abdelhammied/api-csrf-protection

This Package is used to secure apis from any cross sites request forgery while wroking with mobile applications using rsa assemetric key

Maintainers

Details

github.com/Abdelhammied/Api-Csrf-Protection

Source

Issues

Installs: 1

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 2

Forks: 0

Open Issues: 0

dev-master 2020-10-07 12:08 UTC

Requires

MIT 48a2714e1cb52413bf76c4d30e8b2e7a7514c184

  • Abdelhammied Elsayed <abdelhammied.woop@gmail.com>

api-securityapi-csrf-protectionapi-ddos-attack

This package is auto-updated.

Last update: 2024-04-07 20:22:05 UTC

README

This Package is used to secure apis from any cross sites request forgery while wroking with mobile applications using rsa assemetric key with two ways authentication with your mobile team / any one who wants to interact with your apis

This Package uses phpseclib/phpseclib

Installation

composer require abdelhammied/api-csrf-protection

Configuration

We Are Setting Every Thing To You We Only Need Your Support And Have Fun With Our Package

Usage

  1. Create Public and private keys using php artisan createencrytionkeys This will create public key and private keys at storage/app/keys, share the public keys with your mobile team.
  2. Start to define the middleware as route middleware at app/Http/Kernel.php using this middleware \ApiCsrfProtection\Middlewares\VerifyApiToken::class
  3. You can define which apis to be secured with the package should be Not GET method
  4. from the mobile team side start to create a random string with each not GET request, use the public key to hash the string after that use base64_encode with the hased value, send the data with the request like:
{
  "__token": {
    "plainText": "$RANDOM_STRING",
    "cipherText": "$HASHED_VALUE"
  }
}

For Any Inquires please contact us :

abdelhammied@gmail.com