数字签名>> cellar>> 返回
项目作者: amxx-bg

项目描述 :
Simple CSRF Generator & Validator
高级语言: PHP
项目地址: git://github.com/amxx-bg/cellar.git
创建时间: 2019-06-06T11:52:11Z
项目社区:https://github.com/amxx-bg/cellar
开源协议:
下载


Cellar - generate and validate signed tokens

Master Build Status

Cellar is a lightweight library for generating and validating signed tokens that can be used for password reset links,
authentication, CSRF or anything else you may require. It aims to be secure and to have minimum external dependencies.

Installation

Add Cellar to your composer.json and run composer update to install it.

  1. {
  2.   "require": { "amxx-bg/cellar": "0.1.*@dev" }
  3. }

Basic Usage

  1. $secret = 'some-constant-secret-value';
  2. $cellar = new \AMXXBG\Cellar($secret, array('lifetime' => 3600));
  4. // Generate with default lifetime from constructor options
  5. $token = $cellar->generate();
  7. // Overall check if token is valid
  8. if ($cellar->isValid($token)) {
  9.   // Do whatever
  10. }
  12. // Or for more control use:
  13. $cellar->hasExpired($token);
  14. $cellar->hasTampered($token);

Cellar generates tokens as a single string of the form {random}-{expirytime}-{signature}, base64 encoded so suitable
for inclusion in most places.

Verifying additional values

You may want to use Cellar’s signing algorithm to verify that some additional data has not been tampered with. For
example, you could use this to include email address or other confirmation information in a URL rather than having to
store a record of the mapping between token and user server side.

  1. $token = $cellar->generate(3600, ['user_id' => 9123]);
  3. // Then, later:
  4. if ($cellar->isValid($_GET['token'], ['user_id' => $_GET['user_id']]) {
  5.   // You can now trust user_id, even if it came through the URL, because it matches the value you originally signed
  6.   // for this token.
  7. }

Rotating secrets

It’s good practice to occasionally rotate secrets - but without invalidating signatures
that haven’t yet expired. This is easily done - add an old_secrets config option with
any previous secrets that should still be valid. Cellar will start using the new
secret to produce new tokens while still accepting tokens signed with an older value.

Once your maximum token expiry liftime has passed you can then remove the old secret from
your list and Cellar will stop accepting it.

Testing and developing

Cellar has a full suite of PHPUnit unit tests - run them with bin/phpunit.
Contributions will only be accepted if they are accompanied by well structured unit tests. Installing with composer should
get you everything you need to work on the project.

License

Cellar is copyright 2019 AMXX and released under the BSD license.