定制 olipayne/guzzle-web-bot-auth-middleware 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

olipayne/guzzle-web-bot-auth-middleware

Composer 安装命令:

composer require olipayne/guzzle-web-bot-auth-middleware

包简介

Guzzle middleware for HTTP Message Signatures (RFC9421) with web-bot-auth.

README 文档

README

Latest Stable Version Total Downloads License GitHub Actions Workflow Status

Guzzle Web Bot Auth Middleware (Ed25519 Edition)

A PHP Guzzle middleware for signing HTTP requests using HTTP Message Signatures (RFC 9421), specifically tailored for the web-bot-auth profile as discussed by Cloudflare. This version uses Ed25519 signatures via the libsodium PHP extension.

Requirements

  • PHP 7.4+ (libsodium is bundled with PHP 7.2+, but this package uses features from 7.4+)
  • The sodium PHP extension must be enabled.
  • GuzzleHTTP 7.0+

Installation

Install the package via Composer:

composer require olipayne/guzzle-web-bot-auth-middleware

Prerequisites & Setup (Ed25519)

To use this middleware, you need an Ed25519 private key, its corresponding public key (in JWK format hosted publicly), and a keyid (JWK Thumbprint of the public key). The middleware uses alg: "ed25519" in the Signature-Input header.

Easiest Setup: All-in-One Ed25519 Key Generation Script

This package includes a utility script to generate everything you need for Ed25519:

  1. Make the script executable (if you haven't already):

    chmod +x vendor/olipayne/guzzle-web-bot-auth-middleware/bin/generate-keys.php
  2. Run the script from your project's root directory (or any directory where you want the key files to be saved):

    php vendor/olipayne/guzzle-web-bot-auth-middleware/bin/generate-keys.php

    (Path might vary based on your setup. If installed as a library, it's in vendor/olipayne/guzzle-web-bot-auth-middleware/bin/.)

    The script will:

    • Create ed25519_private.key (containing the base64 encoded Ed25519 private key - KEEP THIS SAFE AND SECRET!).
    • Create ed25519_public.key (containing the base64 encoded Ed25519 public key, for your reference).
    • Output the Base64 Encoded Ed25519 Private Key: You'll pass this (or the path to ed25519_private.key) to the middleware.
    • Output the JWK Thumbprint (kid): This is the keyid for the middleware.
    • Output the Full Ed25519 JWK: This is the JSON structure of your public key to host publicly.

    Example output snippet:

    Base64 encoded Ed25519 private key saved to: ed25519_private.key (Used by the middleware)
    Base64 encoded Ed25519 public key saved to: ed25519_public.key (For reference or other uses)
    
    --- Configuration for WebBotAuthMiddleware (Ed25519) ---
    Base64 Encoded Ed25519 Private Key (content of 'ed25519_private.key', for middleware constructor):
    YOUR_BASE64_ENCODED_ED25519_PRIVATE_KEY
    
    JWK Thumbprint (use as 'keyId'):
    YOUR_GENERATED_ED25519_KEY_ID
    
    Full Ed25519 JWK (host this at your 'signatureAgent' URL, typically in a JWKSet):
    {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "...base64url_encoded_public_key...",
        "kid": "YOUR_GENERATED_ED25519_KEY_ID",
        "alg": "Ed25519",
        "use": "sig"
    }
    ...
    
  3. Host Your Public Key Data for Signature-Agent The Signature-Agent header in your requests points to metadata that allows a verifier to discover your signing key.

    A common path in existing deployments is https://your-bot.example.com/.well-known/jwks.json. The current HTTP Message Signatures directory draft recommends https://your-bot.example.com/.well-known/http-message-signatures-directory.

    If you expose a direct JWKSet URL, the content should be:

    {
      "keys": [
        // The "Full Ed25519 JWK" output from the script goes here
        {
          "kty": "OKP",
          "crv": "Ed25519",
          "x": "...base64url_encoded_public_key...",
          "kid": "YOUR_GENERATED_ED25519_KEY_ID",
          "alg": "Ed25519",
          "use": "sig"
        }
      ]
    }

    Ensure this URL is publicly accessible.

Using an Existing Ed25519 Public Key

If you already have a base64 encoded Ed25519 public key and need its JWK and kid:

  1. Make the generate-jwk.php script executable:
    chmod +x vendor/olipayne/guzzle-web-bot-auth-middleware/bin/generate-jwk.php
  2. Run it with your base64 encoded Ed25519 public key string or the path to a file containing it:
    # Using a string
    php vendor/olipayne/guzzle-web-bot-auth-middleware/bin/generate-jwk.php YOUR_BASE64_PUBLIC_KEY_STRING
    
    # Using a file
    php vendor/olipayne/guzzle-web-bot-auth-middleware/bin/generate-jwk.php path/to/your/ed25519_public.key
    This will output the kid and the full JWK for your existing public key.
  3. You will need your corresponding Ed25519 private key (base64 encoded) to configure the middleware.
  4. Host the public JWK as described in Step 3 of the "Easiest Setup".

Usage

Provide the base64 encoded Ed25519 private key (or the path to the file like ed25519_private.key), your keyid, and your signatureAgent URL to the middleware.

<?php

require 'vendor/autoload.php';

use GuzzleHttp\Client;
use GuzzleHttp\HandlerStack;
use Olipayne\GuzzleWebBotAuth\WebBotAuthMiddleware;

// Ensure libsodium is available
if (!extension_loaded('sodium')) {
    die('Libsodium extension is required!');
}

// 1. Create a Guzzle HandlerStack
$stack = HandlerStack::create();

// 2. Configure the WebBotAuthMiddleware
// Option A: Path to the file containing the base64 encoded private key
$privateKeyPath = 'path/to/your/ed25519_private.key'; 
// Option B: The base64 encoded private key string directly
// $base64PrivateKey = 'YOUR_BASE64_ENCODED_ED25519_PRIVATE_KEY_FROM_SCRIPT_OUTPUT';

$keyId = 'YOUR_GENERATED_ED25519_KEY_ID'; // The JWK Thumbprint from the script output
$signatureAgentUrl = 'https://your-bot.example.com/.well-known/http-message-signatures-directory'; // Signature-Agent URL

$botAuthMiddleware = new WebBotAuthMiddleware(
    $privateKeyPath, // or $base64PrivateKey
    $keyId,
    $signatureAgentUrl
    // Optional tag and expires duration remain the same
);

// 3. Push the middleware onto the stack
$stack->push($botAuthMiddleware);

// 4. Create the Guzzle client with the handler stack
$client = new Client(['handler' => $stack]);

// Requests are now signed using Ed25519
try {
    $response = $client->get('https://target-service.example.com/api/data');
    // ...
} catch (\Exception $e) {
    // ...
}
?>

Covered Components & Algorithm

  • Covered Components: ("@authority" "signature-agent")
  • Signature Algorithm (in Signature-Input): alg="ed25519"
  • JWK Algorithm (alg in JWK): Ed25519

How it Works

The middleware uses sodium_crypto_sign_detached for Ed25519 signatures. The Signature-Input header includes an alg="ed25519" parameter. The JWK for the public key uses kty: "OKP" (Octet Key Pair) and crv: "Ed25519".

Contributing

Contributions are welcome! Please feel free to submit pull requests or open issues.

Testing

composer test

Static analysis and style checks:

composer phpstan
composer lint

Optional live integration test:

composer test:integration

Releases

See RELEASE.md for the tag-based release and Packagist publishing process.

License

This package is open-sourced software licensed under the MIT license.

olipayne/guzzle-web-bot-auth-middleware 适用场景与选型建议

olipayne/guzzle-web-bot-auth-middleware 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.7k 次下载、GitHub Stars 达 4, 最近一次更新时间为 2025 年 05 月 28 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「http」 「Guzzle」 「middleware」 「signatures」 「psr-7」 「psr-15」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 olipayne/guzzle-web-bot-auth-middleware 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 olipayne/guzzle-web-bot-auth-middleware 我们能提供哪些服务?
定制开发 / 二次开发

基于 olipayne/guzzle-web-bot-auth-middleware 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1.7k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 4
  • 点击次数: 22
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 4
  • Watchers: 0
  • Forks: 1
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-05-28