PHP Interface QueryAuth\Storage\SignatureStorage

Use to prevent replay attacks by checking a persistence layer to see if the requesting signature is already present. If it is present, the request should be denied. If it is not present, the signature should be persisted and the request should be approved. In order to minimize reads and writes, it's highly recommended to do so only after the signature has been otherwise validated.

Datei anzeigen Open project: jeremykendall/query-auth

Public Methods

Method	Description
exists ( string $key, string $signature ) : boolean	Checks persistence layer to see if a signature exists for the requester.
purge ( )	Deletes any signature with an expiration date <= now
save ( string $key, string $signature, integer $expires )	Saves a key, signature, and the signature's expiration date

Method Details

exists() public method

If a signature is found in the persistence layer, then it has already been used and the associated request should be denied. If the persistence layer will return an error or throw an exception when a duplicate apikey and signature are inserted, you don't have to use this method to check for a key. Simply attempt to save the signature and check for the exception.

public exists ( string $key, string $signature ) : boolean
$key	string	API key of the requster
$signature	string	Request signature
return	boolean	True if signature exists, false if not

purge() public method

Deletes any signature with an expiration date <= now

public purge ( )

save() public method

Saves a key, signature, and the signature's expiration date

public save ( string $key, string $signature, integer $expires )
$key	string	API key of the requster
$signature	string	Request signature
$expires	integer	Expiration timestamp