patieru/url-signer

Generate a url with an expiration date and signature to prevent unauthorized access

Maintainers

Details

github.com/patieru12/url-signer

Homepage

Source

Issues

Installs: 21

Dependents: 1

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 0

Open Issues: 0

0.0.4 2019-10-03 19:27 UTC

Requires

Requires (Dev)

MIT 55750465a775828f58545a8885b90cda89c07fa0

securityurlencryptionsignpatieru

This package is auto-updated.

Last update: 2025-03-01 00:22:37 UTC

README

This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.

$urlSigner = new MD5UrlSigner('randomkey');

$urlSigner->sign('https://myapp.com', 30);

// => The generated url will be valid for 30 days

This will output an URL that looks like https://myapp.com/?expires=xxxx&signature=xxxx.

Imagine mailing this URL out to the users of your application. When a user clicks on a signed URL your application can validate it with:

$urlSigner->validate('https://myapp.com/?expires=xxxx&signature=xxxx');

Install

The package can installed via Composer:

$ composer require patieru/url-signer

Usage

A signer-object can sign URLs and validate signed URLs. A secret key is used to generate signatures.

use Patieru\UrlSigner\MD5UrlSigner;

$urlSigner = new MD5UrlSigner('mysecretkey');

Generating URLs

Signed URLs can be generated by providing a regular URL and an expiration date to the sign method.

$expirationDate = (new DateTime)->modify('10 days');

$urlSigner->sign('https://myapp.com', $expirationDate);

// => The generated url will be valid for 10 days

If an integer is provided as expiration date, the url will be valid for that amount of days.

$urlSigner->sign('https://myapp.com', 30);

// => The generated url will be valid for 30 days

Validating URLs

To validate a signed URL, simply call the validate() method. This will return a boolean.

$urlSigner->validate('https://myapp.com/?expires=1439223344&signature=2d42f65bd023362c6b61f7432705d811');

// => true

$urlSigner->validate('https://myapp.com/?expires=1439223344&signature=2d42f65bd0-INVALID-23362c6b61f7432705d811');

// => false

Writing custom signers

This packages provides a signer that uses md5 to generate signature. You can create your own signer by implementing the Patieru\UrlSigner\UrlSigner-interface. If you let your signer extend Patieru\UrlSigner\BaseUrlSigner you'll only need to provide the createSignature-method.

Tests

The tests can be run with:

$ vendor/bin/phpspec run

##Integrations To get started quickly in Laravel you can use the patieru/laravel-url-signer package.

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Credits

License

The MIT License (MIT). Please see License File for more information.