https://github.com/mitoop/laravel-signature

A modern API signature verification system inspired by WeChat Pay v3, featuring timestamp-based replay protection and asymmetric encryption. SDK: https://github.com/mitoop/signature-sdk
https://github.com/mitoop/laravel-signature

payment signature

Last synced: 3 months ago
JSON representation

A modern API signature verification system inspired by WeChat Pay v3, featuring timestamp-based replay protection and asymmetric encryption. SDK: https://github.com/mitoop/signature-sdk

• Host: GitHub
• URL: https://github.com/mitoop/laravel-signature
• Owner: mitoop
• Created: 2025-01-17T07:42:50.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-11-08T13:19:32.000Z (8 months ago)
• Last Synced: 2025-12-14T07:53:41.392Z (7 months ago)
• Topics: payment, signature
• Language: PHP
• Homepage:
• Size: 96.7 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Laravel Signature

Laravel Signature is a robust and flexible package for handling API signature validation and generation. It supports multiple signing methods and can be easily extended to fit your application's needs.

## ✨ Features

- Supports **SHA256-RSA2048**, **SHA256-HMAC**, and **ED25519** signature methods.

- Customizable brand prefixes for signatures.

- Provides a flexible resolver interface for fetching application-specific configurations.

- Easily integrates with Laravel's service container.

## 📦 Installation

Install the package via Composer:

```bash

composer require mitoop/laravel-signature

```

## ⚙️ Configuration

Publish the configuration file:

```bash

php artisan vendor:publish --tag=config --provider="Mitoop\\LaravelSignature\\ServiceProvider"

```

This will create a `config/signature.php` file. Customize it as needed:

```php

return [

    'brand' => 'your_brand',

    'max_clock_offset' => 300,

    'http_timeout' => 60,

];

```

## 🛡️Signature Validation Middleware

Laravel Signature provides a built-in middleware called ValidateSignature 

that verifies incoming API requests to ensure 

they are properly signed and not tampered with or replayed.

You can also create a custom middleware if you need more control over how the signature is verified or logged.

#### ✅ Registering the Middleware

```php

use Mitoop\LaravelSignature\Middlewares\ValidateSignature;

Route::middleware([ValidateSignature::class])->group(function () {

    Route::post('/api/data/cities', [CityController::class, 'index']);

});

```

## 🔄 Making Callback Requests

Laravel Signature also provides a Client class to help you send signed HTTP requests, which is useful for performing callback notifications.

#### ✅ Example: Sending a Signed Callback

```php

use Mitoop\LaravelSignature\Http\Client;

$response = app(Client::class)->post('https://outer-service.com/api/notify', [

    'order_id' => '123456',

    'status' => 'success',

], 'platform-private-key');

```

## References

- [WechatPay-API-v3](https://wechatpay-api.gitbook.io/wechatpay-api-v3)

- [Alipay-open-v3](https://opendocs.alipay.com/open-v3/054kaq)