定制 agecheck/php 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

agecheck/php

Composer 安装命令:

composer require agecheck/php

包简介

PHP verification library for AgeCheck age-verification tokens

README 文档

README

CI Compatibility Packagist

Server-side SDK for AgeCheck gate policy and JWT verification.

Features

  • Verify AgeCheck JWTs signed with ES256
  • Deployment mode: production or demo
  • Enforce minimum age tier (N+, not capped at 21+)
  • Require session binding (vc.credentialSubject.session)
  • Raise gate from edge header (X-Age-Gate: true) in production, or always gate in demo deployment mode
  • Create and verify signed verification cookies
  • Resolve verification keys from deployment-mode JWKS (agecheck.me for production, demo.agecheck.me for demo)
  • Cache JWKS with TTL and stale-cache fallback

Install

composer require agecheck/php

Requirements:

  • PHP 8.1+

Quickstart: see /Quickstart.md.

Core usage

<?php

declare(strict_types=1);

use AgeCheck\Config;
use AgeCheck\Gate;
use AgeCheck\Verifier;

$config = new Config([
    'hmacSecret' => 'YOUR_32_BYTE_SECRET',
    'deploymentMode' => Config::DEPLOYMENT_PRODUCTION, // production | demo
    'requiredAge' => 18,
    'cookieTtl' => 86400, // seconds; hostmaster-controlled (e.g. 31536000 for 1 year)
    // Defaults are pinned to AgeCheck issuer/JWKS unless explicitly opted in.
    'allowCustomIssuer' => false,
    'gateHeaderName' => 'X-Age-Gate',
    'gateHeaderRequiredValue' => 'true',
]);

$gate = new Gate($config);
$verifier = new Verifier($config);

if ($gate->isGateRequired()) {
    $result = $verifier->verify($jwt);

    if (!$result->isOk()) {
        // deny
    }
}

Easy AgeGate Option

You can render gate HTML with either:

  • easyAgeGate: true using easy-agegate.min.js, or
  • easyAgeGate: false using plain agegate.min.js (full custom UI flow)
<?php

declare(strict_types=1);

use AgeCheck\Gate;

$gate = new Gate($config);

echo $gate->renderGatePage([
    'redirect' => '/protected',
    'easyAgeGate' => true,
    'easyAgeGateOptions' => [
        'title' => 'Age Restricted Content',
        'subtitle' => 'Please confirm your age anonymously using AgeCheck.me.',
        'verifyButtonText' => 'Verify Now',
        'logoUrl' => 'https://your-cdn/logo.svg', // optional
    ],
]);

Cookie helpers

<?php

declare(strict_types=1);

use AgeCheck\Gate;

$gate = new Gate($config);

if ($result->isOk() && is_array($result->claims())) {
    $gate->markVerified($result->claims());
}

Use Gate::isVerified() on protected routes to validate the signed cookie.

Signed cookie payload is minimal and stateless:

{ "verified": true, "exp": 1700000000, "level": "18+" }

You can also set the cookie through a provider-agnostic assertion boundary:

use AgeCheck\VerificationAssertion;

$assertion = VerificationAssertion::verified('agecheck', '18+', time(), 'passkey');
$gate->markVerifiedFromVerificationAssertion($assertion);

Provider integration

Hostmasters can run multiple providers side-by-side and still keep one cookie/session contract, matching the Node SDK provider-agnostic pattern.

use AgeCheck\Provider;

$expectedSession = $body['payload']['agegateway_session'] ?? null;
if (!is_string($expectedSession) || $expectedSession === '') {
    // deny
}

if (($body['provider'] ?? 'agecheck') === 'agecheck') {
    $normalized = Provider::verifyAgeCheckCredential($verifier, $body['jwt'] ?? '', $expectedSession);
} else {
    $external = $providerService->verify($body);
    $normalized = Provider::normalizeExternalProviderAssertion($external, $expectedSession);
}

if (($normalized['verified'] ?? null) !== true) {
    // deny (see $normalized['code'])
}

Provider::applyProviderAssertionCookie($gate, $normalized);

All providers converge to one assertion boundary (provider, verified, level, session, verifiedAtUnix), which keeps cookie issuance and protected-route enforcement consistent.

Session rules:

  • payload.agegateway_session is required
  • session must be a UUID
  • provider assertion session must match payload.agegateway_session

Provider metadata fields (optional):

  • verificationType: passkey | oid4vp | other
  • evidenceType: webauthn_assertion | sd_jwt | zk_attestation | other
  • providerTransactionId: provider transaction/reference id
  • loa: level of assurance string

Security notes

  • Backend enforcement remains authoritative; browser callbacks alone are not trusted.
  • Require session binding in verification (payload.agegateway_session must equal vc.credentialSubject.session).
  • Use edge policy to set X-Age-Gate: true where gate is legally required.
  • Use HTTPS JWKS only. Defaults are mode-specific:
    • production: https://agecheck.me/.well-known/jwks.json
    • demo: https://demo.agecheck.me/.well-known/jwks.json with production JWKS fallback for mixed demo/prod acceptance
  • Custom issuer/JWKS overrides are disabled by default. Enable with allowCustomIssuer=true only when intentional.

Standardized error codes

Verifier and provider helpers emit stable error codes such as:

  • invalid_input
  • invalid_issuer
  • invalid_credential
  • invalid_age_tier
  • insufficient_age_tier
  • session_binding_required
  • session_binding_mismatch
  • token_expired
  • token_not_yet_valid
  • invalid_signature
  • unknown_key_id
  • verify_failed

Troubleshooting

If verify responses include:

{
  "verified": false,
  "code": "verify_failed",
  "error": "Failed to issue verification cookie"
}

common causes are:

  • hmacSecret missing in runtime config or shorter than 32 bytes
  • malformed verification assertion level (must be N+, for example 18+)
  • custom endpoint logic bypassing Gate/Provider helpers for cookie issuance

Examples

See examples/:

  • examples/protected_index.php
  • examples/agecheck_gate.php
  • examples/ageverify_api.php
  • examples/provider_verify_api.php
  • examples/session_api.php
  • examples/session_reset_api.php

examples/protected_index.php mirrors the Node reference behavior:

  • server-side gate enforcement
  • restricted page rendering only after cookie validation
  • signed-cookie TTL countdown and reset action

License

Apache-2.0

agecheck/php 适用场景与选型建议

agecheck/php 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 0 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 02 月 18 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 agecheck/php 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 agecheck/php 我们能提供哪些服务?
定制开发 / 二次开发

基于 agecheck/php 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 0
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 18
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: Apache-2.0
  • 更新时间: 2026-02-18