hash verification using a nonce & verifying the hmac from the URL for a laravel application
composer require dpc/hash-verifierThe service provider will be automatically discovered in Laravel 5.5. Publish the config file by running:
php artisan vendor:publish --provider="Dpc\HashVerifier\AuthValidatorServiceProvider"This will create a validator.php in your config folder.
Do not use your secret directly in config file. Instead fetch it from the
.envor server environment variables.
Inject the nonce generator contract and/or HMAC validator contract in your class:
public function __construct(NonceContract $generator)
{
$this->generator = $generator;
}To generate a nonce:
$nonce = $this->generator->generateNonce($user)The nonce will be automatically stored in the session with key as `nonce'. To retrieve it call:
$nonce = $this->generator->getStoredNonce();Ensure that you do not mutate the nonce.
To verify whether the nonce matches
$nonceMatches = $this->generator->matches($user, $nonce);To validate if the hmac matches the components of the URL:
$result = $this->validator->validate($uriComponents));You can check this repo for further details on how to use this package
This package follows semver. Features introduced & any breaking changes created in major releases are mentioned in releases.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature - Commit your changes:
git commit -am 'Add some feature' - Push to the branch:
git push origin my-new-feature - Submit a pull request :D
This package follows semver. Features introduced & any breaking changes created in major releases are mentioned in releases.
If you need help or have any questions you can:
- Create an issue here
- Send a tweet to @DPC_22
- Email me at dylan.dpc@gmail.com
- DM me on the larachat slack team (@Dylan DPC)
This project is licensed under the MIT License - see the LICENSE file for details