GollumSF Url Tokenizer
, (*1)
, (*2)
Installation:
composer require gollumsf/url-tokenizer-bundle
```
### config/bundles.php
```php
return [
// [ ... ]
Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle::class => ['all' => true],
GollumSF\UrlTokenizerBundle\GollumSFUrlTokenizerBundle::class => ['all' => true],
];
config.yml
gollum_sf_url_tokenizer:
secret: Default_S3cret_Must_be_Ch4nge!!! # Default secret key for token MUST BE CHANGE
default_full_url: false' # (optional, default: false) By default tokenise full url or only parameter
algo: 'sha256' # (optional, default: "sha256') Algo for hash token. (must be in list returned by hash_hmac_algos())
token_query_name: "t" # (optional, default: "t") Query token param name for url tokenized
token_time_query_name: "d" # (optional, default: "d") Query token time param name for url tokenized
Usage
Tokenize URL
<?php
use GollumSF\UrlTokenizerBundle\Tokenizer\TokenizerInterface;
public function (TokenizerInterface $tokenizer) { // Inject service
$url = 'http://www.mydomain.com?param1=a';
// $url1Tokenised => http://www.mydomain.com?param1=a&t=THE_TOKENd=1580775131 (tokenize only parameter)
$url1Tokenised = $tokenizer->generateUrl($url);
// $url1Tokenised => http://www.mydomain.com?param1=a&t=THE_TOKENd=1580775131 (tokenize full url)
$url1Tokenised = $tokenizer->generateUrl($url, true);
// $url1Tokenised => http://www.mydomain.com?param1=a&t=THE_TOKENd=1580775131 (use custom secret)
$url1Tokenised = $tokenizer->generateUrl($url, false, 'CUSTOM SECRET');
}
Check URL tokenized
<?php
use GollumSF\UrlTokenizerBundle\Checker\CheckerInterface;
public function (CheckerInterface $checker) { // Inject service
$urlWithToken = 'http://www.mydomain.com?param1=a&t=THE_TOKEN&d=1580775131';
// $result => true or false
$result = $checker->checkToken($urlWithToken);
// $result => true or false (use full url)
$result = $checker->checkToken($urlWithToken, true);
// $result => true or false (use custom secret)
$result = $checker->checkToken($urlWithToken, null, 'CUSTOM SECRET');
// $result => true or false automatic use url from Master Request
$result = $checker->checkTokenMasterRequest();
$result = $checker->checkTokenMasterRequest(true);
$result = $checker->checkTokenMasterRequest(null, 'CUSTOM SECRET');
// $result => is true if token is generate before 3600 second ago
$result = $checker->checkTokenTime($urlWithToken, 3600);
$result = $checker->checkTokenTimeMasterRequest(3600); // on Master Request
// $result => result on valid Token and Time
$result = $checker->checkTokenAndTokenTime($urlWithToken, 3600);
$result = $checker->checkTokenAndTokenTimeMasterRequest(3600); // on Master Request
}
Use annotation
Use ValidToken annotation for restrain access at action., (*3)
<?php
use GollumSF\UrlTokenizerBundle\Annotation\ValidToken;
use GollumSF\UrlTokenizerBundle\Tokenizer\TokenizerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Routing\RouterInterface;
class GenerateController extends AbstractController {
/**
* @Route("/generate")
*/
public function generate(TokenizerInterface $tokenizer) {
return new Response($tokenizer->generateUrl(
$this->generateUrl('validate', [ 'param' => 'value' ], RouterInterface::ABSOLUTE_URL)
));
}
/**
* @Route("/validate", name="validate")
* @ValidToken()
*/
public function validate(TokenizerInterface $tokenizer) {
return new Response('good');
}
Options
-
fullUrl: (boolean, default = null) If null use condifuration value.
-
key: (string, default = null) If null use condifuration value.
-
lifeTime: (integer, default = null) If null don't check time. Is lifetime of token before creation
Wallogit.com
