abovesky/url-auth

Generate a url with an expiration date and signature to prevent unauthorized access

Maintainers

Details

github.com/abovesky/url-auth

Homepage

Source

Issues

Installs: 16

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 1

Open Issues: 0

v1.0.3 2017-10-20 01:04 UTC

Requires

MIT 2afb0d514a9adc79449bcf692c4373b83cf1a4d6

  • abovesky <abovesky.woop@qq.com>

securityurlencryptionsign

This package is not auto-updated.

Last update: 2024-04-14 02:24:14 UTC

README

This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.

$urlAuth = new Md5('randomkey');

$urlAuth->sign('https://myapp.com', 30, 'days');

// => The generated url will be valid for 30 days

This will output an URL that looks like https://myapp.com/?expires=xxxx&signature=xxxx.

Imagine mailing this URL out to the users of your application. When a user clicks on a signed URL your application can validate it with:

$urlAuth->validate('https://myapp.com/?expires=xxxx&signature=xxxx');

Installation

The package can installed via Composer:

composer require abovesky/url-auth

Usage

A signer-object can sign URLs and validate signed URLs. A secret key is used to generate signatures.

use abovesky\UrlAuth\Md5;

$urlAuth = new Md5('mysecretkey');

Generating URLs

Signed URLs can be generated by providing a regular URL and an expiration date to the sign method.

$expirationDate = (new DateTime)->modify('10 days');

$urlAuth->sign('https://myapp.com', $expirationDate);

// => The generated url will be valid for 10 days

If an integer is provided as expiration date, the url will be valid for that amount of days.

$urlAuth->sign('https://myapp.com', 30, 'days');

// => The generated url will be valid for 30 days

Validating URLs

To validate a signed URL, simply call the validate() method. This will return a boolean.

$urlAuth->validate('https://myapp.com/?expires=1439223344&signature=2d42f65bd023362c6b61f7432705d811');

// => true

$urlAuth->validate('https://myapp.com/?expires=1439223344&signature=2d42f65bd0-INVALID-23362c6b61f7432705d811');

// => false

Writing custom signers

This packages provides a signer that uses md5 to generate signature. You can create your own signer by implementing the abovesky\UrlAuth\iUrlAuth-interface. If you let your signer extend abovesky\UrlAuth\Base you'll only need to provide the createSignature-method.

Tests

The tests can be run with:

$ vendor/bin/phpspec run

License

The MIT License (MIT). Please see License File for more information.