This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.
$urlSigner = new Sha256UrlSigner('randomkey');
$urlSigner->sign('https://myapp.com', 30);
// => The generated url will be valid for 30 seconds
This will output a URL that looks like https://myapp.com/?expires=xxxx&signature=xxxx
.
Imagine mailing this URL out to the users of your application. When a user clicks on a signed URL your application can validate it with:
// returns `true` if valid, `false` if not
$urlSigner->validate('https://myapp.com/?expires=xxxx&signature=xxxx');
We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.
We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall.
You're free to use this package (it's MIT-licensed), but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using.
Our address is: Spatie, Kruikstraat 22, 2018 Antwerp, Belgium.
All postcards are published on our website.
The package can installed via Composer:
composer require spatie/url-signer
A signer-object can sign URLs and validate signed URLs. A secret key is used to generate signatures.
use Spatie\UrlSigner\Sha256UrlSigner;
$urlSigner = new Sha256UrlSigner('mysecretkey');
Signed URLs can be generated by providing a regular URL and an expiration date to the sign
method.
$expirationDate = (new DateTime())->modify('10 days');
$urlSigner->sign('https://myapp.com', $expirationDate);
// => The generated url will be valid for 10 days
If an integer is provided as expiration date, the URL will be valid for that amount of seconds.
$urlSigner->sign('https://myapp.com', 30);
// => The generated URL will be valid for 30 seconds
To validate a signed URL, simply call the validate()
method. This will return a boolean.
$urlSigner->validate('https://myapp.com/?expires=1439223344&signature=a479abde194d111022a6831edbda29b14e7bdb760438a8a0be2556cd1a6c23fa');
// => true
$urlSigner->validate('https://myapp.com/?expires=1439223344&signature=a479abde194d111022a6831edbda-INVALID-29b14e7bdb760438a8a0be2556cd1a6c23fa');
// => false
This packages provides a signer that uses SHA256 to generate signature. You can create your own
signer by implementing the Spatie\UrlSigner\Contracts\UrlSigner
-interface. If you let your signer extend
Spatie\UrlSigner\AbstractUrlSigner
you'll only need to provide the createSignature
-method.
The tests can be run with:
composer test
To get started quickly in Laravel you can use the spatie/laravel-url-signer package.
Please see CHANGELOG for more information what has changed recently.
Please see CONTRIBUTING for details.
If you've found a bug regarding security please mail security@spatie.be instead of using the issue tracker.
Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.
The MIT License (MIT). Please see License File for more information.