simplon / signr
Create and validate Signed Requests including data encryption.
Requires
- php: >=5.3.3
- ext-json: *
- ext-mcrypt: *
This package is auto-updated.
Last update: 2024-10-21 00:27:27 UTC
README
_ _ _ ___(_)_ __ ___ _ __ | | ___ _ __ ___(_) __ _ _ __ _ __ / __| | '_ ` _ \| '_ \| |/ _ \| '_ \ / __| |/ _` | '_ \| '__| \__ \ | | | | | | |_) | | (_) | | | | \__ \ | (_| | | | | | |___/_|_| |_| |_| .__/|_|\___/|_| |_| |___/_|\__, |_| |_|_| |_| |___/
Simplon Signr
Signr creates an signed-request (also known as access token) by a given data array in combination with a secret key which is only known by the transmitter and receiver of the payload. By default the signed-request is secured against fraud through a hash_hmac signature. Additionally, if the data array holds a key named secret
all data within that key will be encrypted. To ensure that the signed-request can be send via URL it will be encoded via base64.
Create a signed request
use Simplon\Signr\Signr; $secretKeySignedRequest = '123456'; $data = [ 'secret' => [ 'user' => [ 'gameUid' => 'xxx', 'email' => 'xxx', 'gameServerId' => 'xxx', ], 'order' => [ 'checkoutUid' => 'xxx', 'inGameCurrency' => 'xxx', 'realCurrency' => 'xxx', 'currencyCode' => 'xxx', 'provider' => 'xxx', 'created' => 'xxx', ], 'partnerToken' => 'xxx', ], ]; // create signed request $signedRequest = (new Signr()) ->setData($data) ->setSecretKey($secretKeySignedRequest) ->create() ->getSignedRequest();
Generated signed request
VaR6EKGui6clTkLSEVps-fzKgEy9BzEYvK-sWi59kTM.eyJzZWNyZXQiOiJrQ2RXRE50M280MUJvNkZ
cL1drS3lwVUtyeGJUMnB0SVB6eG4zdVBFV3FkMFlsYTc4UlpRWTVCZm55MFp6d3R1bHVzaU5pZDJHK1
BWRDN5VExVVFZwUEw5SHZCYkFTeXd4eGpBemxpajlvTXFOUHIrUFlwOVNVOTdhV1pHSGR5QnduTTBTd
1BYZW1FTXBhVGt6XC9iV3pHTlB6d3JaQ3cxdElHWUtpRDhIUGlOdks3QUorWDdmcTE1cHBrY3lUUHVJ
MUNQd283TXdMbGdPVDdkWWNnVVZCcWlqQjBQWWRZU3NwOElQYzRhYmQxejI5NlBmWmNZTDBBejlhOWo
2WE1CcnoiLCJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTM2MTc3ODYxMn0
Read a signed request
use Simplon\Signr\Signr; $signedRequest = 'xxxzzzyyy'; $secretKeySignedRequest = '123456'; // read data should result the following array... $data = (new Signr()) ->setSignedRequest($signedRequest) ->setSecretKey($secretKeySignedRequest) ->read() ->getData(); /* $data = [ 'secret' => [ 'user' => [ 'gameUid' => 'xxx', 'email' => 'xxx', 'gameServerId' => 'xxx', ], 'order' => [ 'checkoutUid' => 'xxx', 'inGameCurrency' => 'xxx', 'realCurrency' => 'xxx', 'currencyCode' => 'xxx', 'provider' => 'xxx', 'created' => 'xxx', ], 'partnerToken' => 'xxx', ], ]; */
Expire Time
Each signed request holds an issued time stamp which allows to test if a signed-request is expired. By default a signed-request never expires. Following an example how to test against a certain time stamp:
use Simplon\Signr\Signr; $signedRequest = 'xxxzzzyyy'; $secretKeySignedRequest = '123456'; // lets hold the instance $signr = new Signr() ->setSignedRequest($signedRequest) ->setSecretKey($secretKeySignedRequest) ->read(); // is expired? $isExpired = $signr ->setExpireTimeMinutes(120) // time to run against the expiration ->isExpired(); if($isExpired === TRUE) { echo "SignedRequest is expired!"; }
Changelog
0.6.0
- Refactored class pattern (builder pattern)
- Implemented
isExpired
to test against expiration