UriSigner.php 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\HttpKernel;
  11. /**
  12. * Signs URIs.
  13. *
  14. * @author Fabien Potencier <fabien@symfony.com>
  15. */
  16. class UriSigner
  17. {
  18. private $secret;
  19. private $parameter;
  20. /**
  21. * Constructor.
  22. *
  23. * @param string $secret A secret
  24. * @param string $parameter Query string parameter to use
  25. */
  26. public function __construct($secret, $parameter = '_hash')
  27. {
  28. $this->secret = $secret;
  29. $this->parameter = $parameter;
  30. }
  31. /**
  32. * Signs a URI.
  33. *
  34. * The given URI is signed by adding the query string parameter
  35. * which value depends on the URI and the secret.
  36. *
  37. * @param string $uri A URI to sign
  38. *
  39. * @return string The signed URI
  40. */
  41. public function sign($uri)
  42. {
  43. $url = parse_url($uri);
  44. if (isset($url['query'])) {
  45. parse_str($url['query'], $params);
  46. } else {
  47. $params = array();
  48. }
  49. $uri = $this->buildUrl($url, $params);
  50. return $uri.(false === strpos($uri, '?') ? '?' : '&').$this->parameter.'='.$this->computeHash($uri);
  51. }
  52. /**
  53. * Checks that a URI contains the correct hash.
  54. *
  55. * The query string parameter must be the last one
  56. * (as it is generated that way by the sign() method, it should
  57. * never be a problem).
  58. *
  59. * @param string $uri A signed URI
  60. *
  61. * @return bool True if the URI is signed correctly, false otherwise
  62. */
  63. public function check($uri)
  64. {
  65. $url = parse_url($uri);
  66. if (isset($url['query'])) {
  67. parse_str($url['query'], $params);
  68. } else {
  69. $params = array();
  70. }
  71. if (empty($params[$this->parameter])) {
  72. return false;
  73. }
  74. $hash = urlencode($params[$this->parameter]);
  75. unset($params[$this->parameter]);
  76. return $this->computeHash($this->buildUrl($url, $params)) === $hash;
  77. }
  78. private function computeHash($uri)
  79. {
  80. return urlencode(base64_encode(hash_hmac('sha256', $uri, $this->secret, true)));
  81. }
  82. private function buildUrl(array $url, array $params = array())
  83. {
  84. ksort($params, SORT_STRING);
  85. $url['query'] = http_build_query($params, '', '&');
  86. $scheme = isset($url['scheme']) ? $url['scheme'].'://' : '';
  87. $host = isset($url['host']) ? $url['host'] : '';
  88. $port = isset($url['port']) ? ':'.$url['port'] : '';
  89. $user = isset($url['user']) ? $url['user'] : '';
  90. $pass = isset($url['pass']) ? ':'.$url['pass'] : '';
  91. $pass = ($user || $pass) ? "$pass@" : '';
  92. $path = isset($url['path']) ? $url['path'] : '';
  93. $query = isset($url['query']) && $url['query'] ? '?'.$url['query'] : '';
  94. $fragment = isset($url['fragment']) ? '#'.$url['fragment'] : '';
  95. return $scheme.$user.$pass.$host.$port.$path.$query.$fragment;
  96. }
  97. }