[HttpFoundation] Temporary URI signed

[BaptisteContreras]

Description

I would like to add the possibility to create a temporary URI signed.

To achieve this, we can add an expiration parameter to the UriSigner's sign method.
By default at null, if a value is passed, a query parameter with the timestamp of the expiration date + time will be added before the computation of the URI hash.
Thus when checking the URI, if this query parameter is present, the timestamp will be used by the check method to determine if the URI has expired.

I propose a signature like this :

public function sign(string $uri, \DateTimeInterface|\DateInterval|int $expiration = null): string

• If it's a \DatetimeInterface, it's converted to a timestamp.
• If it's a \DateInterval, it's added to "now" then converted to a timestamp.
• If it's an int, it's expected to be a timestamp in seconds.

If null, nothing is added.

Example

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpKernel\UriSigner;
use Symfony\Component\Routing\Annotation\Route;

class DemoController extends AbstractController
{

    #[Route('/', name: 'index')]
    public function index(UriSigner $signer): Response
    {
        $signed = $signer->sign('demo?foo=bar', new \DateTime('2050-01-01')); // Valid for years..
        dump($signer->check($signed)); // true

        $signed = $signer->sign('demo?foo=bar', new \DateInterval('PT10S')); // Valid for 10 seconds from now
        dump($signer->check($signed)); // true
        sleep(30);
        dump($signer->check($signed)); // false
        
        $signed = $signer->sign('demo?foo=bar', 4070908800); // 2099-01-01
        dump($signer->check($signed)); // true
    }
    
}