snicco / signed-url-psr15-bridge
Psr15 middleware integration for snicco/signed-url.
Requires
- php: ^7.4|^8.0
- psr/http-message: ^1.0.0
- psr/http-server-handler: ^1.0.0
- psr/http-server-middleware: ^1.0.0
- psr/log: ^1.1.1
- snicco/signed-url: ^2.0
Requires (Dev)
- phpunit/phpunit: ^9.5.13
- snicco/http-routing-testing: ^2.0
Conflicts
- snicco/better-wp-api: <2.0.0-beta.9
- snicco/better-wp-cache: <2.0.0-beta.9
- snicco/better-wp-cache-bundle: <2.0.0-beta.9
- snicco/better-wp-cli: <2.0.0-beta.9
- snicco/better-wp-cli-testing: <2.0.0-beta.9
- snicco/better-wp-hooks: <2.0.0-beta.9
- snicco/better-wp-hooks-bundle: <2.0.0-beta.9
- snicco/better-wp-mail: <2.0.0-beta.9
- snicco/better-wp-mail-bundle: <2.0.0-beta.9
- snicco/better-wp-mail-testing: <2.0.0-beta.9
- snicco/better-wpdb: <2.0.0-beta.9
- snicco/better-wpdb-bundle: <2.0.0-beta.9
- snicco/blade-bridge: <2.0.0-beta.9
- snicco/blade-bundle: <2.0.0-beta.9
- snicco/content-negotiation-middleware: <2.0.0-beta.9
- snicco/debug-bundle: <2.0.0-beta.9
- snicco/default-headers-middleware: <2.0.0-beta.9
- snicco/eloquent: <2.0.0-beta.9
- snicco/encryption-bundle: <2.0.0-beta.9
- snicco/event-dispatcher: <2.0.0-beta.9
- snicco/event-dispatcher-testing: <2.0.0-beta.9
- snicco/guests-only-middleware: <1.0.0
- snicco/http-routing: <2.0.0-beta.9
- snicco/http-routing-bundle: <2.0.0-beta.9
- snicco/http-routing-testing: <2.0.0-beta.9
- snicco/https-only-middleware: <2.0.0-beta.9
- snicco/illuminate-container-bridge: <2.0.0-beta.9
- snicco/kernel: <2.0.0-beta.9
- snicco/kernel-testing: <2.0.0-beta.9
- snicco/method-override-middleware: <2.0.0-beta.9
- snicco/minimal-logger: <2.0.0-beta.9
- snicco/must-match-route-middleware: <2.0.0-beta.9
- snicco/no-robots-middleware: <2.0.0-beta.9
- snicco/open-redirect-protection-middleware: <2.0.0-beta.9
- snicco/payload-middleware: <2.0.0-beta.9
- snicco/pimple-bridge: <2.0.0-beta.9
- snicco/psr7-error-handler: <2.0.0-beta.9
- snicco/redirect-middleware: <2.0.0-beta.9
- snicco/session: <2.0.0-beta.9
- snicco/session-bundle: <2.0.0-beta.9
- snicco/session-psr16-bridge: <2.0.0-beta.9
- snicco/session-testing: <2.0.0-beta.9
- snicco/session-wp-bridge: <2.0.0-beta.9
- snicco/share-cookies-middleware: <2.0.0-beta.9
- snicco/signed-url-psr16-bridge: <2.0.0-beta.9
- snicco/signed-url-testing: <2.0.0-beta.9
- snicco/signed-url-wp-bridge: <2.0.0-beta.9
- snicco/str-arr: <2.0.0-beta.9
- snicco/templating: <2.0.0-beta.9
- snicco/templating-bundle: <2.0.0-beta.9
- snicco/testable-clock: <2.0.0-beta.9
- snicco/testing-bundle: <2.0.0-beta.9
- snicco/trailing-slash-middleware: <2.0.0-beta.9
- snicco/wp-auth-only-middleware: <2.0.0-beta.9
- snicco/wp-capability-middleware: <2.0.0-beta.9
- snicco/wp-capapility-middleware: <1.0.0
- snicco/wp-guests-only-middleware: <2.0.0-beta.9
- snicco/wp-nonce-middleware: <2.0.0-beta.9
- dev-master
- v2.0.0-beta.9
- v2.0.0-beta.8
- v2.0.0-beta.7
- v2.0.0-beta.6
- v2.0.0-beta.5
- v2.0.0-beta.4
- v2.0.0-beta.3
- v2.0.0-beta.2
- v2.0.0-beta.1
- v1.10.1
- v1.10.0
- v1.9.1
- v1.9.0
- v1.8.1
- v1.8.0
- v1.7.0
- v1.6.2
- v1.6.1
- v1.6.0
- v1.5.0
- v1.4.2
- v1.4.1
- v1.4.0
- v1.3.0
- v1.2.1
- v1.2.0
- v1.1.3
- v1.1.2
- v1.1.1
- v1.1.0
- v1.0.2
- v1.0.1
- v1.0.0
- dev-beta
This package is auto-updated.
Last update: 2024-12-07 15:06:31 UTC
README
This package consists of two simple middlewares that will make working with snicco/signed-url
a breeze. Make sure to
read the general documentation to
know how to instantiate the needed collaborators.
Installation
composer require snicco/signed-url-psr15-bridge
Usage
Make sure that your favorite framework supports binding middleware on the route level. This middleware should only be added to a route where you expect signed urls, not globally.
Basic Usage
$storage = /* */ $hmac = /* */ $validator = new \Snicco\Component\SignedUrl\SignedUrlValidator($storage, $hmac); $middleware = new \Snicco\Bridge\SignedUrlPsr15\ValidateSignature( $validator, ); /* Attach $middleware to your route */
Customizing the additional request context.
As a second argument you can pass a closure that will receive the current request. Anything you return from this closure will be taken into account when validating the current request.
This has to match the request context that you used when the link was created!
Using the ip-address at creation and the user-agent at validation will not work and the request will always be
invalidated.
// Same as above. $validator = /* */ $middleware = new \Snicco\Bridge\SignedUrlPsr15\ValidateSignature( $validator, function(\Psr\Http\Message\RequestInterface $request) { return $request->getHeaderLine('User-Agent'); } ); /* Attach $middleware to your route */
Only validate unsafe HTTP methods
If a signed-url should be used exactly one time (for GET
requests) you might run into trouble with certain email clients that preload all
links. In this case you can set the third argument of the middleware to (bool) true
. The signature will then only be checked
if the request method is one of [POST, PATCH, PUT, DELETE]
.
Make sure you route is not accessible with safe request methods if you use this option.
Garbage collection
Add the CollectGarbage
middleware to your global middleware groups.
// same as above $storage = /* */ $psr3_logger = /* */ // value between 0-100 // the percentage that one request through the middleware // will trigger garbage collection. $percentage = 4; $middleware = new \Snicco\Bridge\SignedUrlPsr15\CollectGarbage($percentage, $storage, $logger); /* Attach $middleware to your route */