A PSR-15 middleware for the snicco/signed-url library
This package consists of two simple middlewares that will make working with snicco/signed-url
a breeze. Make sure to
read the general documentation to
know how to instantiate the needed collaborators.
composer require snicco/signed-url-psr15-bridge
Make sure that your favorite framework supports binding middleware on the route level. This middleware should only be added to a route where you expect signed urls, not globally.
$storage = /* */
$hmac = /* */
$validator = new \Snicco\Component\SignedUrl\SignedUrlValidator($storage, $hmac);
$middleware = new \Snicco\Bridge\SignedUrlPsr15\ValidateSignature(
$validator,
);
/* Attach $middleware to your route */
As a second argument you can pass a closure that will receive the current request. Anything you return from this closure will be taken into account when validating the current request.
This has to match the request context that you used when the link was created!
Using the ip-address at creation and the user-agent at validation will not work and the request will always be
invalidated.
// Same as above.
$validator = /* */
$middleware = new \Snicco\Bridge\SignedUrlPsr15\ValidateSignature(
$validator,
function(\Psr\Http\Message\RequestInterface $request) {
return $request->getHeaderLine('User-Agent');
}
);
/* Attach $middleware to your route */
If a signed-url should be used exactly one time (for GET
requests) you might run into trouble with certain email clients that preload all
links. In this case you can set the third argument of the middleware to (bool) true
. The signature will then only be checked
if the request method is one of [POST, PATCH, PUT, DELETE]
.
Make sure you route is not accessible with safe request methods if you use this option.
Add the CollectGarbage
middleware to your global middleware groups.
// same as above
$storage = /* */
$psr3_logger = /* */
// value between 0-100
// the percentage that one request through the middleware
// will trigger garbage collection.
$percentage = 4;
$middleware = new \Snicco\Bridge\SignedUrlPsr15\CollectGarbage($percentage, $storage, $logger);
/* Attach $middleware to your route */