Skip to content

Composer package for the creation of Signed URLs with an expiration datetime

License

Notifications You must be signed in to change notification settings

basekit/signed-url

Repository files navigation

Generate signed URL with an optional expiration date

Latest Version on Packagist GitHub Tests Action Status Total Downloads

Introduction

This package is for simple generation and validation of signed URLs.

What is a signed URL?

A signed URL is a URL that provides limited permission and time to make a request. Signed URLs contain authentication information in their query string, allowing users without credentials to perform specific actions on a resource source

Installation

You can install the package via composer:

composer require basekit/signed-url

Usage

Create a signed URL with an expiration

$urlSigner = new BaseKit\SignedUrl('secret');
$url = $urlSigner->sign('http://dev.app', new \DateTime("+ 10 days"));
echo $url;
// http://dev.app?expires=1597606297&signature=2bcbe00d36010bae3e6bc6e6abe79f6cbc135f360285eeb17e9c53753b4b223a"

Create a signed URL without expiration

$urlSigner = new BaseKit\SignedUrl('secret');
$url = $urlSigner->sign('http://dev.app');
echo $url;
// http://dev.app?expires=1597606297&signature=2bcbe00d36010bae3e6bc6e6abe79f6cbc135f360285eeb17e9c53753b4b223a"

Validate a signed URL

$url = "http://dev.app?expires=1597606297&signature=2bcbe00d36010bae3e6bc6e6abe79f6cbc135f360285eeb17e9c53753b4b223a";
$urlSignValidator = new BaseKit\SignedUrl('secret');
$valid = $urlSignValidator->validate($url);
var_dump($valid);
// bool(true)

The package will append 1 or 2 querystring parameters to the URL that represent the expiry of the link (when provided), and the signature. The signature itself is generated using the original url, the expiry date if provided, and a project specific secret.

It's possible to override the names of these querystring parameters in object instantiation, as below:

$urlSigner = new BaseKit\SignedUrl('secret', 'expirationParam', 'secureSignature');
$url = $urlSigner->sign('http://dev.app', new \DateTime("+ 10 days"));
echo $url;
// https://www.dev.app/?expirationParam=1597608096&secureSignature=ef6839ad6b1a4cfca8e3e04bb2a74da0e9d3d9c4d9870125f499f75c9ef5d2b6

Testing

composer test

Credits

License

The MIT License (MIT). Please see License File for more information.

About

Composer package for the creation of Signed URLs with an expiration datetime

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages