README

安装

可以通过Composer进行安装

require: {
    "sokil/php-guzzlecomponents": "dev-master"
}

签名请求

此插件用于在客户端签名请求。例如，服务器为知道“应用程序ID”和相应的“密钥”的应用程序提供API访问。

Guzzle客户端必须添加配置的插件

$client->addSubscriber(new \Sokil\Guzzle\Plugin\RequestSign(array(
    'key'               => $cryptKey,
    'algo'              => 'sha1',
    'queryParamName'    => 'sign',
    'additionalParams'  => [
        'app_id'    => $applicationId,
    ]
)));

服务器上验证签名请求的算法

// check if fields passed in query
if(empty($_GET['sign']) || empty($_GET['app_id']) {
    Header('HTTP/1.0 403 Forbidden');
    exit;
}

// get crypt key from storage by application id
$applicationId = $_GET['app_id'];
$cryptKey = get_crypt_key($applicationId);

// get message
if('POST' === $_SERVER['REQUEST_METHOD']) {
    $body = file_get_contents('php://input');
} else {
    $body = $_GET;
    // sign key not crypted so it must be unset from message
    unset($body['sign']);
    // params must be sorted
    ksort($body);
    // query gathered to string
    $body = http_build_query($body);
}

// calculate and compare sign with passed
return ($_GET['sign'] === hash_hmac('sha1', $body, $cryptKey));

sokil / php-guzzlecomponents

维护者

详细信息

README

安装

签名请求