prowebcraft/php-request-signature

Sign and check requests

Maintainers

Details

github.com/prowebcraft/php-request-signature

Source

Issues

Installs: 1 023

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

dev-main 2024-11-14 10:48 UTC

Requires

  • php: 7.4.*|8.*

Requires (Dev)

MIT 2cbbafaa274dddb68890aa4bbf62062cf09c420e

  • Andrey Mistulov <prowebcraft.woop@gmail.com>

This package is auto-updated.

Last update: 2024-11-14 10:48:18 UTC

README

Sign and check requests

Usage examples

To sign your request create signature instance

Signing request

// Creating a signer
$signer = new \Prowebcraft\Signature('SECRET_SALT');
// Create signature with path and/or request payload
$apiPath = '/api/login';
$payload = [
    'user' => "Elon Musk",
    'password' => 'mars2050'
];
$signature = $signer->sign($apiPath, $payload);
// Pass signature with Header or in payload
$payload['signature'] = $signature;
// Make request

Validating incoming request

// Creating a signer checker
$signer = new \Prowebcraft\Signature('SECRET_SALT');

// Take request path
$path = $_SERVER['REQUEST_URI'];
// Collect request payload (can be simple POST or JSON Data)
$payload = $_POST ?: json_decode(file_get_contents('php://input'), true); 

// Check signature
$signature = $_SERVER['HTTP_SIGNATURE'] ?? $payload['signature'] ?? false;
if (!$signature) {
    throw new RuntimeException('Invaders must die');
}

// Validate integrity of request
if (!$signer->check($signature, $path, $payload)) {
    throw new RuntimeException('Invalid signature');
}