Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mxl/laravel-api-key
API key authorization for Laravel with replay attack prevention
https://github.com/mxl/laravel-api-key
Last synced: 2 months ago
JSON representation
API key authorization for Laravel with replay attack prevention
- Host: GitHub
- URL: https://github.com/mxl/laravel-api-key
- Owner: mxl
- License: mit
- Created: 2020-04-13T15:45:42.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-07-24T15:39:27.000Z (over 4 years ago)
- Last Synced: 2024-04-14T07:54:05.774Z (9 months ago)
- Language: PHP
- Size: 7.81 KB
- Stars: 5
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# laravel-api-key
[](https://packagist.org/packages/mxl/laravel-api-key)
[](https://packagist.org/packages/mxl/laravel-api-key/stats)
[](https://packagist.org/packages/mxl/laravel-api-key/stats)
[](https://travis-ci.org/mxl/laravel-api-key)
API Key Authorization for Laravel with replay attack prevention
## Installation
```bash
$ composer require mxl/laravel-api-key
```
## How it works?
Both sides (i.e. client and server) have a secret key.
Client calculates a token - hash value for concatenated secret key and current timestamp.
The Token and the timestamp are sent with request to server as separate HTTP headers.
Server recalculates hash value and validates the token by comparing it with this value and by checking that received timestamp belongs to current time ± window interval.
## Configuration
Package uses default configuration from `vendor/laravel-api-key/config/apiKey.php`:
```php
env('API_KEY_SECRET'),
'hash' => env('API_KEY_HASH', 'md5'),
'timestampHeader' => env('API_KEY_TIMESTAMP_HEADER', 'X-Timestamp'),
'tokenHeader' => env('API_KEY_TOKEN_HEADER', 'X-Authorization'),
'window' => env('API_KEY_WINDOW', 30),
];
```
To change it set environment variables mentioned in this configuration or copy it to your project with:
```bash
$ php artisan vendor:publish --provider="MichaelLedin\LaravelApiKey\ApiKeyServiceProvider" --tag=config
```
and modify `config/apiKey.php` file.
**Notice!** If you use `php artisan config:cache` or `php artisan optimize` command then you have
to publish configuration as described above otherwise `env()` function will return `null` for all environment variables.
[Read more](https://laravel.com/docs/5.8/deployment#optimizing-configuration-loading).
The configuration has following parameters:
- `secret` - secret key that is known by client and server;
- `hash` - an algorithm used to create hash value from secret key and timestamp; for a list of supported algorithms check an output of [hash_algos](https://www.php.net/manual/en/function.hash-algos.php) function;
- `timestampHeader` - HTTP header used to pass a timestamp;
- `tokenHeader` - HTTP header used to pass a token;
- `window` - window interval, in seconds;
## Usage
Assign the middleware to routes using middleware class name:
```php
use \MichaelLedin\LaravelApiKey\AuthorizeApiKey;
Route::get('admin/profile', function () {
//
})->middleware(AuthorizeApiKey::class);
```
or an alias:
```php
Route::get('admin/profile', function () {
//
})->middleware('apiKey');
```
## Maintainers
- [@mxl](https://github.com/mxl)
## Other useful Laravel packages from the author
- [mxl/laravel-queue-rate-limit](https://github.com/mxl/laravel-queue-rate-limit) - simple Laravel queue rate limiting;
- [mxl/laravel-job](https://github.com/mxl/laravel-job) - dispatch a job from command line and more;
## License
See the [LICENSE](https://github.com/mxl/laravel-api-key/blob/master/LICENSE) file for details.