2017 © Pedro Peláez
 

symfony-bundle signed-request-bundle

Symfony2 Bundle that provides request and response signing

image

br/signed-request-bundle

Symfony2 Bundle that provides request and response signing

  • Wednesday, October 22, 2014
  • by brensch
  • Repository
  • 5 Watchers
  • 16 Stars
  • 1,714 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 2 Forks
  • 2 Open issues
  • 9 Versions
  • 0 % Grown

The README.md

SignedRequestBundle

Symfony 2 bundle that provides request and response signing, (*1)

Build Status Latest Stable Version SensioLabsInsight, (*2)

Introduction

This bundle provides very easy request signing (verification), and automatic response signing. This means that every request has to be signed with a hash of, (*3)

md5($requestUri . $content . $salt)

The response will be signed with:, (*4)

md5($responseContent . $salt)

The signatures are always put (and assumed) in a header called X-SignedRequest., (*5)

Contributions are as always welcome., (*6)

Installation

Simply run assuming you have installed composer.phar or composer binary (or add to your composer.json and run composer install:, (*7)

$ composer require br/signed-request-bundle

You can follow dev-master, or use a more stable tag (recommended for various reasons). On the Github repository, or on Packagist, you can always find out the latest tag., (*8)

Now add the Bundle to your Kernel:, (*9)

<?php
// app/AppKernel.php

public function registerBundles()
{
    $bundles = array(
        // ...
        new BR\SignedRequestBundle\BRSignedRequestBundle(),
        // ...
    );
}

Configuration

To configure the bundle, edit your config.yml, or config_{environment}.yml:, (*10)

# Signed Request Bundle
br_signed_request:
    salt: SALT_HERE
    debug: %kernel.debug%
    request_listener_enabled: true      # default
    response_listener_enabled: true     # default
    signature_mismatch:                 # optional
        status_code: 400
        response: Failed validation

If you put the listeners into debug mode, the request listener will always pass through the request, it will add a X-SignedRequest-Debug header though, that will either contain "true" or "false" depending on whether the signature was correct., (*11)

Providing your own signing service

You can provide your own signing service by tagging your service as br_signed_request.signing_service and implementing the Service\SigningServiceInterface. The bundle will then call the respective functions of your service. You can take a look at the default service that is used (that just uses MD5) to see how it is setup., (*12)

Using the signed request / response annotation

Instead of checking every request for a signature you can also add an annotation on a single controller function. In order to use that you would have to set request_listener_enabled to false. The same is true for signing responses. If you disable response_listener_enabled, you can use annotations to specify a controller action that should sign the response. Of course, you can also combine both annotations., (*13)

Example

<?php

namespace Acme\YourBundle\Controller;

use BR\SignedRequestBundle\Annotations\SignedRequest;
use BR\SignedRequestBundle\Annotations\SignedResponse;

...

    /**
     * @SignedRequest
     */
    public function fooAction()
    {
        ...
    }

    /**
     * @SignedResponse
     */
    public function barAction()
    {
        ...
    }

    /**
     * @SignedRequest
     * @SignedResponse
     */
    public function bazAction()
    {
        ...
    }
...

To Do & Future plans

None at the moment. Open an issue or submit a PR :), (*14)

The Versions

22/10 2014

dev-master

9999999-dev

Symfony2 Bundle that provides request and response signing

  Sources   Download

MIT

The Requires

 

The Development Requires

by Baldur Rensch

symfony2 request response signing private key

04/07 2013

0.5.1

0.5.1.0

Symfony2 Bundle that provides request and response signing

  Sources   Download

MIT

The Requires

 

The Development Requires

by Baldur Rensch

symfony2 request response signing private key

03/07 2013

0.5

0.5.0.0

Symfony2 Bundle that provides request and response signing

  Sources   Download

MIT

The Requires

 

The Development Requires

by Baldur Rensch

symfony2 request response signing private key

20/06 2013

0.4

0.4.0.0

Symfony2 Bundle that provides request and response signing

  Sources   Download

MIT

The Requires

 

The Development Requires

by Baldur Rensch

symfony2 request response signing private key

15/04 2013

0.3

0.3.0.0

Symfony2 Bundle that provides request and response signing

  Sources   Download

MIT

The Requires

 

The Development Requires

by Baldur Rensch

symfony2 request response signing private key

20/02 2013

0.2

0.2.0.0

Symfony2 Bundle that provides request and response signing

  Sources   Download

MIT

The Requires

 

The Development Requires

by Baldur Rensch

symfony2 request response signing private key

27/01 2013

0.1.2

0.1.2.0

Symfony2 Bundle that provides request and response signing

  Sources   Download

MIT

The Requires

 

The Development Requires

by Baldur Rensch

symfony2 request response signing private key

26/01 2013

0.1.1

0.1.1.0

Symfony2 Bundle that provides request and response signing

  Sources   Download

MIT

The Requires

 

The Development Requires

by Baldur Rensch

symfony2 request response signing private key

23/01 2013

0.1

0.1.0.0

Symfony2 Bundle that provides request and response signing

  Sources   Download

MIT

The Requires

 

by Baldur Rensch

symfony2 request response signing private key