Add validateRequest(), token check outside class

includes/CSRF.php

@@ -6,7 +6,12 @@ class CSRF
 {
     protected static ?CSRFTokenizer $instance = null;
 
-    protected static function getInstance(): CSRFTokenizer
+    /*
+     * Get the CSRFTokenizer instance (singleton)
+     *
+     * @return CSRFTokenizer
+     */
+    public static function instance(): CSRFTokenizer
     {
         if (self::$instance === null) {
             self::$instance = new CSRFTokenizer();
@@ -21,22 +26,41 @@ class CSRF
 
     public static function verify(): bool
     {
-        return self::instance()->csrfValidateRequest() && self::instance()->CSRFValidate($_POST['csrf_token'] ?? '');
+        $token = $_POST['csrf_token'];
+        return self::instance()->csrfValidateRequest() &&
+               self::instance()->CSRFValidate($_POST['csrf_token'] ?? '');
     }
 
     public static function metaTag(): string
     {
-        return self::getInstance()->CSRFMetaTag();
+        return self::instance()->CSRFMetaTag();
     }
 
     public static function hiddenField(): string
     {
-        return self::getInstance()->CSRFTokenFieldTag();
+        return self::instance()->CSRFTokenFieldTag();
     }
 
     public static function handleInvalidToken(): void
     {
         self::instance()->handleInvalidCSRFToken();
     }
+
+    /**
+     * Validates a CSRF Request
+     *
+     * @return bool
+     */
+    public static function validateRequest(): bool
+    {
+        return self::instance()->csrfValidateRequest();
+    }
+}
+
+if (\RaspAP\Tokens\CSRF::validateRequest()) {
+    if (!\RaspAP\Tokens\CSRF::verify()) {
+        error_log("CSRF verification failed. Token: " . ($_POST['csrf_token'] ?? 'not provided'));
+        \RaspAP\Tokens\CSRF::handleInvalidToken();
+    }
 }