smoren / url-security-manager
Class for building, parsing, signing, signature checking, encrypting and decrypting URLs
1.0.4
2021-04-07 14:15 UTC
Requires
- php: >=7.2.0
- ext-openssl: *
- ext-pdo: *
Requires (Dev)
This package is auto-updated.
Last update: 2024-12-07 22:41:00 UTC
README
Class for building, parsing, signing, signature checking, encrypting and decrypting URLs.
Install to your project
composer require smoren/url-security-manager
Unit testing
composer install ./vendor/bin/codecept build ./vendor/bin/codecept run unit tests/unit
Demo
Signing
use Smoren\UrlSecurityManager\UrlSecurityManager; $inputUrl = 'http://localhost:8080/test/path?p1=1&p2=2&p3=3&p4=4'; $secretKey = 'fvd76df89g7fdg89'; // Let's sign some url with our secret key to send signed request to receiver $usmSender = UrlSecurityManager::parse($inputUrl) // signature will be stored as value of query param "sign" // only query params from array (2nd argument) will be signed ->setSignParams('sign', ['p1', 'p2', 'p3']) ->setSecretKey($secretKey) // giving secret key for signing ->sign(); // create signature $signedUrl = $usmSender->stringify(); echo $signedUrl; // http://localhost:8080/test/path?p1=1&p2=2&p3=3&p4=4&sign=5342af44ed716002a81a2872734729f5 // Now we will try to check the signature of URL: $usmReceiver = UrlSecurityManager::parse($signedUrl) ->setSignParams('sign', ['p1', 'p2', 'p3']) ->setSecretKey($secretKey); $usmReceiver->check(); // will be executed without WrongSignatureException $usmReceiver ->setSignParams('sign', ['p1', 'p2', 'p3']) ->setSecretKey('123'); $usmReceiver->check(); // will throw WrongSignatureException $usmSender = UrlSecurityManager::parse($inputUrl) ->setSignParams('sign') // all query params will be signed ->setSecretKey($secretKey) ->sign(); $signedUrl = $usmSender->stringify(); echo $signedUrl; // http://localhost:8080/test/path?p1=1&p2=2&p3=3&p4=4&sign=50489186458519f9f141e616dc02af73
Encrypting/decrypting
use Smoren\UrlSecurityManager\UrlSecurityManager; $inputUrl = 'http://localhost:8080/test/path?p1=1&p2=2&p3=3&p4=4'; $secretKey = 'fvd76df89g7fdg89'; // Let's encrypt url with our secret key to send some secret data to receiver: $usmSender = UrlSecurityManager::parse($inputUrl) // encrypted string will be stored as value of query param "encrypted" // all query params will be encrypted ->setEncryptParams('encrypted') ->setSecretKey($secretKey) ->encrypt(); // encrypting data $encryptedUrl = $usmSender->stringify(); echo $encryptedUrl; // someting like this: // http://localhost:8080/test/path?encrypted=X4oxVda3u%2FD2NX... // Now we will try to decrypt received secret data: $usmReceiver = UrlSecurityManager::parse($encryptedUrl) ->setEncryptParams('encrypted') ->setSecretKey($secretKey) ->decrypt(); $decryptedUrl = $usmReceiver->stringify(); echo $decryptedUrl; // http://localhost:8080/test/path?p1=1&p2=2&p3=3&p4=4 $usmSender->decrypt(); // encrypt only query params: p1, p2 $usmSender->setEncryptParams('encrypted', ['p1', 'p2']); $usmSender->encrypt(); echo $usmSender->stringify(); // something like this: // http://localhost:8080/test/path?p3=3&p4=4&encrypted=CTNdFXZDlBwYwwvQV2L8mGjQg5YydC3... $usmSender->decrypt(); echo $usmSender->stringify(); // http://localhost:8080/test/path?p3=3&p4=4&p1=1&p2=2
Building URLs
use Smoren\UrlSecurityManager\UrlSecurityManager; $usm = UrlSecurityManager::create() ->setScheme('https') ->setHost('test.com') ->setPort(8080) ->setPath('/test/path') ->setParams(['a' => 1, 'b' => 2]); echo $usm->stringify(); // https://test.com:8080/test/path?a=1&b=2 $usm ->setSignParams('sign') ->setSecretKey('q1w2e3r4t5y6u7') ->sign(); echo $usm->stringify(); // https://test.com:8080/test/path?a=1&b=2&sign=89727a40dc08dc9f12d91b5d6e627c17 $usm = UrlSecurityManager::create([ 'scheme' => 'http', 'host' => 'test.com', 'port' => 8080, 'path' => '/test/path', 'params' => ['a' => 1, 'b' => 2], ]); echo $usm->stringify(); // http://test.com:8080/test/path?a=1&b=2
Parse URL from server request
use Smoren\UrlSecurityManager\UrlSecurityManager; $usm = UrlSecurityManager::parse(); echo $usm->stringify(); // you will see full URL of your current server request