Search by 
kaxiluo / api-signature
api signature and verification, guzzle signature middleware, signature verify middleware
1.1.0
2021-05-29 15:54 UTC
Requires
- php: >=7.0
- ext-json: *
- guzzlehttp/guzzle: ~6.0|~7.0
- nyholm/psr7: ^1.4
- psr/http-message: ^1.0
- psr/http-server-middleware: ^1.0
- psr/simple-cache: ^1.0
- symfony/psr-http-message-bridge: ^2.1
Requires (Dev)
- mockery/mockery: 1.3.2
- phpunit/phpunit: ~7.0
This package is auto-updated.
Last update: 2024-04-29 04:53:36 UTC
README
api signature and verification, easy to use it by middleware. or use it alone.
- Request signer
- Use request sign middleware to create guzzle client
- Signature validator
- General signature verify middleware
- Use signature verify middleware in laravel、hyperf ...
Installing
Package is available on Packagist,
composer require kaxiluo/api-signature
Usage
Client (Request Sign)
// use as guzzle client config $config = [ 'base_uri' => 'https://yourserver.host', 'verify' => false, ]; // create guzzle client with request sign middleware $client = \Kaxiluo\ApiSignature\Client\GuzzleClientFactory::createClient('1', 'iamsecret', $config); // enjoy.. $client->get('/test');
other, use it alone see:
\Kaxiluo\ApiSignature\Client\RequestSigner
Server (Signature Verify)
using laravel middleware
use Kaxiluo\ApiSignature\Server\SignatureVerifyLaravelMiddleware; class MySignatureVerifyMiddleware extends SignatureVerifyLaravelMiddleware { // custom signature header name. default is X-Signature protected $headerName = 'X-Your-Custom-Name'; // nonce ttl. default is 300 s protected $lifetime = 500; protected function getAppSecretByAppId($appId): string { // TODO: Implement getAppSecretByAppId() method. // you can filter app_secret from config //return config('api.your-client.app_secret'); } protected function getCacheProvider() { return app('cache.store'); } }
using hyperf middleware
use Kaxiluo\ApiSignature\Exception\InvalidSignatureException; use Kaxiluo\ApiSignature\Server\SignatureVerifyPsrMiddleware; use Psr\Container\ContainerInterface; use Psr\SimpleCache\CacheInterface; class MySignatureVerifyMiddleware extends SignatureVerifyPsrMiddleware { /** * @var ContainerInterface */ protected $container; public function __construct(ContainerInterface $container) { $this->container = $container; } protected function handleInvalidSignature(InvalidSignatureException $exception) { return $this->container->get(\Hyperf\HttpServer\Contract\ResponseInterface::class) ->json(['error' => $exception->getMessage()]) ->withStatus(401); } protected function getCacheProvider(): CacheInterface { return $this->container->get(CacheInterface::class); } protected function getAppSecretByAppId($appId): string { // TODO: Implement getAppSecretByAppId() method. // you can filter app_secret from config } }
other, use it alone see:
\Kaxiluo\ApiSignature\Server\SignatureValidator, \Kaxiluo\ApiSignature\Server\SignatureVerifyMiddleware