Download the PHP package laragear/token-action without Composer

On this page you can find all versions of the php package laragear/token-action. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package token-action

Token Action

Latest Version on Packagist Latest stable test run Codecov coverage Maintainability Sonarcloud Status Laravel Octane Compatibility

Use tokens to accept or reject actions a limited number of times.

Use them for one-time actions like confirming invites or voting, which after consumed are no longer valid.

Keep this package free

Your support allows me to keep this package free, up-to-date and maintainable. Alternatively, you can spread the word!

Installation

Fire up Composer and require this package in your project.

That's it.

How it works

Tokens are persisted in your application Cache using a randomly generated key and a default prefix.

By default, Token Action will use the default Laravel cache. You may set a custom cache using the TOKEN_ACTION_STORE environment variable, for example, to use a persistent cache (like database, file or redis) instead of ephemeral ones like memcache or array.

Tokens have a number of "tries" available. When a token reaches 0 tries, is deleted from the cache.

Creating Tokens

Tokens can be created using the until() method of the Token facade, along with the moment in time it should expire. You may use an amount of minutes, a \DateTimeInterface like a Carbon instance, or a string to parse by strtotime().

You will receive a Laragear\TokenAction\Token instance, already persisted in the database, with a random ID accessible as the id property.

You may use the ID string to, for example, send it in email or to be part of a URL parameter. The Token instance is castable to the ID string, so you can safely output it as text if you need to.

Multiple-use tokens

Tokens are single use by default, but you can create tokens that can be consumed a limited number of times using the tries() method along with the number of tries.

Tokens can later be consumed more than once.

Payloads

Tokens can be saved with a payload through the with() method, like an array or a string.

You may also add an Eloquent Model or Eloquent Collection as a payload. These are serialized using their primary key and without relations to avoid hitting cache size constraints.

After you retrieve the token, the payload will be included as the payload property.

[!IMPORTANT]

Token payloads are read-only. If you need to change the payload, consider cloning the data.

Retrieving tokens

The most straightforward way to use Tokens is to call the consume() method of the Token facade. If the token ID exist, has not expired, and has at least 1 try left, it will be returned as a Token instance, otherwise it will return null.

If you want to fail if the token is not found, use the consumeOrFail(), which returns an HTTP 404 (Not Found) exception.

Finding a token

If you need to retrieve a token without consuming it, use the find() method of the Token facade. If the token exists, and has tries, you will receive a Laragear\TokenAction\Token instance, otherwise null will be returned.

After the token is retrieved, you should use the consume() method to actually consume the token. If the token has many tries, consuming it once will subtract one from the number of tries.

If you want to find a token or fail by returning an HTTP 404 (Not found) exception, use the findOrFail() method with the token id.

Route binding

If you want to retrieve a token as part of your route action, use the token as route key to bind it. In your route action you should type hint the Token as $token.

As with models, if the token doesn't exist or has expired, an HTTP 404 (Not Found) exception will be thrown.

If the token route key is already used by your application, you can change in the configuration.

Deleting tokens

The only way to delete a token is knowing its ID. If you have a Token instance, you can use the delete() method.

You may also use the destroy() method of the Token facade with the ID of the token.

Cache Store

You can change the cache store to use for managing tokens at runtime with the store() method.

Alternatively, you can change the default cache store to use.

Middleware

This package comes with two middlewares, token.validate and token.consume.

The token.validate middleware checks if a token exists, but doesn't consume it. This is great, for example, to show a view with a form as long the token has enough tries and has not expired.

On the other hand, the token.consume middleware automatically consumes a token from the parameters URL once a successful response is returned. In other words, if the response is successful (HTTP 2XX) or a redirection (HTTP 3XX), the token is consumed.

This should be used, for example, when receiving a form submission from the frontend.

[!IMPORTANT]

These middleware work over the query URL exclusively. If you have set the token outside the query URL, you should check that manually in your route action.

Token parameter Key

Both token.validate and token.consume middleware try to find the token in the token URL parameter. If the token resides in another key, you can point it out as an argument.

Consuming more than once

When using the token.consume middleware, tokens are consumed exactly 1 time. You may change it by setting a number as last middleware argument.

ID Generator

By default, a token ID is an ULID, created by Str::ulid(). You can change it for anything by using the as() method at runtime. It accepts a string, or a Closure that returns a string.

Alternatively, you may use the Token::$generator static property the boot() method of your AppServiceProvider with a Closure that returns a random string.

[!NOTE]

The string to generate will be prefixed to avoid cache key collisions.

Configuration

To further configure the package, publish the configuration file:

You will receive the config/token-action.php config file with the following contents:

Cache

The default key sets which cache store from the application to use. When it's not set, it will use the default set in the application, which on fresh installations is file.

The prefix keys is the string used to prefix all keys for the Tokens generated by library.

Instead of changing these values directly in the configuration file, you should use the TOKEN_ACTION_STORE and TOKEN_ACTION_PREFIX environment variables, respectively.

[!IMPORTANT]

Ensure you set a fault-tolerant and persistent cache for your Tokens. Using a volatile cache store will prune old tokens even if these should still be valid. A good option is the file store, but you may use database for maximum reliability, or redis compatible store with persistence.

Middleware aliases

Both middleware aliases are configured here. If you have other middleware with the same aliases, you may change them here. Alternatively, you can always set the middleware in your route by pointing the middleware class.

Route binding key

This library registers the token string as route key to create an instance of Token based on the string id received. While this usually doesn't bring problems, you may have already a Model or another library using that route key for its own class. Here you can change it for non-conflicting key, like tokenAction.

Laravel Octane Compatibility

The Token Store, and its Cache Store instance stored inside, are not meant to be changed during the application lifetime.

Apart from that, there should be no problems using this package with Laravel Octane.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Token swapping

Users may swap an invalid token with a valid one in the URL to bypass token verification. To avoid this, you can either:

Depending on the action being used with the Token, one could better than the other. For example, if you expect high request volume, the signed route could be great to not hit the application cache or database. On the other hand, the Token payload can be a great solution if you need complex or private information not suited for a URL Query and always get correct data.

License

This specific package version is licensed under the terms of the MIT License, at time of publishing.

Laravel is a Trademark of Taylor Otwell. Copyright © 2011-2024 Laravel LLC.


All versions of token-action with dependencies

PHP Build Version
Package Version
Requires php Version ^8.1
ext-json Version *
laragear/meta Version ^3.1
illuminate/config Version 10.*|11.*
illuminate/support Version 10.*|11.*
illuminate/queue Version 10.*|11.*
illuminate/database Version 10.*|11.*
illuminate/filesystem Version 10.*|11.*
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package laragear/token-action contains the following files

Loading the files please wait ....