arthem / jwt-request-signer
Protect access to your resources with JWT
1.0.1
2020-04-02 15:15 UTC
Requires
- php: ^7.2
- guzzlehttp/psr7: ^1.6
- lcobucci/jwt: ^4
Requires (Dev)
- friendsofphp/php-cs-fixer: ^2.16
- phpunit/phpunit: ^8
This package is auto-updated.
Last update: 2024-10-29 05:53:25 UTC
README
Sign your URLs with a JWT token to protect access to your resources.
Installation
composer require arthem/jwt-request-signer
# add a library that implements psr/http-factory-implementation
composer require nyholm/psr7
Usage
Generate signed URL for your resources (an image for instance):
<?php use Arthem\JWTRequestSigner\JWTRequestSigner; use Psr\Http\Message\RequestInterface; $signer = new JWTRequestSigner( 'signing-key', // Your secret signing key 3600, // Expires in 'x-token' // Optional query parameter name ); /** @var RequestInterface $requestToSign */ $requestToSign = new PsrRequest('https://domain.tld/images/7b7fae13-2fb4-4c85-bde4-ebd087eb6be5'); $signedRequest = $signer->signRequest($requestToSign); $signedUri = (string) $signedRequest->getUri();
Now add authorization to your resource:
<?php use Arthem\JWTRequestSigner\JWTRequestSigner; use Arthem\JWTRequestSigner\Exception\InvalidTokenException; use Psr\Http\Message\RequestInterface; $signer = new JWTRequestSigner([/* config */]); try { /** @var RequestInterface $currentRequest */ $signer->validateSignedRequest($currentRequest); } catch (InvalidTokenException $e) { echo "Access denied"; exit; } // Stream your image here...
Frameworks
Symfony request-signer-bundle
Configuration
Determinant headers
In order to offer a strict protection, most headers are signed. You can exclude some headers that are not determinant:
<?php use Arthem\JWTRequestSigner\JWTRequestSigner; /** @var JWTRequestSigner $signer */ $signer->addUnsignedHeader('X-Time');