通过 
搜索
搜索falgunphp / passta
v0.0.1
2021-12-01 06:38 UTC
Requires
- php: 8.1.*
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.3
- phpunit/phpunit: ^9
- vimeo/psalm: ^4.13
README
这是一个简单的临时令牌管理库,它使用基于分割令牌的策略。这种策略有助于减轻对令牌验证系统的旁路信道时间攻击。
安装
请注意,需要 PHP 8.1。
通过 Composer
composer require falgunphp/passta
用法
<?php use Falgun\Passta; use Falgun\Passta\Hash\DefaultHashDriver; use Falgun\Passta\Random\DefaultRandomGenerator; $passta = new Passta( new DefaultHashDriver(), new DefaultRandomGenerator(), ); $token = $passta->generate(); /** * $token object will contain similar to below content * * Falgun\Passta\Token\Token Object * ( * [selector] => 971ee944fec51494dfa82133a4358989 * [verifierHash] => 13e726abb996a3605883e312af1e5b2d97c5d9372927e65896ced931d0bb309c * [token] => 971ee944fec51494dfa82133a4358989e2f89abe7a7f91ae878f703831852ac0 * ) * * We need to store both selector & verifierHash in some storage (database) for later usage * send [token] string to user via mail or other media. */ // When user clicks on the link with their [token] $splitToken = $passta->convertToSplitToken($userProvidedToken); // $userProvidedToken is the token that we sent to them in previous step /* * $splitToken contains a selector and a verifier * use selector to find verifierHash from storage (database) * Then attempt to verify the verifierHash with $splitToken */ if ($passta->verify($splitToken, $verifierHash)) { // user provided token is valid // we can proceed to our domain logic // don't forget to delete select/verifierHash from storage } else { // invalid token }
许可证
MIT 许可证 (MIT)。有关更多信息,请参阅许可证文件。