arthem/request-signer-bundle

Symfony 请求签名包

维护者

详细信息

github.com/4rthem/request-signer-bundle

主页

源码

问题

安装次数: 4,442

依赖者: 0

建议者: 0

安全性: 0

星标: 0

关注者: 3

分支: 0

开放问题: 2

类型:symfony-bundle

1.0.4 2020-05-24 13:07 UTC

Requires

Requires (Dev)

Suggests

MIT d3d584771ffef6db6b5faf874d1d1228e5bec61e

This package is auto-updated.

Last update: 2024-09-21 23:55:51 UTC

README

此包可以帮助您签名请求,以便提供对受保护资源的访问。

Build Status

适配器

支持的提供者

  • AWS S3 (composer req arthem/jwt-request-signer)
  • 本地与JWT (composer req arthem/jwt-request-signer)

安装与配置

composer require arthem/request-signer-bundle

配置您的签名者

# config/packages/arthem_request_signer.yaml
services:
  s3_client:
    class: Aws\S3\S3Client
    arguments:
    -
      region: us-east-2
      version: "2006-03-01"
      credentials:
        key: '%env(AWS_ACCESS_KEY)%'
        secret: '%env(AWS_SECRET_KEY)%'

arthem_request_signer:
  signers:
    my_local_jwt: # your signer name
      jwt: # signer adapter
        ttl: 120 # in seconds
        signing_key: '%env(resolve:MY_SIGNING_KEY)%'
    aws_images: # your signer name
      aws_s3: # signer adapter
        bucket_name: 'my_bucket'
        service_id: 's3_client' # id of your s3 client service
# .env
MY_SIGNING_KEY=change-me
AWS_ACCESS_KEY=change-me
AWS_SECRET_KEY=change-me

使用方法

签名您的资产URL

<?php
namespace App\Serializer\Normalizer;

use App\Entity\Asset;
use Arthem\RequestSignerBundle\RequestSigner;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;

abstract class ApiNormalizer
{
    private UrlGeneratorInterface $urlGenerator;
    private RequestSigner $requestSigner;
    private RequestStack $requestStack;

    protected function generateAssetUrl(Asset $asset): string
    {
        return $this->requestSigner->signUri(
            $this->urlGenerator->generate('asset_preview', ['id' => $asset->getId()], UrlGeneratorInterface::ABSOLUTE_URL),
            $this->requestStack->getCurrentRequest(),
            [
                'signer' => 'aws_images', // override default adapter (optional)
                'ResponseContentDisposition' => 'attachment; filename=image.jpg', // Force S3 download
            ]
        );
    }
}

如果验证由您的应用程序执行

<?php
namespace App\Controller;

use Arthem\RequestSignerBundle\RequestSigner;
use Arthem\RequestSignerBundle\Exception\InvalidSignatureException;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Routing\Annotation\Route;

class AssetController
{
    /**
     * @Route("/assets/{id}", name="asset_preview")
     */
    public function previewAction(string $id, Request $request, RequestSigner $requestSigner)
    {
        try {
            $requestSigner->validateRequest($request);
        } catch (InvalidSignatureException $e) {
            throw new AccessDeniedHttpException($e->getMessage());
        }

        // Stream asset here
    }
}