simplon/signr

Create and validate Signed Requests including data encryption.

Installs: 302

Dependents: 0

Stars: 2

Watchers: 1

Forks: 2

Language: PHP

0.6.0 2013-03-28 14:20 UTC

README

     _                 _                   _
 ___(_)_ __ ___  _ __ | | ___  _ __    ___(_) __ _ _ __  _ __
/ __| | '_ ` _ \| '_ \| |/ _ \| '_ \  / __| |/ _` | '_ \| '__|
\__ \ | | | | | | |_) | | (_) | | | | \__ \ | (_| | | | | |
|___/_|_| |_| |_| .__/|_|\___/|_| |_| |___/_|\__, |_| |_|_|
                |_|                          |___/

Signr creates an signed-request (also known as access token) by a given data array in combination with a secret key which is only known by the transmitter and receiver of the payload. By default the signed-request is secured against fraud through a hash_hmac signature. Additionally, if the data array holds a key named secret all data within that key will be encrypted. To ensure that the signed-request can be send via URL it will be encoded via base64.

Create a signed request

use Simplon\Signr\Signr;

$secretKeySignedRequest = '123456';

$data = [
  'secret' => [
    'user'         => [
      'gameUid'      => 'xxx',
      'email'        => 'xxx',
      'gameServerId' => 'xxx',
    ],
    'order'        => [
      'checkoutUid'    => 'xxx',
      'inGameCurrency' => 'xxx',
      'realCurrency'   => 'xxx',
      'currencyCode'   => 'xxx',
      'provider'       => 'xxx',
      'created'        => 'xxx',
    ],
    'partnerToken' => 'xxx',
  ],
];

// create signed request
$signedRequest = (new Signr())
    ->setData($data)
    ->setSecretKey($secretKeySignedRequest)
    ->create()
    ->getSignedRequest();

Generated signed request

VaR6EKGui6clTkLSEVps-fzKgEy9BzEYvK-sWi59kTM.eyJzZWNyZXQiOiJrQ2RXRE50M280MUJvNkZ
cL1drS3lwVUtyeGJUMnB0SVB6eG4zdVBFV3FkMFlsYTc4UlpRWTVCZm55MFp6d3R1bHVzaU5pZDJHK1
BWRDN5VExVVFZwUEw5SHZCYkFTeXd4eGpBemxpajlvTXFOUHIrUFlwOVNVOTdhV1pHSGR5QnduTTBTd
1BYZW1FTXBhVGt6XC9iV3pHTlB6d3JaQ3cxdElHWUtpRDhIUGlOdks3QUorWDdmcTE1cHBrY3lUUHVJ
MUNQd283TXdMbGdPVDdkWWNnVVZCcWlqQjBQWWRZU3NwOElQYzRhYmQxejI5NlBmWmNZTDBBejlhOWo
2WE1CcnoiLCJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTM2MTc3ODYxMn0

Read a signed request

use Simplon\Signr\Signr;

$signedRequest = 'xxxzzzyyy';
$secretKeySignedRequest = '123456';

// read data should result the following array...
$data = (new Signr())
    ->setSignedRequest($signedRequest)
    ->setSecretKey($secretKeySignedRequest)
    ->read()
    ->getData();

/*
$data = [
  'secret' => [
    'user'         => [
      'gameUid'      => 'xxx',
      'email'        => 'xxx',
      'gameServerId' => 'xxx',
    ],
    'order'        => [
      'checkoutUid'    => 'xxx',
      'inGameCurrency' => 'xxx',
      'realCurrency'   => 'xxx',
      'currencyCode'   => 'xxx',
      'provider'       => 'xxx',
      'created'        => 'xxx',
    ],
    'partnerToken' => 'xxx',
  ],
];
*/

Expire Time

Each signed request holds an issued time stamp which allows to test if a signed-request is expired. By default a signed-request never expires. Following an example how to test against a certain time stamp:

use Simplon\Signr\Signr;

$signedRequest = 'xxxzzzyyy';
$secretKeySignedRequest = '123456';

// lets hold the instance
$signr = new Signr()
    ->setSignedRequest($signedRequest)
    ->setSecretKey($secretKeySignedRequest)
    ->read();

// is expired?
$isExpired = $signr
    ->setExpireTimeMinutes(120) // time to run against the expiration
    ->isExpired();

if($isExpired === TRUE)
{
  echo "SignedRequest is expired!";
}

Changelog

0.6.0

  • Refactored class pattern (builder pattern)
  • Implemented isExpired to test against expiration