Search by 
sokil / php-guzzlecomponents
Extensions for PHP Guzzle lib
0.3
2014-05-17 22:50 UTC
Requires
- guzzle/guzzle: 3.*
This package is auto-updated.
Last update: 2024-03-27 23:44:59 UTC
README
Installation
Installation can be made through Composer:
require: {
"sokil/php-guzzlecomponents": "dev-master"
}
Signing request
This plugin used to sign request on client. For example server gives access to API for that applications who knows "Application ID" and corresponding "Key".
Guzzle client must add configured plugin:
$client->addSubscriber(new \Sokil\Guzzle\Plugin\RequestSign(array( 'key' => $cryptKey, 'algo' => 'sha1', 'queryParamName' => 'sign', 'additionalParams' => [ 'app_id' => $applicationId, ] )));
| Parameter | Type | Required | Default value | Description |
|---|---|---|---|---|
| key | string | required | Key which used to crypt message | |
| algo | string | optional | sha1 | Crypt algorythm |
| queryParamName | string | optional | sign | Name of query string parameter where signatupe passed |
| additionalParams | array | optional | Parameters, additionaly send in query string and signed if request passed through GET method |
Algorithm of validation signed request on server:
// check if fields passed in query if(empty($_GET['sign']) || empty($_GET['app_id']) { Header('HTTP/1.0 403 Forbidden'); exit; } // get crypt key from storage by application id $applicationId = $_GET['app_id']; $cryptKey = get_crypt_key($applicationId); // get message if('POST' === $_SERVER['REQUEST_METHOD']) { $body = file_get_contents('php://input'); } else { $body = $_GET; // sign key not crypted so it must be unset from message unset($body['sign']); // params must be sorted ksort($body); // query gathered to string $body = http_build_query($body); } // calculate and compare sign with passed return ($_GET['sign'] === hash_hmac('sha1', $body, $cryptKey));