philipbrown/signplz

此包已被废弃且不再维护。作者建议使用 philipbrown/signature-php 包。

HMAC-SHA 身份验证

v5.1.2 2015-04-30 07:51 UTC

This package is not auto-updated.

Last update: 2022-02-01 12:29:28 UTC


README

PHP 5.4+ 版本的 Signature Ruby 宝石

Build Status Code Coverage Scrutinizer Code Quality

安装

philipbrown/signature-php 添加到 composer.json 的依赖项中

$ composer require philipbrown/signature-php

什么是 HMAC-SHA 身份验证?

HMAC-SHA 身份验证允许您使用哈希签名实现非常简单的密钥/密钥认证来保护您的 API。

发送请求

use PhilipBrown\Signature\Token;
use PhilipBrown\Signature\Request;

$data    = ['name' => 'Philip Brown'];
$token   = new Token('abc123', 'qwerty');
$request = new Request('POST', 'users', $data);

$auth = $request->sign($token);

$http->post('users', array_merge($auth, $data));

验证响应

use PhilipBrown\Signature\Auth;
use PhilipBrown\Signature\Token;
use PhilipBrown\Signature\Guards\CheckKey;
use PhilipBrown\Signature\Guards\CheckVersion;
use PhilipBrown\Signature\Guards\CheckTimestamp;
use PhilipBrown\Signature\Guards\CheckSignature;
use PhilipBrown\Signature\Exceptions\SignatureException;

$auth  = new Auth('POST', 'users', $_POST, [
	new CheckKey,
	new CheckVersion,
	new CheckTimestamp,
	new CheckSignature
]);

$token = new Token('abc123', 'qwerty');

try {
    $auth->attempt($token);
}

catch (SignatureException $e) {
    // return 4xx
}

更改默认 HTTP 请求前缀

默认情况下,此包在请求中使用 auth_*。您可以在签名和验证请求时更改此行为

// default, the HTTP request uses auth_version, auth_key, auth_timestamp and auth_signature
$request->sign($token);
// the HTTP request now uses x-version, x-key, x-timestamp and x-signature
$request->sign($token, 'x-');

如果您更改了默认设置,您需要相应地验证请求

$auth->attempt($token, 'x-');