PHP download

Download the PHP package piggly/url-file-signer without Composer

On this page you can find all versions of the php package piggly/url-file-signer. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download piggly/url-file-signer
More information about piggly/url-file-signer
Files in piggly/url-file-signer

Vendor piggly
Package url-file-signer
Short Description Generate a URL with unique parameters and a signature to prevent invalid accesses.
License MIT
Homepage https://github.com/piggly-dev/url-file-signer

Keywords security url encryption sign piggly

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of piggly/url-file-signer

Informations about the package url-file-signer

Create secures Images URLs with a limited lifetime

This package was made inspired by spatie/url-signer and Facebook Images URL Schemas. It can create a file URL with a limited lifetime and a signature checker. But, it also includes some features, such as:

Hide, across encoding, the file path;
Sign URL query strings;
Append file parameters.

With this library, your file path /path/to/file/image.jpg will be converted to something like https://cdn.example.com/564463774e6a45334e445934556a63304e6b5a584e6a59324f545a444e6a553d/image.jpg?oe=5DE6B01A&oh=22465b117a955a23728f306e3707eea5.

Installation

This package can installed via Composer:

URL Structure

By default, all signed files URLs will contain the following structure:

baseUrl base host/domain/url;
/[fileParameter]/... (optional) one or more files parameters;
/[encodedPath] file path encoded;
/[file.ext]? file name;
op=[orderOfParameters] (optional) contains the order of parameters in the file name.
od=[domain] (optional) domain owner.
oe=[expiration] encoded expiration date.
oh=[signature] signature hash;

Usage

A signer-object can sign and validate files URL. A unique and secret key is used to generate signatures. As simple as:

Customizing Query Strings Parameters

The signed-object allows customization for the following query string parameters:

Order of Parameters: with op as default. When a file has parameters, will contain an encoded list with parameters in the order they appear in the file name;
Expiration: with oe as default. Will contain an encoded timestamp with expiration date;
Signature: with oh as default. Will contain a hash string signature to URL;
Domain: with od as default. But, you have to enable it by using enableDomainParam() method. It checks if the domain is the same in the URL host provider.

To customize each of them, use as follow:

Setting up Parameters for Files

In most modern systems, when saving a file, an algorithm may generate many different versions for a file. Below, is what we understand about file parameters:

A piece of unique information that modifies the file. Eg.: sizes, compressions, versions, and so on.

To detect parameters, the signed-object will lookup into the file name and extract this parameter to pos-formatting.

Let's suppose some scenario where it has different sizes for the same image.jpg. Then, the image needs to has your property set in its name, such as images_s250.jpg, images_s840.jpg, and so on.

The _ is what we called as File Separator. It separates one or more parameters _s250_vprivate_c80. And, the s, v or c is what we called as Parameters Identifier. They are an alias to identifying the next characters (/([a-z0-9]+)?/i) as the Parameter Value. All parameters are optionals values in the file name. If don’t want to catch parameters jump this section.

The File Entity

To maintain File Separator, Parameters Identifiers and Parameters Values a File class was created at version 1.0.1. Before use the signed-object and sign a URL, you need to create a File class which contains all data related to your file and assign to it a ParameterDict. As below:

Customizing File Separator

The File Entity allows you to change the default file separator _ to whatever you want. Just use:

Identifying Parameters

To prepare the File Entity to identify file parameters will be necessary to create a ParameterDict instance. It’s a collection that manages parameter identifiers and aliases. First, create your ParameterDict containing all allowed file parameters in the file name:

Think about ParameterDict class as "a list of parameters allowed and how they are organized".

A Parameter Identifier has a unique literal name related to it and an alias to lookup in the file name. The Parameter Dictionary will auto-generates an alias based on the first letter of parameter literal name. However, you can customize alias as you want.

Soon after creating the Parameter Dictionary, associate it while create the File Entity:

Sorting Parameters in Parameter Dictionary

By default, the File Entity will lookup into file name and generates URI Schema following the order you have added the file parameters in Parameter Dictionary. But, sometimes, you need to change the order of parameters to make things more interesting.

There are two methods in the File Entity to doing this. And you can call them anytime before calling any file name or URL generator. To sort how parameters will show in the URL schema. Then, call sortToDisplay() method. As below:

And, to sort order that the File Entity needs to generates the file name call sortInFileName() method. As below:

Below, a real world example:

All file parameters are optional. It means you don't need to worry about files which has or which not. All you need to care about is sorting display URLs and order in the file names properly if needed. The File Entity will do the rest.

Adding Parameters to a File Entity

To add Parameters Values to a File Entity, it is so simple as:

The parameters attribute, a ParameterCollection class, has the methods:

A public allowed attribute to manipulate the ParameterDict class associeted to the File ;

delete($name) to delete a parameter . Will return \self;

replace($name, $value) to replace a parameter value. Will return \self;

get($name) to get a parameter value. Will return the parameter value;

onlyParams($names) will return in an array only parameters $names;

params() will return all parameters array;

paramsToFileName() will return an array with parameters formed to the file name;

paramsToDisplay() will return an array with parameters formed to display in URL Schema;

valueExists($name) will check if a value exists;

names() and values() will return only parameters names or parameters values;

count() will return the parameters count.

File Entity methods

The File Entity has a lot of useful methods, the most commons are below:

changeSeparator($separator) will change the default file separator;

getName($name), getExtension($ext) and getPath($path) will, respectively, get the name, the extension and the path of file;

getFileName() will form and return the full file name with path and extension;

getFileNameEncoded() will form and return the full file name with encoded path and extension;

getFileNameDecoded() will form and return the full file name with decoded path and extension. The file path needs to be encoded to use this function;

set($fileName) will set the name, the extension and the path of file;

setName($name), setExtension($ext) and setPath($path) will, respectively, set the name, the extension and the path of file;

setRandomName() will create a unique and numeric random name to your file by using timestamp and random functions. The resulted pattern will be [0-9]{8,}_[0-9]{15,}_[0-9]{19};

sortToDisplay($newSort) will sort parameters to display in the URL Scheme;

sortInFileName($newSort) will sort parameters to insert in the file name.

All others methods will be automatic used by the signed-object.

Generating Signed URLs

Signed URLs are created and validated by the signer-object. It can be generated by providing the File Entity and a Time-To-Live in DateInterval format to the sign() method:

While sign a URL you may and send query strings, such as below:

Validating Signed URLs

To validate a signed URL, simple call the validate() method. This will return false when the URL is not valid, or a array which contains the mounted file name and the timestamp :

You can use exp to set HTTP Header Expires and you can use file to read and return the file to browser.

Tips

To improve the way you see this library, here we share some useful tips. Let's see:

If you don't want the encoded file path in the URL. Don't worry, just send the file name without using a path;
The encoded file path will return a long string. Almost six times bigger than your original path string. You may consider sending a path alias in URL and later, after validation, lookup to a database the original file path.

An approach to better manage paths in File Entity may be added to this library soon in the future.

Customizing Signers

This package provides a signer that generates a signature by using MD5 hash. You can create your signer by implementing the interface Piggly\UrlFileSigner\BaseSigner. If you let your signer extend Piggly\UrlFileSigner\UrlSigner you'll only need to provide the createSignature method.

Future Implementations

For now, we know that the encoded file path isn't the better approach, after all, it returns a very long string resulting in a very long URL as well. In future implementations, we will bring a new way of doing this. Feel free to contributing and solve this little problem.

Remember

Changelog

Please see CHANGELOG for more information what has changed recently.

Testing

This library uses PHPUnit.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Credits

Caique Araujo
All Contributors

Support us

Piggly Studio is a agency based in Rio de Janeiro, Brasil.

License

The MIT License (MIT). Please see License File for more information.

All versions of url-file-signer with dependencies

PHP Build Version

Package Version

Version 1.0.3 Release 14. Mar 2020
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of url-file-signer from vendor piggly

Requires php Version ^7.1
jwage/purl Version ^1.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package piggly/url-file-signer contains the following files

Loading the files please wait ....