Download the PHP package davidpeach/laravel-hmac-validation-rule without Composer
On this page you can find all versions of the php package davidpeach/laravel-hmac-validation-rule. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download davidpeach/laravel-hmac-validation-rule
More information about davidpeach/laravel-hmac-validation-rule
Files in davidpeach/laravel-hmac-validation-rule
Package laravel-hmac-validation-rule
Short Description A rule class for validating a hmac signature
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package laravel-hmac-validation-rule
Laravel Hmac Validation Rule
A Laravel Rule Object for checking an Hmac hash based on any of your request key / value pairs.
Installation
Why
Sometimes you may want some extra assurance that the data that arrives at its intended destination is the exact data that was sent.
We can do this by "signing" the data with a secret key (a random string of characters) that only the client and the destination know.
The client signs the data and sends it to the destination along with the data hash they created. Then the destination, on receiving the request, will hash the data themselves using the same secert key and check that their data hash is exactly the same. If it differs, you can disregard and return an error status.
Example Usage
For this example lets say you are building an endpoint that will accept an email and a name that you need to make sure has not been tampered with.
Here are the steps:
- As the API designer, decide which parts of the data you want to build the hash from, and in which order.
- For this example, let's say we want both the email and name fields to be used for the hash.
- The fields should be in the same order when hashed, as the ordering will affect the end hash result.
- I may add a configuration option to alphabetise the fields based on their keys in the near future.
-
In your request validation, use the Hmac rule object like in the example here:
-
Define the
.envvariableHMAC_VALIDATION_SECRETto be your shared secret. This will be the same secret that the client uses to hash the required fields. - The client sends the request along with the hmac hash they have calculated using the shared secret:
The client sending the data to your endpoint should json encode the data in the same order that you are passing them
into your usage of the Hmac rule object. Then they should calculate a Hmac hash of that json string and pass it
with the request. (as the key hmac in this example, but it could be any key). Only the sha256 algorithm is
currently supported, but this will be configurable soon.
