sokil / php-guzzlecomponents
PHP Guzzle库扩展
0.3
2014-05-17 22:50 UTC
Requires
- guzzle/guzzle: 3.*
This package is auto-updated.
Last update: 2024-08-28 00:29:49 UTC
README
安装
可以通过Composer进行安装
require: {
"sokil/php-guzzlecomponents": "dev-master"
}
签名请求
此插件用于在客户端签名请求。例如,服务器为知道“应用程序ID”和相应的“密钥”的应用程序提供API访问。
Guzzle客户端必须添加配置的插件
$client->addSubscriber(new \Sokil\Guzzle\Plugin\RequestSign(array( 'key' => $cryptKey, 'algo' => 'sha1', 'queryParamName' => 'sign', 'additionalParams' => [ 'app_id' => $applicationId, ] )));
服务器上验证签名请求的算法
// check if fields passed in query if(empty($_GET['sign']) || empty($_GET['app_id']) { Header('HTTP/1.0 403 Forbidden'); exit; } // get crypt key from storage by application id $applicationId = $_GET['app_id']; $cryptKey = get_crypt_key($applicationId); // get message if('POST' === $_SERVER['REQUEST_METHOD']) { $body = file_get_contents('php://input'); } else { $body = $_GET; // sign key not crypted so it must be unset from message unset($body['sign']); // params must be sorted ksort($body); // query gathered to string $body = http_build_query($body); } // calculate and compare sign with passed return ($_GET['sign'] === hash_hmac('sha1', $body, $cryptKey));