel is discussed in detail in this section. The following points are notable before proceeding further on CSRF protection −

CSRF is implemented within HTML forms declared inside the web applications. You have to include a hidden validated CSRF token in the form, so that the CSRF protection middleware of Laravel can validate the request. The syntax is shown below −

<form method = "POST" action="/profile">   {{ csrf_field() }}   ...</form>

You can conveniently build JavaScript driven applications using JavaScript HTTP library, as this includes CSRF token to every outgoing request.
The file namely resources/assets/js/bootstrap.jsregisters all the tokens for Laravel applications and includes meta tag which stores csrf-token with Axios HTTP library.

Form without CSRF token

Consider the following lines of code. They show a form which takes two parameters as input: email and message.

<form>   <label> Email </label>    
  <input type = "text" name = "email"/>    
  <br/>   <label> Message </label>
<input type="text" name = "message"/>  
 <input type = ”submit” name = ”submitButton” value = ”submit”>
</form>

The result of the above code is the form shown below which the end user can view −

The form shown above will accept any input information from an authorized user. This may make the web application prone to various attacks.

Please note that the submit button includes functionality in the controller section. The postContact function is used in controllers for that associated views. It is shown below −

public function postContact(Request $request) { return $request-> all();}

Observe that the form does not include any CSRF tokens so the sensitive information shared as input parameters are prone to various attacks.

Form with CSRF token

The following lines of code shows you the form re-designed using CSRF tokens −

<form method = ”post” >  
 {{ csrf_field() }}   
<label> Email </label>  
 <input type = "text" name = "email"/> 
  <br/>   <label> Message </label>  
 <input type = "text" name = "message"/>  
 <input type = ”submit” name = ”submitButton” value = ”submit”>
</form>

The output achieved will return JSON with a token as given below −

{   "token": "ghfleifxDSUYEW9WE67877CXNVFJKL",   "name": "Tecklearn",   "email": "contact@Tecklearn.com"}

This is the CSRF token created on clicking the submit button.

So, this brings us to the end of blog. This Tecklearn ‘Contracts and CSRF Protection in Laravel’ blog helps you with commonly asked questions if you are looking out for a job in Laravel Programming. If you wish to learn Laravel and build a career Java Programming domain, then check out our interactive, Java and JEE Training, that comes with 24*7 support to guide you throughout your learning period. Please find the link for course details:

https://www.tecklearn.com/course/java-and-jee-training/

Java and JEE Training

About the Course

Java and JEE Certification Training is designed by professionals as per the industrial requirements and demands. This training encompasses comprehensive knowledge on basic and advanced concepts of core Java & J2EE along with popular frameworks like Hibernate, Spring & SOA. In this course, you will gain expertise in concepts like Java Array, Java OOPs, Java Function, Java Loops, Java Collections, Java Thread, Java Servlet, and Web Services using industry use-cases and this will help you to become a certified Java expert.

Why Should you take Java and JEE Training?

Java developers are in great demand in the job market. With average pay going between $90,000/- to $120,000/- depending on your experience and the employers.
Used by more than 10 Million developers worldwide to develop applications for 15 Billion devices.
Java is one of the most popular programming languages in the software world. Rated #1 in TIOBE Popular programming languages index (15th Consecutive Year)

What you will Learn in this Course?

Introduction to Java

Java Fundamentals
Introduction to Java Basics
Features of Java
Various components of Java language
Benefits of Java over other programming languages
Key Benefits of Java

Installation and IDE’s for Java Programming Language

Installation of Java
Setting up of Eclipse IDE
Components of Java Program
Editors and IDEs used for Java Programming
Writing a Simple Java Program

Data Handling and Functions

Data types, Operations, Compilation process, Class files, Loops, Conditions
Using Loop Constructs
Arrays- Single Dimensional and Multi-Dimensional
Functions
Functions with Arguments

OOPS in Java: Concept of Object Orientation

Object Oriented Programming in Java
Implement classes and objects in Java
Create Class Constructors
Overload Constructors
Inheritance
Inherit Classes and create sub-classes
Implement abstract classes and methods
Use static keyword
Implement Interfaces and use it

Polymorphism, Packages and String Handling

Concept of Static and Run time Polymorphism
Function Overloading
String Handling –String Class
Java Packages

Exception Handling and Multi-Threading

Exception handling
Various Types of Exception Handling
Introduction to multi-threading in Java
Extending the thread class
Synchronizing the thread

File Handling in Java

Input Output Streams
io Package
File Handling in Java

Java Collections

Wrapper Classes and Inner Classes: Integer, Character, Boolean, Float etc
Applet Programs: How to write UI programs with Applet, Java.lang, Java.io, Java.util
Collections: ArrayList, Vector, HashSet, TreeSet, HashMap, HashTable

Java Database Connectivity (JDBC)

Introduction to SQL: Connect, Insert, Update, Delete, Select
Introduction to JDBC and Architecture of JDBC
Insert/Update/Delete/Select Operations using JDBC
Batch Processing Transaction
Management: Commit and Rollback

Java Enterprise Edition – Servlets

Introduction to J2EE
Client Server architecture
URL, Port Number, Request, Response
Need for servlets
Servlet fundamentals
Setting up a web project in Eclipse
Configuring and running the web app with servlets
GET and POST request in web application with demo
Servlet lifecycle
Servlets Continued
Session tracking and filter
Forward and include Servlet request dispatchers

Java Server Pages (JSP)

Fundamentals of Java Server Page
Writing a code using JSP
The architecture of JSP
JSP Continued
JSP elements: Scriptlets, expressions, declaration
JSP standard actions
JSP directives
Introduction to JavaBeans
ServletConfig and ServletContext
Servlet Chaining
Cookies Management
Session Management

Hibernate

Introduction to Hibernate
Introduction to ORM
ORM features
Hibernate as an ORM framework
Hibernate features
Setting up a project with Hibernate framework
Basic APIs needed to do CRUD operations with Hibernate
Hibernate Architecture

POJO (Plain Old Java Object)

POJO (Plain Old Java Object)
Persistent Objects
Lifecycle of Persistent Object

Spring

Introduction to Spring
Spring Fundamentals
Advanced Spring

Got a question for us? Please mention it in the comments section and we will get back to you.

385