README

Laravel Signer

Package to create and validate signatures for laravel models.

Installation

composer require hotrush/laravel-signer

Usage

1. Add Signable contract to your model

   use Hotrush\Signer\Contracts\Signable;
   
   class Post extends Model implements Signable
   {
   
   }

2. Implement contract methods. To simplify this process CanBeSigned trait can be used.

   use Hotrush\Signer\Contracts\Signable;
   use Hotrush\Signer\Contracts\Traits\CanBeSigned;
       
   class Post extends Model implements Signable
   {
       use CanBeSigned;
       
       /**
        * Return null if never expires.
        *
        * @return Carbon|null
        */
       public function getSignExpiration(): ?Carbon
       {
           return null;
       }
   
       /**
        * Payload used for making signature hash.
        *
        * @return array
        */
       public function getSignPayload(): array
       {
           return [
               $this->getKeyName() => $this->getKey(),
               'field' => $this->field,
           ];
       }
   
       /**
        * Payload put into encoded code. Will be publicly accessible.
        *
        * @return array
        */
       public function getPublicSignPayload(): array
       {
           return [
               $this->getKeyName() => $this->getKey(),
           ];
       }
       
       /**
        * Define where clause for getting signable model instance by signature.
        * Only values from public payload can be used.
        */
       public static function signableClauses(Signature $signature): \Closure
       {
           return function (Builder $query) use ($signature) {
               $query->where('id', '=', $signature->payload['id']);
           };
       }
   }

3. Use facade to generate signature

   use Hotrush\Signer\Facades\Signer;
   
   $signable = Post::find(1);
   $signature = Signer::generate($signable);
   
   echo (string) $signature;

   Signature can be converted into a string and send a confirmation code for example.

4. To verify code facade can be used as well. But first need to decode signature.

   use Hotrush\Signer\Facades\Signer;
   use Hotrush\Signer\Signature;
   
   // decode signature
   $signature = Signature::decode('signature-string-value');
   
   // get signable
   $signable = Post::findSignable($signature);
   
   // verify
   $valid = Signer::validate($signable, $signature);

Testing

composer test