简化版/signr

创建和验证签名请求,包括数据加密。

维护者

详细信息

github.com/fightbulc/simplon_signr

主页

源代码

问题

安装: 315

依赖: 0

建议者: 0

安全性: 0

星标: 2

关注者: 1

分支: 0

开放问题: 0

0.6.0 2013-03-28 14:20 UTC

Requires

MIT 969aa187d56df7ffab3b038aead536db89cd8eec

  • Tino Ehrich <opensource.woop@efides.com>

encryptionsigned requests

This package is auto-updated.

Last update: 2024-09-21 00:19:23 UTC

README

     _                 _                   _
 ___(_)_ __ ___  _ __ | | ___  _ __    ___(_) __ _ _ __  _ __
/ __| | '_ ` _ \| '_ \| |/ _ \| '_ \  / __| |/ _` | '_ \| '__|
\__ \ | | | | | | |_) | | (_) | | | | \__ \ | (_| | | | | |
|___/_|_| |_| |_| .__/|_|\___/|_| |_| |___/_|\__, |_| |_|_|
                |_|                          |___/

简化版 Signr

Signr通过组合一个已知的数据数组和一个只有发送者和接收者才知道的密钥来创建一个签名请求(也称为访问令牌)。默认情况下,签名请求通过hash_hmac签名来防止欺诈。另外,如果数据数组中有一个名为secret的键,该键内的所有数据都将被加密。为了确保签名请求可以通过URL发送,它将被base64编码。

创建签名请求

use Simplon\Signr\Signr;

$secretKeySignedRequest = '123456';

$data = [
  'secret' => [
    'user'         => [
      'gameUid'      => 'xxx',
      'email'        => 'xxx',
      'gameServerId' => 'xxx',
    ],
    'order'        => [
      'checkoutUid'    => 'xxx',
      'inGameCurrency' => 'xxx',
      'realCurrency'   => 'xxx',
      'currencyCode'   => 'xxx',
      'provider'       => 'xxx',
      'created'        => 'xxx',
    ],
    'partnerToken' => 'xxx',
  ],
];

// create signed request
$signedRequest = (new Signr())
    ->setData($data)
    ->setSecretKey($secretKeySignedRequest)
    ->create()
    ->getSignedRequest();

生成的签名请求

VaR6EKGui6clTkLSEVps-fzKgEy9BzEYvK-sWi59kTM.eyJzZWNyZXQiOiJrQ2RXRE50M280MUJvNkZ
cL1drS3lwVUtyeGJUMnB0SVB6eG4zdVBFV3FkMFlsYTc4UlpRWTVCZm55MFp6d3R1bHVzaU5pZDJHK1
BWRDN5VExVVFZwUEw5SHZCYkFTeXd4eGpBemxpajlvTXFOUHIrUFlwOVNVOTdhV1pHSGR5QnduTTBTd
1BYZW1FTXBhVGt6XC9iV3pHTlB6d3JaQ3cxdElHWUtpRDhIUGlOdks3QUorWDdmcTE1cHBrY3lUUHVJ
MUNQd283TXdMbGdPVDdkWWNnVVZCcWlqQjBQWWRZU3NwOElQYzRhYmQxejI5NlBmWmNZTDBBejlhOWo
2WE1CcnoiLCJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTM2MTc3ODYxMn0

读取签名请求

use Simplon\Signr\Signr;

$signedRequest = 'xxxzzzyyy';
$secretKeySignedRequest = '123456';

// read data should result the following array...
$data = (new Signr())
    ->setSignedRequest($signedRequest)
    ->setSecretKey($secretKeySignedRequest)
    ->read()
    ->getData();

/*
$data = [
  'secret' => [
    'user'         => [
      'gameUid'      => 'xxx',
      'email'        => 'xxx',
      'gameServerId' => 'xxx',
    ],
    'order'        => [
      'checkoutUid'    => 'xxx',
      'inGameCurrency' => 'xxx',
      'realCurrency'   => 'xxx',
      'currencyCode'   => 'xxx',
      'provider'       => 'xxx',
      'created'        => 'xxx',
    ],
    'partnerToken' => 'xxx',
  ],
];
*/

过期时间

每个签名请求都包含一个发行时间戳,这允许检查签名请求是否过期。默认情况下,签名请求不会过期。以下是如何针对特定时间戳进行测试的示例

use Simplon\Signr\Signr;

$signedRequest = 'xxxzzzyyy';
$secretKeySignedRequest = '123456';

// lets hold the instance
$signr = new Signr()
    ->setSignedRequest($signedRequest)
    ->setSecretKey($secretKeySignedRequest)
    ->read();

// is expired?
$isExpired = $signr
    ->setExpireTimeMinutes(120) // time to run against the expiration
    ->isExpired();

if($isExpired === TRUE)
{
  echo "SignedRequest is expired!";
}

变更日志

0.6.0

  • 重构了类模式(构建者模式)
  • 实现了isExpired以测试过期情况