basekit / signed-url
Generate secure URLs with an expiration
Installs: 27 049
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 3
Forks: 0
Open Issues: 0
Requires
- php: ~7.3 || ~8.0
- league/uri: ^6.0
- league/uri-components: ^2.2
Requires (Dev)
- php-mock/php-mock-phpunit: ^2.6
- phpstan/phpstan: ^1.5
- phpunit/phpunit: ^9.0
- vimeo/psalm: ^4.22
This package is auto-updated.
Last update: 2024-04-04 18:30:33 UTC
README
Introduction
This package is for simple generation and validation of signed URLs.
What is a signed URL?
A signed URL is a URL that provides limited permission and time to make a request. Signed URLs contain authentication information in their query string, allowing users without credentials to perform specific actions on a resource source
Installation
You can install the package via composer:
composer require basekit/signed-url
Usage
Create a signed URL with an expiration
$urlSigner = new BaseKit\SignedUrl('secret'); $url = $urlSigner->sign('http://dev.app', new \DateTime("+ 10 days")); echo $url; // http://dev.app?expires=1597606297&signature=2bcbe00d36010bae3e6bc6e6abe79f6cbc135f360285eeb17e9c53753b4b223a"
Create a signed URL without expiration
$urlSigner = new BaseKit\SignedUrl('secret'); $url = $urlSigner->sign('http://dev.app'); echo $url; // http://dev.app?expires=1597606297&signature=2bcbe00d36010bae3e6bc6e6abe79f6cbc135f360285eeb17e9c53753b4b223a"
Validate a signed URL
$url = "http://dev.app?expires=1597606297&signature=2bcbe00d36010bae3e6bc6e6abe79f6cbc135f360285eeb17e9c53753b4b223a"; $urlSignValidator = new BaseKit\SignedUrl('secret'); $valid = $urlSignValidator->validate($url); var_dump($valid); // bool(true)
The package will append 1 or 2 querystring parameters to the URL that represent the expiry of the link (when provided), and the signature. The signature itself is generated using the original url, the expiry date if provided, and a project specific secret.
It's possible to override the names of these querystring parameters in object instantiation, as below:
$urlSigner = new BaseKit\SignedUrl('secret', 'expirationParam', 'secureSignature'); $url = $urlSigner->sign('http://dev.app', new \DateTime("+ 10 days")); echo $url; // https://www.dev.app/?expirationParam=1597608096&secureSignature=ef6839ad6b1a4cfca8e3e04bb2a74da0e9d3d9c4d9870125f499f75c9ef5d2b6
Testing
composer test
Credits
License
The MIT License (MIT). Please see License File for more information.