sokil/php-guzzlecomponents

Extensions for PHP Guzzle lib

Maintainers

Details

github.com/sokil/php-guzzlecomponents

Source

Issues

Installs: 271

Dependents: 1

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

0.3 2014-05-17 22:50 UTC

Requires

MIT 8362ecb42d11a36fad8397179a20446677fde739

  • sokil <dmytro.sokil.woop@gmail.com>

This package is auto-updated.

Last update: 2024-10-28 00:53:55 UTC

README

Installation

Installation can be made through Composer:

require: {
    "sokil/php-guzzlecomponents": "dev-master"
}

Signing request

This plugin used to sign request on client. For example server gives access to API for that applications who knows "Application ID" and corresponding "Key".

Guzzle client must add configured plugin:

$client->addSubscriber(new \Sokil\Guzzle\Plugin\RequestSign(array(
    'key'               => $cryptKey,
    'algo'              => 'sha1',
    'queryParamName'    => 'sign',
    'additionalParams'  => [
        'app_id'    => $applicationId,
    ]
)));

Algorithm of validation signed request on server:

// check if fields passed in query
if(empty($_GET['sign']) || empty($_GET['app_id']) {
    Header('HTTP/1.0 403 Forbidden');
    exit;
}

// get crypt key from storage by application id
$applicationId = $_GET['app_id'];
$cryptKey = get_crypt_key($applicationId);

// get message
if('POST' === $_SERVER['REQUEST_METHOD']) {
    $body = file_get_contents('php://input');
} else {
    $body = $_GET;
    // sign key not crypted so it must be unset from message
    unset($body['sign']);
    // params must be sorted
    ksort($body);
    // query gathered to string
    $body = http_build_query($body);
}

// calculate and compare sign with passed
return ($_GET['sign'] === hash_hmac('sha1', $body, $cryptKey));