rolies106/hmac
Composer 安装命令:
composer require rolies106/hmac
包简介
A keyed-Hash Message Authentication Code (HMAC). Used for application to application authentication.
README 文档
README
A simple lightweight HMAC generator and checker. Forked from mardy-git/hmac.
Currently this is used to authenticate applications to other applications.
Installation
To install this use composer by adding
"mardy-git/hmac": "2.*"
to your composer.json file
Usage Example
Generating the HMAC
use Mardy\Hmac\Manager; use Mardy\Hmac\Adapters\Hash; //there are several adapters available 'Bcrypt', 'Hash', 'HashHmac', 'HashPbkdf2' //you can inject any of them into the manager, they all share the same interface //With the Bcrypt adapter the num of iteration config is applied to the cost $manager = new Manager(new Hash); //you can use any of the Hash algorithms that are available on your environment $config = [ 'algorithm' => 'sha256', 'num-first-iterations' => 10, 'num-second-iterations' => 10, 'num-final-iterations' => 100, ]; //the private key used in both applications to ensure the hash is the same $key = "wul4RekRPOMw4a2A6frifPqnOxDqMXdtRQMt6v6lsCjxEeF9KgdwDCMpcwROTqyPxvs1ftw5qAHjL4Lb"; try { $manager->config($config); } catch (\InvalidArgumentException $e) { //an \InvalidArgumentException can be caught here //"The algorithm ({$algorithm}) selected is not available" } //the secure private key that will be stored locally and not sent in the http headers $manager->key($key); //the data to be encoded with the hmac, you could use the URI for this $manager->data('test'); //the current timestamp, this will be compared in the other API to ensure $manager->time(microtime(true)); //use time() or micortime(true) //encodes the hmac if all the requirements have been met try { $manager->encode(); } catch (\InvalidArgumentException $e) { //an \InvalidArgumentException can be caught here //'The item is not encodable, make sure the key, time and data are set' } $hmac = $manager->toArray(); //these values need to be sent in the http headers of the request so they can //be received by the api and used to authenticated the request //$hmac = [ // 'data' => 'test-data', //perhaps the uri or other unique string related to the transaction // 'time' => 1396901689, // 'hmac' => 'f22081d5fcdc64e3ee78e79d235f67b2d1a54ba24be6da4ac537976d313e07cf119731e76585b9b22f789c6043efe1df133497483f559899db7d2f4398084b08', //];
Validating the HMAC
use Mardy\Hmac\Manager; use Mardy\Hmac\Adapters\Hash; //there are several adapters available 'Bcrypt', 'Hash', 'HashHmac', 'HashPbkdf2' //you can inject any of them into the manager, they all share the same interface //With the Bcrypt adapter the num of iteration config is applied to the cost $manager = new Manager(new Hash); //you can use any of the Hash algorithms that are available on your environment $config = [ 'algorithm' => 'sha256', 'num-first-iterations' => 10, 'num-second-iterations' => 10, 'num-final-iterations' => 100, ]; //the private key used in both applications to ensure the hash is the same $key = "wul4RekRPOMw4a2A6frifPqnOxDqMXdtRQMt6v6lsCjxEeF9KgdwDCMpcwROTqyPxvs1ftw5qAHjL4Lb"; $ttl = 2; try { $manager->config($config); } catch (\InvalidArgumentException $e) { //an \InvalidArgumentException can be caught here //"The algorithm ({$algorithm}) selected is not available" } //time to live, when checking if the hmac isValid this will ensure //that the time with have to be with this number of seconds $manager->ttl($ttl); //the secure private key that will be stored locally and not sent in the http headers $manager->key($key); //get the HMAC values from the $_SERVER/request headers (and make sure you sanitise the values) $hmac['data'] = filter_var($_SERVER['data'], FILTER_SANITIZE_STRING); $hmac['time'] = filter_var($_SERVER['time'], FILTER_SANITIZE_STRING); $hmac['hmac'] = filter_var($_SERVER['hmac'], FILTER_SANITIZE_STRING); //the data to be encoded with the hmac, you could use the URI for this $manager->data($hmac['data']); //the current timestamp, this will be compared in the other API to ensure $manager->time($hmac['time']); //to check if the hmac is valid you need to run the isValid() method //this needs to be executed after the encode method has been ran if (! $manager->isValid($hmac['hmac'])) { http_response_code(401); echo 'Invalid credentials'; }
Using with Guzzle
Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial to integrate with web services. https://github.com/guzzle/guzzle
There is now a plugin that will allow integration with guzzle 4+
use GuzzleHttp\Client; use GuzzleHttp\Event\BeforeEvent; use Mardy\Hmac\Plugin\HmacHeadersGuzzleEvent; use Mardy\Hmac\Adapters\Hash; //Using the HmacHeadersGuzzleEvent class you can automatically inject some headers //directly into the guzzle request. This is far more convenient for those of us //using dependency injection containers and means we don't have to do it manually //each time \o/ $client = new Client; $client->getEmitter()->on('before', function (BeforeEvent $event) { (new HmacHeadersGuzzleEvent( new Hash, 'wul4RekRPOMw4a2A6frifPqnOxDqMXdtRQMt6v6lsCjxEeF9KgdwDCMpcwROTqyPxvs1ftw5qAHjL4Lb', 'test-data', microtime(true) ))->onBefore($event); }); $request = $client->createRequest('GET', 'http://www.google.com'); $client->send($request);
rolies106/hmac 适用场景与选型建议
rolies106/hmac 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 10.54k 次下载、GitHub Stars 达 0, 最近一次更新时间为 2015 年 08 月 28 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「Authentication」 「hash」 「pbkdf2」 「bcrypt」 「hmac」 「guzzle-plugin」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 rolies106/hmac 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 rolies106/hmac 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 rolies106/hmac 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Provides hash_pbkdf2() to PHP versions >=5.3,<5.5.
This is a package for wrapping PBKDF2 class and using it in Laravel as a facade
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
A keyed-Hash Message Authentication Code (HMAC). Used for application to application authentication.
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
统计信息
- 总下载量: 10.54k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 26
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: WTFPL
- 更新时间: 2015-08-28