Generate a url with an expiration date and signature to prevent unauthorized access
This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.
$urlAuth = new Md5('randomkey'); $urlAuth->sign('https://myapp.com', 30, 'days'); // => The generated url will be valid for 30 days
This will output an URL that looks like
Imagine mailing this URL out to the users of your application. When a user clicks on a signed URL your application can validate it with:
The package can installed via Composer:
composer require abovesky/url-auth
A signer-object can sign URLs and validate signed URLs. A secret key is used to generate signatures.
use abovesky\UrlAuth\Md5; $urlAuth = new Md5('mysecretkey');
Signed URLs can be generated by providing a regular URL and an expiration date to the
$expirationDate = (new DateTime)->modify('10 days'); $urlAuth->sign('https://myapp.com', $expirationDate); // => The generated url will be valid for 10 days
If an integer is provided as expiration date, the url will be valid for that amount of days.
$urlAuth->sign('https://myapp.com', 30, 'days'); // => The generated url will be valid for 30 days
To validate a signed URL, simply call the
validate() method. This will return a boolean.
$urlAuth->validate('https://myapp.com/?expires=1439223344&signature=2d42f65bd023362c6b61f7432705d811'); // => true $urlAuth->validate('https://myapp.com/?expires=1439223344&signature=2d42f65bd0-INVALID-23362c6b61f7432705d811'); // => false
This packages provides a signer that uses md5 to generate signature. You can create your own
signer by implementing the
abovesky\UrlAuth\iUrlAuth-interface. If you let your signer extend
abovesky\UrlAuth\Base you'll only need to provide the
The tests can be run with:
$ vendor/bin/phpspec run
The MIT License (MIT). Please see License File for more information.