Download the PHP package twogether/laravel-url-signer without Composer

On this page you can find all versions of the php package twogether/laravel-url-signer. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package laravel-url-signer

URL Signer

Signs and validates URLs with public/private keys. This is used so that a Source application can make one time calls to a Target application and the Target can verify they're legit.

This package is designed for Laravel, but can be used by other things with some additional configuration.

Installing

First install the package. If you're using Laravel, it adds an artisan command which you can use to generate a key pair if you need one.

php artisan twogether:generate-key-pair

You'll want to install the package into both the Source and Target.

If you're not using Laravel, you will want to generate an RSA256 Public/Private Key Pair.

Configuring the Factory

If you are using Laravel, the Service Provider will automatically register a factory that uses a config file that publishes to config/signed_urls to store keys, and uses the Redis facade. app('Twogether\URLSigner') will return an instance of this.

If you are configuring manually, then you need to create a Factory.

App Name is simply a short string identifying this application. Avoid using spaces, and keep it simple. The Target will use this to verify that requests from this source are unique, so you should not duplicate app_names and use them with the same target.

The CacheBroker is used to validate one-time nonce codes to prevent replay attacks. It expects to use Redis for this, and a PredisCacheBroker class is available for you to use by passing in an instance of Predis\Client. If you are not using Redis, or if you do not use Predis, then you can check this class to see what it does and implement your own by implementing the interface in Contracts\CacheBroker.

Lastly the KeyProvider is optional. If you do not choose to use it then you will have to explicitly set the key every time you sign or validate a URL. We have provided an array implementation that you can configure:

You do not need to specify both public and private keys if you do not need them. A Target application that only receives requests and does not make them does not need a private key for example. And vice versa.

If you want to sign or validate URLs with multiple services, you can add additional keyName => [pair] entries to this array.

Signing

Now when you want to make a request from the Source, generate your target URL, and pass it through:

$factory->sign(string $url, string $keyName = 'default')

This will return your signed URL, or throw exceptions if your configuration is off.

You can also call make which returns a SignedUrl object that supports additional fluent configuration if you want to specify additional options. e.g:

Here we can explicitly set the private key if we did not configure a provider. We can also specify that this URL will be valid for 5 minutes (default is 2).

Validating

$factory->validate($url,string $keyName = 'default', string $publicKey = '')

will validate the signed URL and return true if it passes. You can either specify a keyName for your KeyProvider to fetch the public key, or pass the key as a string if you prefer.

If it fails, it will throw an InvalidSignedUrl exception which has one method:

errors(): array An array of validation errors, keyed by field to work with a Laravel Form Request. You may prefer to use Middleware. Note that the list of errors is not exhaustive, if something's wrong it will error immediately and only include the last error unless everything was missing.

Get started with Laravel

To get started quickly, publish the config file and then set up a public or private key in keys.default in config/signed_urls.

Now just add:

Twogether\LaravelURLSigner\Middleware\SignedURL:class

to a Middleware stack.

The middleware also supports a keyName if you want to set up your routes. Alias the middleware in your kernel to signed_urls and then specify something like signed_urls:reporting to use the public key assigned to 'reporting' in your config.


Note on keys

Your public and private keys can either be a one line string, or the proper 64-character per-line versions with -----BEGIN----- and -----END-----. The library will handle either.


All versions of laravel-url-signer with dependencies

PHP Build Version
Package Version
Requires php Version ^7.1|^8.0
ext-openssl Version *
hidehalo/nanoid-php Version ^1.1
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package twogether/laravel-url-signer contains the following files

Loading the files please wait ....