PHP Interface QueryAuth\Storage\SignatureStorage

Use to prevent replay attacks by checking a persistence layer to see if the requesting signature is already present. If it is present, the request should be denied. If it is not present, the signature should be persisted and the request should be approved. In order to minimize reads and writes, it's highly recommended to do so only after the signature has been otherwise validated.
Mostrar archivo Open project: jeremykendall/query-auth

Public Methods

Method Description
exists ( string $key, string $signature ) : boolean Checks persistence layer to see if a signature exists for the requester.
purge ( ) Deletes any signature with an expiration date <= now
save ( string $key, string $signature, integer $expires ) Saves a key, signature, and the signature's expiration date

Method Details

exists() public method

If a signature is found in the persistence layer, then it has already been used and the associated request should be denied. If the persistence layer will return an error or throw an exception when a duplicate apikey and signature are inserted, you don't have to use this method to check for a key. Simply attempt to save the signature and check for the exception.
public exists ( string $key, string $signature ) : boolean
$key string API key of the requster
$signature string Request signature
return boolean True if signature exists, false if not

purge() public method

Deletes any signature with an expiration date <= now
public purge ( )

save() public method

Saves a key, signature, and the signature's expiration date
public save ( string $key, string $signature, integer $expires )
$key string API key of the requster
$signature string Request signature
$expires integer Expiration timestamp