{"id":16307911,"url":"https://github.com/ap/uri-signature-tiny","last_synced_at":"2025-07-05T02:34:50.904Z","repository":{"id":56835740,"uuid":"307849761","full_name":"ap/URI-Signature-Tiny","owner":"ap","description":"Mint and verify server-signed URIs","archived":false,"fork":false,"pushed_at":"2022-08-10T02:32:28.000Z","size":19,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-12T20:47:46.463Z","etag":null,"topics":["perl","signed-url"],"latest_commit_sha":null,"homepage":"https://metacpan.org/release/URI-Signature-Tiny","language":"Perl","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ap.png","metadata":{"files":{"readme":"README.pod","changelog":"Changes","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-10-27T23:06:16.000Z","updated_at":"2024-03-14T16:11:43.000Z","dependencies_parsed_at":"2022-09-09T18:00:44.112Z","dependency_job_id":null,"html_url":"https://github.com/ap/URI-Signature-Tiny","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/ap/URI-Signature-Tiny","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ap%2FURI-Signature-Tiny","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ap%2FURI-Signature-Tiny/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ap%2FURI-Signature-Tiny/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ap%2FURI-Signature-Tiny/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ap","download_url":"https://codeload.github.com/ap/URI-Signature-Tiny/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ap%2FURI-Signature-Tiny/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263671802,"owners_count":23494042,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["perl","signed-url"],"created_at":"2024-10-10T21:15:45.070Z","updated_at":"2025-07-05T02:34:50.884Z","avatar_url":"https://github.com/ap.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"=pod\n\n=encoding UTF-8\n\n=for comment vim: et sw=2 ts=2 sts=2\n\n=head1 NAME\n\nURI::Signature::Tiny - Mint and verify server-signed URIs\n\n=head1 SYNOPSIS\n\n use URI;\n use URI::Signature::Tiny;\n \n my $notary = URI::Signature::Tiny-\u003enew(\n   secret     =\u003e $secret,\n   after_sign =\u003e sub {\n     my ( $uri, $sig ) = @_;\n     $uri-\u003equery_form({ $uri-\u003equery_form, s =\u003e $sig });\n     $uri;\n   },\n   before_verify =\u003e sub {\n     my ( $uri ) = @_;\n     my %f = $uri-\u003equery_form;\n     my $sig = delete $f{'s'};\n     $uri = $uri-\u003eclone; # important\n     $uri-\u003equery_form( \\%f );\n     ( $uri, ref $sig ? '' : $sig );\n   },\n );\n \n my $signed_uri = $notary-\u003esign( URI-\u003enew( 'http://example.com/foo?bar=baz#pagetop' ) );\n \n my $ok = $notary-\u003everify( $signed_uri );\n\n=head1 DESCRIPTION\n\nThis is a minimal helper to generate URLs that you can later verify to not have\nbeen modified, so that you can trust security-relevant values such as user IDs.\nThis is useful e.g. for a passwort reset link that the user should not be able\nto edit to log in as someone else.\n\n=head1 METHODS\n\n=over 2\n\n=item C\u003cnew\u003e\n\nConstruct and return an instance of this class.\nTakes a list of key/value pairs specifying configuration options:\n\n=over 2\n\n=item C\u003csecret\u003e\n\nA message authentication code (MAC) value,\nwhich needs to have cryptographically sufficient entropy.\n\nB\u003cRequired\u003e.\n\n=item C\u003cafter_sign\u003e\n\nA callback that defines how to incorporate the signature into a fresh URI.\nSee L\u003c/C\u003csign\u003e\u003e for details.\n\nDefaults to a placeholder that croaks.\n\n=item C\u003cbefore_verify\u003e\n\nA callback that defines how to remove the signature from a signed URI.\nSee L\u003c/C\u003cverify\u003e\u003e for details.\n\nDefaults to a placeholder that croaks.\n\n=item C\u003csort_params\u003e\n\nWhether to sort query parameters (if any) before computing the signature.\n\nDefaults to true.\n\n=item C\u003cfunction\u003e\n\nThe function that will be called to compute the signature,\nwhich should have the same signature as the HMAC functions from L\u003cDigest::SHA\u003e:\nthe (normalised) URI and the secret will be its first and second arguments.\n\nDefaults to\nL\u003cC\u003c\\\u0026Digest::SHA::hmac_sha256_base64\u003e|Digest::SHA/hmac_sha256_base64\u003e.\n\nYou might also use this just to post-process the HMAC value, any way you wish:\n\n sub { substr \u0026Digest::SHA::hmac_sha512224_base64, 0, 10 }\n\n=item C\u003crecode_base64\u003e\n\nWhether to apply substitutions to turn the return value of the L\u003c/C\u003cfunction\u003e\u003e\nfrom regular C\u003cbase64\u003e encoding into C\u003cbase64url\u003e.\n\nDefaults to true.\n\n=back\n\n=item C\u003csignature\u003e\n\nCompute and return the signature for the URI\nwhich is passed as the only argument.\n\nThe only way that the URI value might be modified here is\nto sort the query parameters if requested by L\u003c/C\u003csort_params\u003e\u003e.\n\n=item C\u003csign\u003e\n\nTakes a fresh URI and returns the same URI with the signature added to it.\nSpecifically it returns whatever the L\u003c/C\u003cafter_sign\u003e\u003e callback returns,\nwhich gets called with the fresh URI and its signature as arguments.\n\n=item C\u003cverify\u003e\n\nTakes a signed URI and checks whether it matches its signature.\nIt passes its arguments to the L\u003c/C\u003cbefore_verify\u003e\u003e callback,\nwhich must return two values:\nthe bare URI with the signature stripped off, and the signature.\n\nBoth the signature extracted by the L\u003c/C\u003cbefore_verify\u003e\u003e callback\nand the actual signature computed by the L\u003c/C\u003cfunction\u003e\u003e callback\nmust be defined for verification to pass.\n\n=back\n\n=head1 SEE ALSO\n\n=over 2\n\n=item *\n\nL\u003cURL::Signature\u003e\n\n=item *\n\nL\u003cRFCE\u003cnbsp\u003e2104, I\u003cHMAC: Keyed-Hashing for Message Authentication\u003e|https://tools.ietf.org/html/rfc2104\u003e\n\n=item *\n\nL\u003cRFCE\u003cnbsp\u003e4648, I\u003cThe Base16, Base32, and Base64 Data Encodings\u003e, section 5., I\u003cBase 64 Encoding with URL and Filename Safe Alphabet\u003e|https://tools.ietf.org/html/rfc4648#section-5\u003e\n\n=back\n\n=cut\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fap%2Furi-signature-tiny","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fap%2Furi-signature-tiny","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fap%2Furi-signature-tiny/lists"}