prowebcraft / php-request-signature
Sign and check requests
dev-main
2023-05-30 06:24 UTC
Requires
- php: 7.4.*|8.0.*|8.1.*|8.2.*
Requires (Dev)
- doctrine/coding-standard: ^9.0
- infection/infection: ^0.25.1
- phpunit/phpunit: ^9.5.9
- vimeo/psalm: ^4.10.1
This package is auto-updated.
Last update: 2024-10-30 01:53:55 UTC
README
Sign and check requests
Usage examples
To sign your request create signature instance
Signing request
// Creating a signer $signer = new \Prowebcraft\Signature('SECRET_SALT'); // Create signature with path and/or request payload $apiPath = '/api/login'; $payload = [ 'user' => "Elon Musk", 'password' => 'mars2050' ]; $signature = $signer->sign($apiPath, $payload); // Pass signature with Header or in payload $payload['signature'] = $signature; // Make request
Validating incoming request
// Creating a signer checker $signer = new \Prowebcraft\Signature('SECRET_SALT'); // Take request path $path = $_SERVER['REQUEST_URI']; // Collect request payload (can be simple POST or JSON Data) $payload = $_POST ?: json_decode(file_get_contents('php://input'), true); // Check signature $signature = $_SERVER['HTTP_SIGNATURE'] ?? $payload['signature'] ?? false; if (!$signature) { throw new RuntimeException('Invaders must die'); } // Validate integrity of request if (!$signer->check($signature, $path, $payload)) { throw new RuntimeException('Invalid signature'); }