Create signed URLs with a limited lifetime
, (*1)
This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL., (*2)
$urlSigner = new Sha256UrlSigner('randomkey');
$urlSigner->sign('https://myapp.com', 30);
// => The generated url will be valid for 30 seconds
This will output a URL that looks like https://myapp.com/?expires=xxxx&signature=xxxx., (*3)
Imagine mailing this URL out to the users of your application. When a user clicks on a signed URL
your application can validate it with:, (*4)
// returns `true` if valid, `false` if not
$urlSigner->validate('https://myapp.com/?expires=xxxx&signature=xxxx');
Support us
, (*5)
We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products., (*6)
We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall., (*7)
Postcardware
You're free to use this package (it's MIT-licensed), but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using., (*8)
Our address is: Spatie, Kruikstraat 22, 2018 Antwerp, Belgium., (*9)
All postcards are published on our website., (*10)
Installation
The package can installed via Composer:, (*11)
composer require spatie/url-signer
Usage
A signer-object can sign URLs and validate signed URLs. A secret key is used to generate signatures., (*12)
use Spatie\UrlSigner\Sha256UrlSigner;
$urlSigner = new Sha256UrlSigner('mysecretkey');
Generating URLs
Signed URLs can be generated by providing a regular URL and an expiration date to the sign method., (*13)
$expirationDate = (new DateTime())->modify('10 days');
$urlSigner->sign('https://myapp.com', $expirationDate);
// => The generated url will be valid for 10 days
If an integer is provided as expiration date, the URL will be valid for that amount of seconds., (*14)
$urlSigner->sign('https://myapp.com', 30);
// => The generated URL will be valid for 30 seconds
Validating URLs
To validate a signed URL, simply call the validate() method. This will return a boolean., (*15)
$urlSigner->validate('https://myapp.com/?expires=1439223344&signature=a479abde194d111022a6831edbda29b14e7bdb760438a8a0be2556cd1a6c23fa');
// => true
$urlSigner->validate('https://myapp.com/?expires=1439223344&signature=a479abde194d111022a6831edbda-INVALID-29b14e7bdb760438a8a0be2556cd1a6c23fa');
// => false
Writing custom signers
This packages provides a signer that uses SHA256 to generate signature. You can create your own
signer by implementing the Spatie\UrlSigner\Contracts\UrlSigner-interface. If you let your signer extend
Spatie\UrlSigner\AbstractUrlSigner you'll only need to provide the createSignature-method., (*16)
Tests
The tests can be run with:, (*17)
composer test
Integrations
To get started quickly in Laravel you can use the spatie/laravel-url-signer package., (*18)
Changelog
Please see CHANGELOG for more information what has changed recently., (*19)
Contributing
Please see CONTRIBUTING for details., (*20)
Security
If you've found a bug regarding security please mail security@spatie.be instead of using the issue tracker., (*21)
Credits
About Spatie
Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website., (*22)
License
The MIT License (MIT). Please see License File for more information., (*23)
Wallogit.com
