Skip to content
Create and validate signed URLs with a limited lifetime
Branch: master
Clone or download
Latest commit d337639 Nov 22, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src add missing @throws tag Oct 15, 2018
tests Replace phpspec with PHPUnit Nov 22, 2018
.gitattributes first commit Aug 11, 2015
.gitignore first commit Aug 11, 2015
.scrutinizer.yml first commit Aug 11, 2015
.travis.yml Replace phpspec with PHPUnit Nov 22, 2018
CHANGELOG.md edit changelog Apr 9, 2017
CONTRIBUTING.md Rename Aug 14, 2015
LICENSE.md change license Apr 9, 2017
README.md Merge branch 'master' of github.com:spatie/url-signer Apr 9, 2017
composer.json Update composer.json Nov 22, 2018
phpspec.yml Fixed suite name Feb 9, 2016
phpunit.xml.dist Replace phpspec with PHPUnit Nov 22, 2018

README.md

Create secured URLs with a limited lifetime

Latest Version on Packagist Software License Build Status Quality Score Total Downloads

This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.

$urlSigner = new MD5UrlSigner('randomkey');

$urlSigner->sign('https://myapp.com', 30);

// => The generated url will be valid for 30 days

This will output an URL that looks like https://myapp.com/?expires=xxxx&signature=xxxx.

Imagine mailing this URL out to the users of your application. When a user clicks on a signed URL your application can validate it with:

$urlSigner->validate('https://myapp.com/?expires=xxxx&signature=xxxx');

Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

Postcardware

You're free to use this package (it's MIT-licensed), but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using.

Our address is: Spatie, Samberstraat 69D, 2060 Antwerp, Belgium.

All postcards are published on our website.

Installation

The package can installed via Composer:

composer require spatie/url-signer

Usage

A signer-object can sign URLs and validate signed URLs. A secret key is used to generate signatures.

use Spatie\UrlSigner\MD5UrlSigner;

$urlSigner = new MD5UrlSigner('mysecretkey');

Generating URLs

Signed URLs can be generated by providing a regular URL and an expiration date to the sign method.

$expirationDate = (new DateTime)->modify('10 days');

$urlSigner->sign('https://myapp.com', $expirationDate);

// => The generated url will be valid for 10 days

If an integer is provided as expiration date, the url will be valid for that amount of days.

$urlSigner->sign('https://myapp.com', 30);

// => The generated url will be valid for 30 days

Validating URLs

To validate a signed URL, simply call the validate() method. This will return a boolean.

$urlSigner->validate('https://myapp.com/?expires=1439223344&signature=2d42f65bd023362c6b61f7432705d811');

// => true

$urlSigner->validate('https://myapp.com/?expires=1439223344&signature=2d42f65bd0-INVALID-23362c6b61f7432705d811');

// => false

Writing custom signers

This packages provides a signer that uses md5 to generate signature. You can create your own signer by implementing the Spatie\UrlSigner\UrlSigner-interface. If you let your signer extend Spatie\UrlSigner\BaseUrlSigner you'll only need to provide the createSignature-method.

Tests

The tests can be run with:

$ vendor/bin/phpspec run

Integrations

To get started quickly in Laravel you can use the spatie/laravel-url-signer package.

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email freek@spatie.be instead of using the issue tracker.

Credits

About Spatie

Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

License

The MIT License (MIT). Please see License File for more information.

You can’t perform that action at this time.