Skip to content
Laravel signature certification with web API server.
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
config
src
tests
.gitignore
.scrutinizer.yml
.travis.yml
LICENSE.md
README.md
composer.json
composer.lock
phpunit.xml.dist

README.md

Api Authorized Signature Middleware for Laravel 5

Scrutinizer Code Quality Build Status Code Coverage Build Status Latest Stable Version Latest Unstable Version Latest Stable Version Total Downloads License

About

The larsign package authorized signature server.

Features

  • Handles larsign requests

Installation

Require the havenshen/larsign package in your composer.json and update your dependencies:

$ composer require havenshen/larsign

Add the HavenShen\Larsign\LarsignServiceProvider to your config/app.php providers array:

HavenShen\Larsign\LarsignServiceProvider::class,

Add the HavenShen\Larsign\LarsignFacade to your config/app.php aliases array:

'Larsign' => HavenShen\Larsign\LarsignFacade::class,

Global usage

To allow Larsign for all your routes, add the HandleLarsign middleware in the $middleware property of app/Http/Kernel.php class:

protected $middleware = [
    // ...
    \HavenShen\Larsign\HandleLarsign::class,
];

Group middleware

If you want to allow Larsign on a specific middleware group or route, add the HandleLarsign middleware to your group:

protected $middlewareGroups = [
    'web' => [
       // ...
    ],

    'api' => [
        // ...
        \HavenShen\Larsign\HandleLarsign::class,
    ],
];

Application route middleware

If you want to allow Larsign on a specific application middleware or route, add the HandleLarsign middleware to your application route:

protected $routeMiddleware = [
    // ...
    'auth.larsign' => \HavenShen\Larsign\HandleLarsign::class,
];

Configuration

The defaults are set in config/larsign.php. Copy this file to your own config directory to modify the values. You can publish the config using this command:

$ php artisan vendor:publish --provider="HavenShen\Larsign\LarsignServiceProvider"
return [
    /*
     |--------------------------------------------------------------------------
     | Larsign
     |--------------------------------------------------------------------------
     |
     */
    'headerName' => env('LARSIGN_HEADER_NAME', 'Larsign'),
    'accessKey' => env('LARSIGN_ACCESS_KEY', ''),
    'secretKey' => env('LARSIGN_SECRET_KEY', ''),
];

Add api route in routes/api.php Copy this.

Route::middleware(['auth.larsign'])->group(function () {
    Route::get('/larsign', function () {
    return [
        'message' => 'done.'
    ]);
});

or

Route::get('/larsign', function () {
    return [
        'message' => 'done.'
    ];
})->middleware('auth.larsign');

Client

Generate Larsign signatures

  1. Assume the following management credentials:
AccessKey = "test"
SecretKey = "123456"
  1. Call interface address:
url = "https://larsign.dev/api/v1/test?page=1"
  1. The original string to be signed:

note: the time-stamping followed by a newline [currenttime + voucher valid seconds]

signingStr = "/api/v1/test?page=1\n1510986405"
  1. Base64 url safe encode:
signingStrBase64UrlSafeEncode = "L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"
  1. hmac_sha1 carries SecretKey encryption then base64 url safe encode:
sign = "MLKnFIdI-0TOQ4mHn5TyCcmWACU="
  1. The final administrative credentials are:

note: stitching headerName Space AccessKey:sign:signingStrBase64UrlSafeEncode

larsignToken = "Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1"
  1. Add http header:

note: header key in config/larsign.php -> headerName

Larsign:Larsign test:MLKnFIdI-0TOQ4mHn5TyCcmWACU=:L2FwaS92MS90ZXN0P3BhZ2U9MQoxNTEwOTg2NDY1

Client signature authorization failed

Http Response: 403

Testing

$ phpunit

License

The MIT License (MIT). Please see License File for more information.

You can’t perform that action at this time.