havenshen/larsign

Laravel signature certification with web API server.

1.0.3 2017-12-05 12:26 UTC

README

Scrutinizer Code Quality Build Status Code Coverage Build Status Latest Stable Version Latest Unstable Version Latest Stable Version Total Downloads License

About

The larsign package authorized signature server.

Features

  • Handles larsign requests

Installation

Laravel

Require the havenshen/larsign package in your composer.json and update your dependencies:

$ composer require havenshen/larsign

Add the HavenShen\Larsign\LarsignServiceProvider to your config/app.php providers array:

HavenShen\Larsign\LarsignServiceProvider::class,

Add the HavenShen\Larsign\LarsignFacade to your config/app.php aliases array:

'Larsign' => HavenShen\Larsign\LarsignFacade::class,

Lumen

Require the havenshen/larsign package in your composer.json and update your dependencies:

$ composer require havenshen/larsign

Register the package with lumen in bootstrap/app.php with the following:

$app->register(HavenShen\Larsign\LarsignServiceProvider::class);

Global usage

To allow Larsign for all your routes, add the HandleLarsign middleware in the $middleware property of app/Http/Kernel.php class:

protected $middleware = [
    // ...
    \HavenShen\Larsign\HandleLarsign::class,
];

Group middleware

If you want to allow Larsign on a specific middleware group or route, add the HandleLarsign middleware to your group:

protected $middlewareGroups = [
    'web' => [
       // ...
    ],

    'api' => [
        // ...
        \HavenShen\Larsign\HandleLarsign::class,
    ],
];

Application route middleware

If you want to allow Larsign on a specific application middleware or route, add the HandleLarsign middleware to your application route:

protected $routeMiddleware = [
    // ...
    'auth.larsign' => \HavenShen\Larsign\HandleLarsign::class,
];

Configuration

The defaults are set in config/larsign.php. Copy this file to your own config directory to modify the values. If you're using Laravel, you can publish the config using this command:

$ php artisan vendor:publish --provider="HavenShen\Larsign\LarsignServiceProvider"

If you're using Lumen, Copy the configuration larsign.php from vendor/havenshen/larsign/config/larsign.php to your config/ directory

return [
    /*
     |--------------------------------------------------------------------------
     | Larsign
     |--------------------------------------------------------------------------
     |
     */
    'headerName' => env('LARSIGN_HEADER_NAME', 'Larsign'),
    'accessKey' => env('LARSIGN_ACCESS_KEY', ''),
    'secretKey' => env('LARSIGN_SECRET_KEY', ''),
];

Add api route in routes/api.php Copy this.

Route::middleware(['auth.larsign'])->group(function () {
    Route::get('/larsign', function () {
    return [
        'message' => 'done.'
    ]);
});

or

Route::get('/larsign', function () {
    return [
        'message' => 'done.'
    ];
})->middleware('auth.larsign');

Client

Generate Larsign signatures

  1. Assume the following management credentials:
AccessKey = "test"
SecretKey = "123456"
  1. Call interface address:
url = "https://larsign.dev/api/v1/test?page=1"
  1. The original string to be signed:

note: the time-stamping followed by a newline [currenttime + voucher valid seconds]

signingStr = "/api/v1/test?page=1\n1510986405"
  1. Base64 url safe encode:
signingStrBase64UrlSafeEncode = "L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"
  1. hmac_sha1 carries SecretKey encryption then base64 url safe encode:
sign = "MLKnFIdI-0TOQ4mHn5TyCcmWACU="
  1. The final administrative credentials are:

note: stitching headerName Space AccessKey:sign:signingStrBase64UrlSafeEncode

larsignToken = "Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"
  1. Add http header:

note: header key in config/larsign.php -> headerName

Larsign:Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1

Client signature authorization failed

Http Response: 403

Testing

$ phpunit

License

The MIT License (MIT). Please see License File for more information.