aws/aws-php-sns-message-validator

Amazon SNS message validation for PHP

1.4.0 2017-09-27 23:05 UTC

README

@awsforphp on Twitter Total Downloads Build Status Apache 2 License

The Amazon SNS Message Validator for PHP library allows you to validate that incoming HTTP(S) POST messages are valid Amazon SNS notifications. This library is standalone and does not depend on the AWS SDK for PHP or Guzzle; however, it does require PHP 5.4+ and that the OpenSSL PHP extension is installed.

Basic Usage

To validate a message, you can instantiate a Message object from the POST data using the Message::fromRawPostData. This reads the raw POST data from the php://input stream, decodes the JSON data, and validates the message's type and structure.

Next, you must create an instance of MessageValidator, and then use either the isValid() or validate(), methods to validate the message. The message validator checks the SigningCertURL, SignatureVersion, and Signature to make sure they are valid and consistent with the message data.

<?php

require 'vendor/autoload.php';

use Aws\Sns\Message;
use Aws\Sns\MessageValidator;
 
$message = Message::fromRawPostData();
 
// Validate the message
$validator = new MessageValidator();
if ($validator->isValid($message)) {
   // do something with the message
}

Installation

The SNS Message Validator can be installed via Composer.

$ composer require aws/aws-php-sns-message-validator

Since the library has no other PHP dependencies, you can also easily install the library from the source code here on GitHub, assuming you include the files manually or use your own autoloader.

About Amazon SNS

Amazon Simple Notification Service (Amazon SNS) is a fast, fully-managed, push messaging service. Amazon SNS can deliver messages to email, mobile devices (i.e., SMS; iOS, Android and FireOS push notifications), Amazon SQS queues,and — of course — HTTP/HTTPS endpoints.

With Amazon SNS, you can setup topics to publish custom messages to subscribed endpoints. However, SNS messages are used by many of the other AWS services to communicate information asynchronously about your AWS resources. Some examples include:

  • Configuring Amazon Glacier to notify you when a retrieval job is complete.
  • Configuring AWS CloudTrail to notify you when a new log file has been written.
  • Configuring Amazon Elastic Transcoder to notify you when a transcoding job changes status (e.g., from "Progressing" to "Complete")

Though you can certainly subscribe your email address to receive SNS messages from service events like these, your inbox would fill up rather quickly. There is great power, however, in being able to subscribe an HTTP/HTTPS endpoint to receive the messages. This allows you to program webhooks for your applications to easily respond to various events.

Handling Messages

Confirming a Subscription to a Topic

In order to handle a SubscriptionConfirmation message, you must use the SubscribeURL value in the incoming message:

use Aws\Sns\Message;
use Aws\Sns\MessageValidator;
use Aws\Sns\Exception\InvalidSnsMessageException;

// Instantiate the Message and Validator
$message = Message::fromRawPostData();
$validator = new MessageValidator();

// Validate the message and log errors if invalid.
try {
   $validator->validate($message);
} catch (InvalidSnsMessageException $e) {
   // Pretend we're not here if the message is invalid.
   http_response_code(404);
   error_log('SNS Message Validation Error: ' . $e->getMessage());
   die();
}

// Check the type of the message and handle the subscription.
if ($message['Type'] === 'SubscriptionConfirmation') {
   // Confirm the subscription by sending a GET request to the SubscribeURL
   file_get_contents($message['SubscribeURL']);
}

Receiving a Notification

To receive a notification, use the same code as the preceding example, but check for the Notification message type.

if ($message['Type'] === 'Notification') {
   // Do whatever you want with the message body and data.
   echo $message['MessageId'] . ': ' . $message['Message'] . "\n";
}

The message body will be a string, and will hold whatever data was published to the SNS topic.

Unsubscribing

Unsubscribing looks the same as subscribing, except the message type will be UnsubscribeConfirmation.

if ($message['Type'] === 'UnsubscribeConfirmation') {
    // Unsubscribed in error? You can resubscribe by visiting the endpoint
    // provided as the message's SubscribeURL field.
    file_get_contents($message['SubscribeURL']);
}

Testing Locally

One challenge of using webhooks in a web application is testing the integration with the service. Testing integrations with SNS notifications can be fairly easy using tools like ngrok and PHP's built-in webserver. One of our blog posts, Testing Webhooks Locally for Amazon SNS, illustrates a good technique for testing.

NOTE: The code samples in the blog post are specific to the message validator in Version 2 of the SDK, but can be easily adapted to using this version.

Special Thank You

A special thanks goes out to Julian Vidal who helped create the initial implementation in Version 2 of the AWS SDK for PHP.