gollumsf / url-tokenizer-bundle
Simple url tokenizer
Installs: 1 462
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 1
Type:symfony-bundle
Requires
- php: >=7.2
- sensio/framework-extra-bundle: ^5|^6
- symfony/dependency-injection: ^4.4|^5|^6
Requires (Dev)
- gollumsf/reflection-property-test: ^1.0
- matthiasnoback/symfony-dependency-injection-test: ^4.1
- nyholm/symfony-bundle-test: 1.8.1
- phpunit/phpunit: ^9.3
- symfony/browser-kit: ^4.4|^5|^6
README
Installation:
composer require gollumsf/url-tokenizer-bundle
config/bundles.php
return [ // [ ... ] Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle::class => ['all' => true], GollumSF\UrlTokenizerBundle\GollumSFUrlTokenizerBundle::class => ['all' => true], ];
config.yml
gollum_sf_url_tokenizer: secret: Default_S3cret_Must_be_Ch4nge!!! # Default secret key for token MUST BE CHANGE default_full_url: false' # (optional, default: false) By default tokenise full url or only parameter algo: 'sha256' # (optional, default: "sha256') Algo for hash token. (must be in list returned by hash_hmac_algos()) token_query_name: "t" # (optional, default: "t") Query token param name for url tokenized token_time_query_name: "d" # (optional, default: "d") Query token time param name for url tokenized
Usage
Tokenize URL
<?php use GollumSF\UrlTokenizerBundle\Tokenizer\TokenizerInterface; public function (TokenizerInterface $tokenizer) { // Inject service $url = 'http://www.mydomain.com?param1=a'; // $url1Tokenised => http://www.mydomain.com?param1=a&t=THE_TOKENd=1580775131 (tokenize only parameter) $url1Tokenised = $tokenizer->generateUrl($url); // $url1Tokenised => http://www.mydomain.com?param1=a&t=THE_TOKENd=1580775131 (tokenize full url) $url1Tokenised = $tokenizer->generateUrl($url, true); // $url1Tokenised => http://www.mydomain.com?param1=a&t=THE_TOKENd=1580775131 (use custom secret) $url1Tokenised = $tokenizer->generateUrl($url, false, 'CUSTOM SECRET'); }
Check URL tokenized
<?php use GollumSF\UrlTokenizerBundle\Checker\CheckerInterface; public function (CheckerInterface $checker) { // Inject service $urlWithToken = 'http://www.mydomain.com?param1=a&t=THE_TOKEN&d=1580775131'; // $result => true or false $result = $checker->checkToken($urlWithToken); // $result => true or false (use full url) $result = $checker->checkToken($urlWithToken, true); // $result => true or false (use custom secret) $result = $checker->checkToken($urlWithToken, null, 'CUSTOM SECRET'); // $result => true or false automatic use url from Master Request $result = $checker->checkTokenMasterRequest(); $result = $checker->checkTokenMasterRequest(true); $result = $checker->checkTokenMasterRequest(null, 'CUSTOM SECRET'); // $result => is true if token is generate before 3600 second ago $result = $checker->checkTokenTime($urlWithToken, 3600); $result = $checker->checkTokenTimeMasterRequest(3600); // on Master Request // $result => result on valid Token and Time $result = $checker->checkTokenAndTokenTime($urlWithToken, 3600); $result = $checker->checkTokenAndTokenTimeMasterRequest(3600); // on Master Request }
Use annotation
Use ValidToken
annotation for restrain access at action.
<?php use GollumSF\UrlTokenizerBundle\Annotation\ValidToken; use GollumSF\UrlTokenizerBundle\Tokenizer\TokenizerInterface; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Routing\RouterInterface; class GenerateController extends AbstractController { /** * @Route("/generate") */ public function generate(TokenizerInterface $tokenizer) { return new Response($tokenizer->generateUrl( $this->generateUrl('validate', [ 'param' => 'value' ], RouterInterface::ABSOLUTE_URL) )); } /** * @Route("/validate", name="validate") * @ValidToken() */ public function validate(TokenizerInterface $tokenizer) { return new Response('good'); }
Options
- fullUrl: (boolean, default = null) If null use condifuration value.
- key: (string, default = null) If null use condifuration value.
- lifeTime: (integer, default = null) If null don't check time. Is lifetime of token before creation