Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/spatie/url-signer

Create and validate signed URLs with a limited lifetime
https://github.com/spatie/url-signer

mail php security sign url

Last synced: 2 days ago
JSON representation

Create and validate signed URLs with a limited lifetime

Host: GitHub
URL: https://github.com/spatie/url-signer
Owner: spatie
License: mit
Created: 2015-08-11T12:35:30.000Z (over 9 years ago)
Default Branch: main
Last Pushed: 2024-09-23T08:04:32.000Z (5 months ago)
Last Synced: 2024-10-29T20:55:51.335Z (3 months ago)
Topics: mail, php, security, sign, url
Language: PHP
Homepage: https://freek.dev/248-url-signing-in-laravel
Size: 125 KB
Stars: 425
Watchers: 15
Forks: 46
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Funding: .github/FUNDING.yml
- License: LICENSE.md

Awesome Lists containing this project

README

        # Create signed URLs with a limited lifetime

[![Latest Version on Packagist](https://img.shields.io/packagist/v/spatie/url-signer.svg?style=flat-square)](https://packagist.org/packages/spatie/url-signer)

[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)

[![Quality Score](https://img.shields.io/scrutinizer/g/spatie/url-signer.svg?style=flat-square)](https://scrutinizer-ci.com/g/spatie/url-signer)

[![Total Downloads](https://img.shields.io/packagist/dt/spatie/url-signer.svg?style=flat-square)](https://packagist.org/packages/spatie/url-signer)

This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.

```php

$urlSigner = new Sha256UrlSigner('randomkey');

$urlSigner->sign('https://myapp.com', 30);

// => The generated url will be valid for 30 seconds

```

This will output a URL that looks like `https://myapp.com/?expires=xxxx&signature=xxxx`.

Imagine mailing this URL out to the users of your application. When a user clicks on a signed URL

your application can validate it with:

```php

// returns `true` if valid, `false` if not

$urlSigner->validate('https://myapp.com/?expires=xxxx&signature=xxxx');

```

## Support us

[](https://spatie.be/github-ad-click/url-signer)

We invest a lot of resources into creating [best in class open source packages](https://spatie.be/open-source). You can support us by [buying one of our paid products](https://spatie.be/open-source/support-us).

We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on [our contact page](https://spatie.be/about-us). We publish all received postcards on [our virtual postcard wall](https://spatie.be/open-source/postcards).

## Postcardware

You're free to use this package (it's [MIT-licensed](LICENSE.md)), but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using.

Our address is: Spatie, Kruikstraat 22, 2018 Antwerp, Belgium.

All postcards are published [on our website](https://spatie.be/en/opensource/postcards).

## Installation

The package can installed via Composer:

```

composer require spatie/url-signer

```

## Usage

A signer-object can sign URLs and validate signed URLs. A secret key is used to generate signatures.

```php

use Spatie\UrlSigner\Sha256UrlSigner;

$urlSigner = new Sha256UrlSigner('mysecretkey');

```

### Generating URLs

Signed URLs can be generated by providing a regular URL and an expiration date to the `sign` method.

```php

$expirationDate = (new DateTime())->modify('10 days');

$urlSigner->sign('https://myapp.com', $expirationDate);

// => The generated url will be valid for 10 days

```

If an integer is provided as expiration date, the URL will be valid for that amount of seconds.

```php

$urlSigner->sign('https://myapp.com', 30);

// => The generated URL will be valid for 30 seconds

```

### Validating URLs

To validate a signed URL, simply call the `validate()` method. This will return a boolean.

```php

$urlSigner->validate('https://myapp.com/?expires=1439223344&signature=a479abde194d111022a6831edbda29b14e7bdb760438a8a0be2556cd1a6c23fa');

// => true

$urlSigner->validate('https://myapp.com/?expires=1439223344&signature=a479abde194d111022a6831edbda-INVALID-29b14e7bdb760438a8a0be2556cd1a6c23fa');

// => false

```

## Writing custom signers

This packages provides a signer that uses SHA256 to generate signature. You can create your own

signer by implementing the `Spatie\UrlSigner\Contracts\UrlSigner`-interface. If you let your signer extend

`Spatie\UrlSigner\AbstractUrlSigner` you'll only need to provide the `createSignature`-method.

## Tests

The tests can be run with:

```

composer test

```

## Integrations

To get started quickly in Laravel you can use the [spatie/laravel-url-signer](https://github.com/spatie/laravel-url-signer) package.

## Changelog

Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently.

## Contributing

Please see [CONTRIBUTING](https://github.com/spatie/.github/blob/main/CONTRIBUTING.md) for details.

## Security

If you've found a bug regarding security please mail [[email protected]](mailto:[email protected]) instead of using the issue tracker.

## Credits

- [Freek Van der Herten](https://github.com/freekmurze)

- [Sebastian De Deyne](https://github.com/sebastiandedeyne)

- [All Contributors](../../contributors)

## About Spatie

Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects [on our website](https://spatie.be/opensource).

## License

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.