francodacosta/caparica

使用签名请求确保您的REST API安全

维护者

详细信息

github.com/francodacosta/caparica

主页

源代码

问题

安装数: 31,533

依赖项: 2

建议者: 0

安全: 0

星标: 3

关注者: 2

分支: 1

开放性问题: 1

1.0 2014-10-04 12:34 UTC

Requires

  • php: >=5.3.0

Requires (Dev)

Suggests

MIT 1bada802f31eb98f11c82ed110c7ca80ecd7906b

restapisecurehmac

This package is not auto-updated.

Last update: 2024-09-24 01:53:37 UTC

README

PHP库,用于验证和创建签名请求

这是一个低级别库,你可能需要查看

安装

composer.phar require francodacosta/caparica

文档

请务必阅读文档,确保您理解 Caparica 的客户端和服务器部分。

最新文档可以在 docs 文件夹 中找到

签名请求 (客户端)

use Caparica\Crypto\RequestSigner;

$signer = new RequestSigner();
$password = "12345678901234567890";
$params = array (
    'a' => 'bcd',
    'c' => '123',
    'b' => 'ewq',
    'X-CAPARICA-TIMESTAMP' => date('U')
);

$signature = $signer->sign($params, $password);

验证请求 (服务器端)

use Caparica\Security\RequestValidator;
use Caparica\Client\BasicClient;

$client = new BasicClient;

$requestValidator = new RequestValidator(new RequestSigner);

// this values come from the request the client made
// use whatever methods your framework has to access http requests
$requestParams = array(
   'X-CAPARICA-DATE' => "12345676743",
    'a'               => 'bcd',
    'c'               => '123',
    'b'               => 'ewq',
);

// the signature comes from the request, we will use it to compare with the server
// generated one, if they match we know the request is valid
$requestSignature = '0c6513e432bb25d8be659a99ca240a64f60dee875e04d557341a677bfe08a1bf';


$isValid = $requestValidator->validate($client, $requestSignature, $requestParams);