blog/routes/web.php

<?php
use Blog\Core\router;
use Blog\Core\container;
use Blog\Utils\authHelper;
use Blog\Http\request;
use Blog\Http\response;

$router->addRoute('GET', '/', function(Request $req, Response $res) use($container) {
  $twig = $container->get('twig');
  $postModel = $container->get('postModel');

  $posts = $postModel->getPosts();
  $res->getBody()->write(
    $twig->render("blogmain", [
      "posts" => $posts
    ])
  );
  return $res;
});

$router->addRoute('GET', '/post/{id}', function(Request $req, Response $res, $id) use($container) {
  $twig = $container->get('twig');
  $postModel = $container->get('postModel');

  $post = $postModel->getPost($id);
  
  $res->getBody()->write(
    $twig->render("blogpost", [
      "post" => $post
    ])
  );

  return $res;
});

$router->addRoute('GET', '/login', function(Request $req, Response $res) use($container) {
  $twig = $container->get('twig');
  
  $res->getBody()->write(
    $twig->render("login", [
      "csrf" => Blog\Middleware\authMiddleware::generateCSRFToken()
    ])
  );

  return $res;
});

$router->addRoute('POST', '/login', function(Request $req, Response $res) use($container) {
  $twig = $container->get('twig');
  $userModel = $container->get('userModel');
  
  $username = $req->getPost('username');
  $password = $req->getPost('password');
  $csrfToken = $req->getPost('_csrf_token');

  if(!Blog\Middleware\authMiddleware::validateCSRFToken($csrfToken)) {
    return $res
      ->setStatus(419)
      ->getBody()
      ->write("419 - Session abgelaufen oder ungültiger CSRF-Token.")
      ->send();
  }

  if(!AuthHelper::login($username, $password)) {
    $res
      ->setStatus(401)
      ->getBody()
      ->write("401 - Unauthorized: Invalid login information.");
    return $res;
  }

  return $res->redirect('/');
});

$router->addRoute('GET', '/logout', function(Request $req, Response $res) use($container) {
  AuthHelper::logout();
  return $res->redirect('/');
});