Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/zfegg/http-content-crypt

RsaAes HTTP Content crypt for psr7 middleware
https://github.com/zfegg/http-content-crypt

crypt signature

Last synced: about 2 months ago
JSON representation

RsaAes HTTP Content crypt for psr7 middleware

Host: GitHub
URL: https://github.com/zfegg/http-content-crypt
Owner: zfegg
License: mit
Created: 2017-02-03T07:37:41.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2017-10-31T06:07:55.000Z (about 7 years ago)
Last Synced: 2024-04-18T08:21:43.702Z (9 months ago)
Topics: crypt, signature
Language: PHP
Size: 23.4 KB
Stars: 0
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        Http Content Signature/Crypt

============================

HTTP content crypt/signature for PSR7 middleware

Installation

------------

Install via composer:

~~~bash

# composer require zfegg/http-content-crypt

~~~

Usage

-----

### ContentCryptMiddleware

Content crypt using RSA+AES.

#### HTTP stream:

~~~

POST /action HTTP/1.1

Host: localhost

Content-Type: application/json

Accept: application/json

X-Content-Encoding: rsaaes, base64

X-Crypto-Key: keyid=1; data=`Urlencode(BASE64.encode(RSA.encode(AesKey)))`

`BASE64.encode(AES.encode('{"test":"test content"}'));`

HTTP/1.1 200 OK

Content-Type: application/json

Content-Length: n

X-Content-Encoding: rsaaes, base64

`BASE64.decode(AES.decode('{"test":"test response content"}'));`

~~~

#### Slim example:

~~~php

use Psr\Http\Message\ServerRequestInterface;

$app = new \Slim\App($settings);

$container = $app->getContainer();

$container[ContentCryptMiddleware::class] = function () {

    $middleware = new ContentCryptMiddleware();

    $rsa = Rsa::factory([

        'public_key' => '',

        'private_key' => '',

        'binary_output' => false,

    ]);

    $middleware->setFetchRsaCallback(function ($keyId, ServerRequestInterface $request) use ($rsa) {

        return $rsa;

    });

    return $middleware;

};

$app->post('/test', function (\Psr\Http\Message\ServerRequestInterface $request, \Slim\Http\Response $response) {

    $rawBody = $request->getBody();

    return $request->write($rawBody);

})->add(ContentCryptMiddleware::class);

$app->run();

~~~

### ContentSignatureMiddleware

Content signature verification using hash HMAC.

在`POST`, `PUT`, `PATCH` 请求中, 对HTTP内容进行 HMAC-HASH 方式签名计算.

内容签名主要是用于校验传输内容的合法性, 避免接口泄漏, 被恶意使用.

#### HTTP stream:

~~~

POST /action HTTP/1.1

Host: localhost

Content-Type: application/json

Accept: application/json

Content-Signature: keyid=1; value=(hash_hex); alg=(md5|sha1|...);

payload

HTTP/1.1 200 OK

Content-Type: application/json

Content-Length: n

Content-Signature: keyid=1; value=(hash_hex); alg=(md5|sha1|...);

payload

~~~

#### Slim example:

~~~php

use Psr\Http\Message\ServerRequestInterface;

$app = new \Slim\App($settings);

$container = $app->getContainer();

$container[ContentSignatureMiddleware::class] = function () {

    $middleware = new ContentSignatureMiddleware();

    $middleware->setFetchRsaCallback(function ($keyId, ServerRequestInterface $request) {

        return "123456";

    });

    return $middleware;

};

$app->post('/test', function (ServerRequestInterface $request, $response) {

    $rawBody = $request->getBody();

    return $request->write($rawBody);

})->add(ContentSignatureMiddleware::class);

$app->run();

~~~