lelectrolux / hmac-utils
Utilities for Hmac authorisation
Installs: 43
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
pkg:composer/lelectrolux/hmac-utils
Requires
- php: ^8.4
- guzzlehttp/guzzle: ^7.0
- laravel/framework: ^12.0
- psr/http-message: ^2.0
- ramsey/uuid: ^4.5
Requires (Dev)
- laravel/pint: ^1.24.0
README
Validate server to server messaging through Hmac signatures in a laravel project
Installation
First install the package
composer require lelectrolux/hmac-utils
Then, publish the config file, and fill the necessary .env values
php artisan vendor:publish --provider=Lelectrolux\Hmac\Laravel\ServiceProvider
Use-cases
Most of the logic is abstracted for 2 use-cases
My server recieves a Hmac signed request
Use the Laravel middleware on your corresponding route
use Lelectrolux\Hmac\Laravel\Middleware; // Any key => secret pair allowed Route::get('/some/uri')->middleware(Middleware::class) // Ony those keyed by foo or bar Route::get('/some/uri')->middleware(Middleware::class.':foo,bar')
The hmac uuid will be made available in the laravel context at the key 'hmac_request_uuid' 🔗.
My server sends a Hmac signed through guzzle
Use the Guzzle middleware factory in your Http client call chain
use Illuminate\Support\Facades\Http; use Lelectrolux\Hmac\Guzzle\MiddlewareFactory; Http::createPendingRequest()->withMiddleware($middlewareFactory->make('foo'))->...