tourze / json-rpc-sign-bundle
JsonRPC签名实现
Installs: 14
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:symfony-bundle
Requires
- php: ^8.1
- ext-hash: *
- nesbot/carbon: ^2.72 || ^3
- psr/log: ^3|^2|^1
- symfony/config: ^6.4
- symfony/dependency-injection: ^6.4
- symfony/framework-bundle: ^6.4
- symfony/http-foundation: ^6.4
- symfony/http-kernel: ^6.4
- symfony/yaml: ^6.4 || ^7.1
- tourze/doctrine-helper: 0.0.*
- tourze/json-rpc-caller-bundle: 0.0.*
- tourze/json-rpc-core: 0.0.*
Requires (Dev)
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^10.0
This package is auto-updated.
Last update: 2025-05-08 16:34:37 UTC
README
This bundle provides signature verification support for JSON-RPC services in Symfony applications, inspired by Alibaba Cloud's signature design.
Features
- JSON-RPC request signature verification
- Support for different signature algorithms (MD5, HMAC-SHA1)
- Attribute-based signature verification for JSON-RPC methods
- Event-driven architecture for JSON-RPC request interception
- Configurable time tolerance for signature verification
- API caller identification and validation
Installation
Install via Composer:
composer require tourze/json-rpc-sign-bundle
Quick Start
1. Register the Bundle
In your config/bundles.php:
<?php return [ // ... Tourze\JsonRPCSignBundle\JsonRPCSignBundle::class => ['all' => true], ];
2. Mark Methods for Signature Verification
Add the CheckSign attribute to any class that needs signature verification:
<?php namespace App\JsonRPC; use Tourze\JsonRPCSignBundle\Attribute\CheckSign; #[CheckSign] class SecureService { public function sensitiveMethod(array $params): array { // This method requires a valid signature return [ 'status' => 'success', 'data' => $params, ]; } }
3. Making Signed Requests
When calling a protected JSON-RPC method, include the following headers:
Signature-AppID: your_app_id
Signature-Nonce: random_32_character_string
Signature-Timestamp: current_unix_timestamp
Signature-Method: HMAC-SHA1 (or MD5)
Signature-Version: 1.0
Signature: your_calculated_signature
4. Signature Algorithm
The signature is calculated as follows:
- Concatenate the request payload, timestamp, and nonce
- Apply HMAC-SHA1 or MD5 algorithm with the app secret as the key
- Include the resulting signature in the request headers
Example PHP code for generating a signature:
$payload = json_encode($yourData); $timestamp = time(); $nonce = bin2hex(random_bytes(16)); // random string $appSecret = 'your_app_secret'; // For HMAC-SHA1 $rawText = $payload . $timestamp . $nonce; $signature = hash_hmac('sha1', $rawText, $appSecret); // For MD5 $rawText = $payload . $timestamp . $nonce . $appSecret; $signature = md5($rawText);
License
The MIT License (MIT). Please see License File for more information.