通过 
搜索
搜索upyx / uri-signature
签名和验证 URI。
1.1.0
2022-01-24 15:56 UTC
Requires
- php: ^7.4 || ^8
- psr/http-message: ^1.0
- psr/http-message-implementation: ^1.0
Requires (Dev)
- guzzlehttp/psr7: ^1.8.3 || ^2.1
- nyholm/psr7: ^1.4
- ramsey/devtools: ^1.7
Suggests
- guzzlehttp/psr7: Implements PSR-7 HTTP message.
- nyholm/psr7: Implements PSR-7 HTTP message.
This package is auto-updated.
Last update: 2024-09-30 01:30:20 UTC
README
签名和验证 URI。
关于
一个简单的工具,用于签名和验证 URI 的查询参数,以防止欺诈。它支持包括 HMAC 在内的不同哈希算法。
它依赖于 PRS-7 HTTP 消息实现。它已经与 Guzzle 和 Nyholm 进行了测试,但您可以尝试任何其他工具。
安装
使用 Composer 将此包作为依赖项安装。
composer require upyx/uri-signature
如果您收到错误 无法找到包 psr/http-message-implementation,则表示您缺少 PSR-7 实现。请尝试
composer require nyholm/psr7
或
composer require guzzlehttp/psr7
使用方法
要签名查询参数
use GuzzleHttp\Psr7\Uri; use Upyx\UriSignature\Signer; $signer = new Signer('sig', 's0me$ecret!', 'sha1'); $uri = new Uri('https://example.com/?sensitive=value'); $signed = $signer->signUriParams($uri); echo $signed; // https://example.com/?sensitive=value&sig=YQ_1AXL5Cdspng1W7SETkdvsLoY
要检查它们
use GuzzleHttp\Psr7\Uri; use Upyx\UriSignature\Signer; $signer = new Signer('sig', 's0me$ecret!', 'sha1'); $signed = new Uri('https://example.com/?sensitive=value&sig=YQ_1AXL5Cdspng1W7SETkdvsLoY'); $verified = $signer->verifyUriParams($signed); // true $hacked = new Uri('https://example.com/?sensitive=changed&sig=YQ_1AXL5Cdspng1W7SETkdvsLoY'); $failed = $signer->verifyUriParams($hacked); // false
它仅签名查询参数!
use GuzzleHttp\Psr7\Uri; use Upyx\UriSignature\Signer; $signer = new Signer('sig', 's0me$ecret!', 'sha1'); $signed1 = new Uri('//some.example.com/?sensitive=value&sig=YQ_1AXL5Cdspng1W7SETkdvsLoY'); $signed2 = new Uri('//other.example.com/?sensitive=value&sig=YQ_1AXL5Cdspng1W7SETkdvsLoY'); $signed3 = new Uri('/?sensitive=value&sig=YQ_1AXL5Cdspng1W7SETkdvsLoY'); $verified = $signer->verifyUriParams($signed1); // true $verifiedToo = $signer->verifyUriParams($signed2); // true $verifiedAgain = $signer->verifyUriParams($signed3); // true
参数将被排序,因此顺序不重要
use GuzzleHttp\Psr7\Uri; use Upyx\UriSignature\Signer; $signer = new Signer('sig', 's0me$ecret!', 'sha1'); $signed1 = new Uri('/?param1=value1¶m2=vA%20e.&sig=m3EaBLndIFulvWGJqUuxGepv000'); $signed2 = new Uri('/?param2=vA%20e.¶m1=value1&sig=m3EaBLndIFulvWGJqUuxGepv000'); $verified = $signer->verifyUriParams($signed1); // true $verifiedToo = $signer->verifyUriParams($signed2); // true
但是,数组的顺序是重要的
use GuzzleHttp\Psr7\Uri; use Upyx\UriSignature\Signer; $signer = new Signer('sig', 's0me$ecret!', 'sha1'); $signed = new Uri('https://example.com/?param[]=1¶m[]=2&sig=TZEYycd_uldtq0B3nHXlETRxT2Y'); $hacked = new Uri('https://example.com/?param[]=2¶m[]=1&sig=TZEYycd_uldtq0B3nHXlETRxT2Y'); $verified = $signer->verifyUriParams($signed1); // true $failed = $signer->verifyUriParams($hacked); // false
要检查支持的算法,可以使用函数 hash_algos() 和 hash_hmac_algos()。要使用 HMAC,请添加 hmac- 前缀。例如
new Signer('sig', 's0me$ecret!', 'sha1'); new Signer('sig', 's0me$ecret!', 'md5'); new Signer('sig', 's0me$ecret!', 'hmac-sha1'); new Signer('sig', 's0me$ecret!', 'hmac-md5');
贡献
欢迎贡献!要贡献,请熟悉 CONTRIBUTING.md。
版权和许可
upyx/uri-signature 库版权所有 © Sergey Rabochiy,并按 MIT 许可协议(MIT)许可使用。有关更多信息,请参阅 LICENSE。