Create and validate signed URLs with a limited lifetime

Overview

THIS PACKAGE IS NOT MAINTAINED ANYMORE. SIGNING URLS IS NOW PART OF LARAVEL: https://laravel-news.com/signed-routes

Create secured URLs with a limited lifetime in Laravel

Latest Version on Packagist Build Status Quality Score StyleCI Total Downloads

This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.

This is how you can create signed URL that's valid for 30 days:

UrlSigner::sign('https://myapp.com/protected-route', 30);

The output will look like this:

https://app.com/protected-route?expires=xxxxxx&signature=xxxxxx

The URL can be validated with the validate-function.

UrlSigner::validate('https://app.com/protected-route?expires=xxxxxx&signature=xxxxxx');

The package also provides a middleware to protect routes.

Support us

We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.

We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall.

Installation

As you would have guessed the package can be installed via Composer:

composer require spatie/laravel-url-signer

In Laravel 5.5 the service provider and facade will automatically get registered. In older versions of the framework, just add the serviceprovider, and optionally register the facade:

// config/app.php

'providers' => [
    ...
    Spatie\UrlSigner\Laravel\UrlSignerServiceProvider::class,
];

'aliases' => [
    ...
    'UrlSigner' => Spatie\UrlSigner\Laravel\UrlSignerFacade::class,
];

Configuration

The configuration file can optionally be published via:

php artisan vendor:publish --provider="Spatie\UrlSigner\Laravel\UrlSignerServiceProvider"

This is the content of the file:

return [

    /*
    * This string is used the to generate a signature. You should
    * keep this value secret.
    */
    'signatureKey' => env('APP_KEY'),

    /*
     * The default expiration time of a URL in days.
     */
    'default_expiration_time_in_days' => 1,

    /*
     * These strings are used a parameter names in a signed url.
     */
    'parameters' => [
        'expires' => 'expires',
        'signature' => 'signature',
    ],

];

Usage

Signing URLs

URL's can be signed with the sign-method:

UrlSigner::sign('https://myapp.com/protected-route');

By default the lifetime of an URL is one day. This value can be change in the config-file. If you want a custom life time, you can specify the number of days the URL should be valid:

//the generated URL will be valid for 5 days.
UrlSigner::sign('https://myapp.com/protected-route', 5);

For fine grained control, you may also pass a DateTime instance as the second parameter. The url will be valid up to that moment. This example uses Carbon for convenience:

//This URL will be valid up until 2 hours from the moment it was generated.
UrlSigner::sign('https://myapp.com/protected-route', Carbon\Carbon::now()->addHours(2) );

Validating URLs

To validate a signed URL, simply call the validate()-method. This return a boolean.

UrlSigner::validate('https://app.com/protected-route?expires=xxxxxx&signature=xxxxxx');

Protecting routes with middleware

The package also provides a middleware to protect routes:

Route::get('protected-route', ['middleware' => 'signedurl', function () {
    return 'Hello secret world!';
}]);

Your app will abort with a 403 status code if the route is called without a valid signature.

Changelog

Please see CHANGELOG for more information what has changed recently.

Testing

$ vendor/bin/phpunit

Usage outside Laravel

If you're working on a non-Laravel project, you can use the framework agnostic version.

Similar libraries

If you need signed url's for CloudFront, consider dreamonkey's package, which is based on this library.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Postcardware

You're free to use this package, but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using.

Our address is: Spatie, Kruikstraat 22, 2018 Antwerp, Belgium.

We publish all received postcards on our company website.

Credits

License

The MIT License (MIT). Please see License File for more information.

Comments
  • ErrorException in BaseUrlSigner.php line 44: The signature key is empty (View: plan.blade.php)

    ErrorException in BaseUrlSigner.php line 44: The signature key is empty (View: plan.blade.php)

    laravel-url-signer is working perfectly fine on my local dev machine. When accessing url-signer on production i get

    ErrorException in BaseUrlSigner.php line 44: The signature key is empty (View: plan.blade.php)

    signature key is set in config/laravel-url-signer.php: 'signatureKey' => config('app.key'),

    app.key is set: 'key' => env('APP_KEY'),

    APP_KEY is set in .env: APP_KEY=base64:pCeC0it .... .... ....

    opened by studiovlijmscherp 10
  • Real world usage of this package ?

    Real world usage of this package ?

    Hello,

    Your open source packages are great !

    I'm considering using this one for a file-sharing app (with private share links of course !). I have not worked at lot with secure urls and I'm not sure if this library will be up to the task.

    It would be nice to have a list with some projects that use it and are online (assuming there are any :sweat_smile: ) so I could see what was done with it.

    Also, I see the name MD5UrlSigner. In my head MD5 != secure. Should I use another hashing function to make it more secure ?

    opened by clarkwinkelmann 3
  • Package league/url is abandoned

    Package league/url is abandoned

    Dear Spatie,

    We are using your nice URL signer package! But everytime i perform a composer update it returns that the Package league/url is abandoned. Just wanted to report this in case you guys are not aware of this.

    opened by fridzema 3
  • Dependency on League/URL

    Dependency on League/URL

    When installing the Laravel URL Signer component I get the message "Package league/url is abandoned, you should avoid using it. Use league/uri instead."

    Do you have plans to update this dependency? I briefly tried to Install League/URI, but that package has further dependencies and I'm not sure if those would pose any downstream problems with Laravel URL Signer.

    Thanks .. -martin.

    opened by mlanser 3
  • Signed URLs throwing 403 error with additional parameters.

    Signed URLs throwing 403 error with additional parameters.

    Hello, I just used your signed url package and it is working fine with normal urls but a url with additional parameters is generating 403 error. I'm using Laravel 5.4 and my code is as follows:

    //This is my Route Route::get('/get-user', ['middleware' => 'signedurl', 'uses' => 'HomeController@getUser']);

    //This is my function public function getUser(Request $request) { print_r($request->all()); }

    //This is my url generated by this package http://localhost/MYPROJECT/get-user?expires=1557553652&signature=0bd90275ad12f422dc13b167cb75a829&zip=90038&isTomorrow=1&timeslot=d86c1db3-96ae-497d-bc96-2426adg4g43

    If I run above generated url in browser, it will throw 403 error but if I'll run this url only with expires and signature, it will work fine. I want signed url working with additional parameters. Please help me out! Thanks in advance.. :-)

    opened by developerpraveen 2
  • Link prematurely expiring?

    Link prematurely expiring?

    Hi,

    This package is working locally, but as soon as i deploy to production any links generated by this package are returning that they are invalid.

    Example link: https://example.com/approve/8?expires=1519637818&signature={hash}

    If you check that timestamp, you will see it is for 7 days time, however it returns false on the validate method.

    After modifying the source files to do a check, it's this code which is failing:

            if (!$this->hasValidSignature($url)) {
                return false;
            }
    

    The site is working locally.. and my .env file does have an APP_KEY - help.

    opened by MadMikeyB 2
  • Make Url Expired by simply call a function

    Make Url Expired by simply call a function

    Can make the url expired just by simply call a function? , Right now from what i see , all the url is expired based on time (hours/days) I want simply make the url expired by simply call a function , Any solution to my problem?

    opened by batmahir 2
  • Fatal error in UrlSigner

    Fatal error in UrlSigner

    Hi, I'm still learning how to use Laravel, so it's possible I've got something wrong.

    I've followed the installation and configuration instructions, and I've been over them several times to check that everything is correct.

    In: app/Http/Controllers/VenuesManageController.php I have:

    namespace App\Http\Controllers;
    
    use Illuminate\Http\Request;
    
    use App\Http\Requests;
    use App\Http\Controllers\Controller;
    
    use App\Exceptions\Handler;
    
    use UrlSigner;
    
    use App\Venues;
    
    class VenuesManageController extends Controller
    {
    
    	public function get_url()
    	{
    		echo UrlSigner::sign('https://myapp.com/user/1/unsubscribe', 1);
    	}
    
    }
    

    But I get an error:

    FatalErrorException

    syntax error, unexpected ':', expecting ';' or '{' in UrlSigner.php (line 17)

    What's wrong?

    opened by OctaneInteractive 2
  • error Non-static method

    error Non-static method

    how to use this code to my controller? UrlSigner::sign('https://myapp.com/protected-route', 30); i want to sign url and return signed url not working screenshot_75

    opened by derit 2
  • Methode validate seems not to be tatic

    Methode validate seems not to be tatic

    Hi i've got this error where trying to validate url through UrlSigner::validate("url...")

    Non-static method Spatie\UrlSigner\UrlSigner::validate() cannot be called statically, assuming $this from incompatible context

    Any help would be greatly appreciated, Thanks

    opened by meyer59 2
  • Installing on Laravel 5.5 requirements fails

    Installing on Laravel 5.5 requirements fails

    While I am trying to install in laravel 5.5 the requirements fails:

    spatie/laravel-url-signer 2.3.0 requires illuminate/http ~5.8.0 -> satisfiable by illuminate/http[v5.8.0, v5.8.11, v5.8.12, v5.8.14, v5.8.15, v5.8.17, v5.8.18, v5.8.19, v5.8.2, v5.8.20, v5.8.22, v5.8.24, v5.8.27, v5.8.28, v5.8.29, v5.8.3, v5.8.30, v5.8.31, v5.8.4, v5.8.8, v5.8.9].

    but I suppose the package should be available up to Laravel 5.6

    opened by alexisrazok 1
  • Bump aglipanci/laravel-pint-action from 1.0.0 to 2.1.0

    Bump aglipanci/laravel-pint-action from 1.0.0 to 2.1.0

    Bumps aglipanci/laravel-pint-action from 1.0.0 to 2.1.0.

    Release notes

    Sourced from aglipanci/laravel-pint-action's releases.

    v2.1.0

    Fixing aglipanci/laravel-pint-action#1.

    v2.0.0

    Adding the ability to specify the Pint version on the configuration file.

    Commits
    • 5c0b1f6 Fixing the case of setting the testmode to false.
    • 180ac90 Update README.md
    • 07f4f96 Updating README.md
    • c4b9ef6 Merge pull request #3 from aglipanci/version-based-pint
    • 203c2fe Update entrypoint.sh
    • 9258dcb Update entrypoint.sh
    • 18945b8 adding pint version to actions.yml
    • f8d8a4f dynamic pint version
    • 14b329e removing pint installation from the docker file
    • 17f4cb9 moving pint package installation to the entrypoint
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 1
Releases(3.0.0)
Owner
Spatie
We create open source, digital products and courses for the developer community
Spatie
A simple PHP library to parse and manipulate URLs

Url is a simple library to ease creating and managing Urls in PHP.

The League of Extraordinary Packages 351 Dec 30, 2022
A laravel package for generating Bitly short URLs.

Laravel Bitly Package A laravel package for generating Bitly short URLs. For more information see Bitly Requirements Laravel 5.1 or later Installation

Wessel Strengholt 72 Nov 8, 2022
A PHP-based self-hosted URL shortener that can be used to serve shortened URLs under your own custom domain.

A PHP-based self-hosted URL shortener that can be used to serve shortened URLs under your own custom domain. Table of Contents Full documentation Dock

null 1.7k Dec 29, 2022
A Laravel package to shorten urls

Laravel Short Url Laravel Short Url is a package allowing you to shorten urls. Installation With composer composer require gallib/laravel-short-url t

Alain Pellaux 153 Dec 16, 2022
A fast and powerful URL Shortener built with Laravel, VueJS, and Tailwind CSS.

A fast and powerful URL Shortener built with Laravel, VueJS, and Tailwind CSS.

Devpri 53 Dec 25, 2022
:aerial_tramway: A modern, powerful, and robust URL shortener

?? A modern, minimalist, and lightweight URL shortener. Polr is an intrepid, self-hostable open-source link shortening web application with a robust A

Chaoyi Zha 4.6k Jan 1, 2023
php5 class to read and write .torrent files

Torrent RW PHP version 5.2+ Features: Decode torrent file or data Build torrent from source folder/file(s) Silent Exception error system Usage example

Adrien Gibrat 273 Dec 23, 2022
A modern, powerful, and robust URL shortener

?? A modern, minimalist, and lightweight URL shortener. Polr is an intrepid, self-hostable open-source link shortening web application with a robust A

Chaoyi Zha 4.6k Dec 30, 2022
Create and validate signed URLs with a limited lifetime

This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.

Spatie 349 Dec 31, 2022
Create CloudFront signed URLs in Laravel 6+

Easy to use Laravel 6+ wrapper around the official AWS PHP SDK which allows to sign URLs to access Private Content through CloudFront CDN

Dreamonkey S.r.l. 45 Dec 31, 2022
Michael Pratt 307 Dec 23, 2022
Laravel package a helper to Generate the QR code and signed it for ZATCA E-invoicing

Laravel ZATCA E-invoicing Introduction Laravel package a helper to Generate the QR code and signed it for ZATCA E-invoicing Installation To get the la

Ayman Alaiwah 8 Aug 17, 2022
laminas-memory manages data in an environment with limited memory

Memory objects (memory containers) are generated by the memory manager, and transparently swapped/loaded when required.

Laminas Project 5 Jul 26, 2022
zend-memory manages data in an environment with limited memory

Memory objects (memory containers) are generated by the memory manager, and transparently swapped/loaded when required.

Zend Framework 16 Aug 29, 2020
Laravel Plans is a package for SaaS apps that need management over plans, features, subscriptions, events for plans or limited, countable features.

Laravel Plans Laravel Plans is a package for SaaS apps that need management over plans, features, subscriptions, events for plans or limited, countabl

ángel 2 Oct 2, 2022
Easily create and read Corona Warn App Check-In URLs

bauer-kirch/cwa-event-registration-url This PHP library allows generating Check-In URLs for the Corona Warn App which can then be used to generate a Q

Bauer + Kirch GmbH 9 Dec 30, 2021
PHP library to create and validate html forms

FormManager Note: this is the documentation of FormManager 6.x For v5.x version Click here Installation: This package requires PHP>=7.1 and is availab

Oscar Otero 145 Sep 20, 2022
A fast PHP slug generator and transliteration library that converts non-ascii characters for use in URLs.

URLify for PHP A fast PHP slug generator and transliteration library, started as a PHP port of URLify.js from the Django project. Handles symbols from

Aband*nthecar 667 Dec 20, 2022
Easy multilingual urls and redirection support for the Laravel framework

Linguist - Multilingual urls and redirects for Laravel This package provides an easy multilingual urls and redirection support for the Laravel framewo

Tanel Tammik 189 Jul 18, 2022