Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[9.x] Allow signed URLs with custom key resolver #44254

Merged
merged 2 commits into from
Sep 22, 2022
Merged

[9.x] Allow signed URLs with custom key resolver #44254

merged 2 commits into from
Sep 22, 2022

Conversation

bonroyage
Copy link
Contributor

In case there are multiple applications communicating together, you don't want to share the same encryption key throughout all applications, but you may have a different pre-shared secret to sign URLs with. With this new withKeyResolver method on the UrlGenerator, a clone of the current UrlGenerator will be created where a different key can be used to validate the signature or generate signed URLs

If you were to call url()->setKeyResolver(), then this will change the key for the remainder of the request, potentially generating incorrect signed URLs where this custom key wasn't needed.

Two very basic examples of how it could be used:

It can be used in middleware to validate with custom key:

public function handle(Request $request, Closure $next)
{
    $urlGenerator = url()->withKeyResolver(fn() => config('services.my-service.key'));
    
    if(!$urlGenerator->hasValidSignature($request)) {
       throw new InvalidSignatureException;
    }
   
    return $next($request);
}

It can be used in a controller to generate a URL with custom key:

public function __invoke()
{
    $urlGenerator = url()->withKeyResolver(fn() => config('services.my-service.key'));

    return response()->json([
        'return_url' => $urlGenerator->signedRoute('test')
    ]);
}

@bonroyage bonroyage changed the title Allow signed URLs with custom key resolver [9.x] Allow signed URLs with custom key resolver Sep 22, 2022
@bonroyage bonroyage force-pushed the feature/url-generator-with-key-resolver branch from cefd05b to 8f181e6 Compare September 22, 2022 14:21
@taylorotwell taylorotwell merged commit 3f3a57a into laravel:9.x Sep 22, 2022
@bonroyage bonroyage deleted the feature/url-generator-with-key-resolver branch September 22, 2022 21:47
vr00
vr00 reviewed Sep 30, 2022
View reviewed changes
tests/Routing/RoutingUrlGeneratorTest.php

$this->assertTrue($url->hasValidSignature($request));

$request = Request::create($url->signedRoute('foo').'?tempered=true');
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there is a typo, it should probably say tampered

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you send in a PR?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR for fixing the typo: #51238

@Krisell Krisell mentioned this pull request Apr 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Krisell Krisell Krisell left review comments

@vr00 vr00 vr00 left review comments

@driesvints driesvints driesvints left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bonroyage @driesvints @vr00 @Krisell @taylorotwell