sokil/php-guzzlecomponents

Extensions for PHP Guzzle lib

0.3 2014-05-17 22:50 UTC

This package is auto-updated.

Last update: 2024-11-28 01:02:02 UTC


README

Installation

Installation can be made through Composer:

require: {
    "sokil/php-guzzlecomponents": "dev-master"
}

Signing request

This plugin used to sign request on client. For example server gives access to API for that applications who knows "Application ID" and corresponding "Key".

Guzzle client must add configured plugin:

$client->addSubscriber(new \Sokil\Guzzle\Plugin\RequestSign(array(
    'key'               => $cryptKey,
    'algo'              => 'sha1',
    'queryParamName'    => 'sign',
    'additionalParams'  => [
        'app_id'    => $applicationId,
    ]
)));

Algorithm of validation signed request on server:

// check if fields passed in query
if(empty($_GET['sign']) || empty($_GET['app_id']) {
    Header('HTTP/1.0 403 Forbidden');
    exit;
}

// get crypt key from storage by application id
$applicationId = $_GET['app_id'];
$cryptKey = get_crypt_key($applicationId);

// get message
if('POST' === $_SERVER['REQUEST_METHOD']) {
    $body = file_get_contents('php://input');
} else {
    $body = $_GET;
    // sign key not crypted so it must be unset from message
    unset($body['sign']);
    // params must be sorted
    ksort($body);
    // query gathered to string
    $body = http_build_query($body);
}

// calculate and compare sign with passed
return ($_GET['sign'] === hash_hmac('sha1', $body, $cryptKey));