oihana / php-http
Composable PHP HTTP toolkit โ client IP detection (X-Forwarded-For chain walking + CIDR + IPv4/IPv6), typed Set-Cookie header builders, route pattern utilities (Slim optional segments + Casbin patterns), user-agent parsing. PSR-7 compatible, zero magic strings.
Maintainers
Requires
- php: >=8.4
- oihana/php-core: dev-main
- oihana/php-enums: dev-main
- oihana/php-files: dev-main
- oihana/php-reflect: dev-main
- oihana/php-schema: dev-main
- oihana/php-standards: dev-main
- psr/http-message: ^2.0
Requires (Dev)
- nunomaduro/collision: ^8.8
- phpdocumentor/shim: ^3.8
- phpunit/phpunit: ^12
- slim/psr7: ^1.7
This package is auto-updated.
Last update: 2026-05-26 17:34:57 UTC
README
Composable PHP HTTP toolkit. Part of the Oihana PHP ecosystem, this package provides battle-tested helpers for HTTP-facing code: client IP detection against reverse proxies, typed Set-Cookie header builders, route pattern utilities and user-agent parsing โ all PSR-7 compatible, zero magic strings.
๐ Documentation
Full API reference (generated with phpDocumentor): https://bcommebois.github.io/oihana-php-http
User guides (FR + EN) live under wiki/.
๐ฆ Installation
Requires PHP 8.4+. Install via Composer:
composer require oihana/php-http
โจ What you can do
- Detect the real client IP behind a chain of trusted reverse proxies. Walks
X-Forwarded-Forright-to-left, skips trusted hops via CIDR matching, falls back onForwarded(RFC 7239),X-Real-IPandREMOTE_ADDR. Validates IPv4 and IPv6, normalizes IPv4-mapped IPv6 (::ffff:1.2.3.4โ1.2.3.4), strips IPv6 zone IDs. - Anonymise IPs for GDPR-friendly logging โ
truncateIpToSlash24()(IPv4 โ/24, last octet zeroed) andtruncateIpToSlash48()(IPv6 โ/48, last 80 bits zeroed), oranonymizeIp()for a single entry point that routes to the right helper based on the address family. - Build
Set-Cookieheaders with typed attributes:HttpOnly,Secure,SameSite=Strict|Lax|None,Domain,Path,Max-Age. - Expand Slim route patterns carrying optional bracket segments (
/users[/{id:[0-9]+}]) into their cartesian product of concrete routes โ useful for permission seeding and route-by-route authorization. - Translate Slim route patterns into Casbin patterns by collapsing
{placeholder}segments into*. - Read the request User-Agent string via
getUserAgent().
Under the hood
- A consistent set of typed enums and constants โ
CookieAttribute,CookieOption,SameSite. - Pure PSR-7 โ no framework lock-in. Works with Slim, Laravel, Symfony HTTP Foundation (via PSR-7 bridge), Hyperf, RoadRunner, etc.
- Strongly-typed enums and constants โ no magic strings anywhere.
โ Running tests
Run all tests:
composer test
Run a specific test file:
composer test ./tests/oihana/http/helpers/ips/GetClientIpTest.php
๐ ๏ธ Generate the documentation
We use phpDocumentor to generate documentation into the ./docs folder.
composer doc
๐งพ License
Licensed under the Mozilla Public License 2.0 (MPLโ2.0).
๐ค About the author
- Author: Marc ALCARAZ (aka eKameleon)
- Email:
marc@ooop.fr - Website:
https://www.ooop.fr
๐ Related packages
oihana/php-coreโ core helpers and utilities:https://github.com/BcommeBois/oihana-php-coreoihana/php-enumsโ typed constants & enums:https://github.com/BcommeBois/oihana-php-enumsoihana/php-filesโ file system helpers:https://github.com/BcommeBois/oihana-php-filesoihana/php-reflectโ reflection and hydration utilities:https://github.com/BcommeBois/oihana-php-reflectoihana/php-authโ Casbin RBAC + JWT/OIDC authorization toolkit:https://github.com/BcommeBois/oihana-php-auth