Merge pull request #44 from spatie/v2

v2
spatie · Nov 12, 2022 · 79bfb91 · 79bfb91
2 parents e872689 + 9ffd43d
commit 79bfb91
Show file tree

Hide file tree

Showing 16 changed files with 218 additions and 279 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
diff --git a/.github/workflows/php-cs-fixer.yml → ...b/workflows/fix-php-code-style-issues.yml b/.github/workflows/php-cs-fixer.yml → ...b/workflows/fix-php-code-style-issues.yml
@@ -1,21 +1,22 @@
-name: Check & fix styling
+name: Fix PHP code style issues
 
-on: [push]
+on:
+  push:
+    paths:
+      - '**.php'
 
 jobs:
-  php-cs-fixer:
+  php-code-styling:
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           ref: ${{ github.head_ref }}
 
-      - name: Run PHP CS Fixer
-        uses: docker://oskarstark/php-cs-fixer-ga
-        with:
-          args: --config=.php_cs.dist.php --allow-risky=yes
+      - name: Fix PHP code style issues
+        uses: aglipanci/laravel-pint-action@1.0.0
 
       - name: Commit changes
         uses: stefanzweifel/git-auto-commit-action@v4

diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
@@ -8,15 +8,13 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest]
-        php: [8.1, 8.0]
-        laravel: [9.*, 8.*]
+        os: [ubuntu-latest, windows-latest]
+        php: [8.2, 8.1]
+        laravel: [9.*]
         stability: [prefer-stable]
         include:
-          - laravel: 9.*
-            testbench: 7.*
-          - laravel: 8.*
-            testbench: ^6.23
+            - laravel: 9.*
+              testbench: 7.*
 
     name: P${{ matrix.php }} - L${{ matrix.laravel }} - ${{ matrix.stability }} - ${{ matrix.os }}
 
@@ -42,5 +40,5 @@ jobs:
           composer update --${{ matrix.stability }} --prefer-dist --no-interaction
 
       - name: Execute tests
-        run: vendor/bin/phpunit
+        run: vendor/bin/pest
 
diff --git a/.php_cs.dist.php b/.php_cs.dist.php
diff --git a/README.md b/README.md
@@ -1,9 +1,3 @@
-
-[<img src="https://github-ads.s3.eu-central-1.amazonaws.com/support-ukraine.svg?t=1" />](https://supportukrainenow.org)
-
-**THIS PACKAGE IS NOT MAINTAINED ANYMORE. 
-SIGNING URLS IS NOW PART OF LARAVEL: https://laravel-news.com/signed-routes**
-
 # Create secured URLs with a limited lifetime in Laravel
 
 [![Latest Version on Packagist](https://img.shields.io/packagist/v/spatie/laravel-url-signer.svg?style=flat-square)](https://packagist.org/packages/spatie/laravel-url-signer)
@@ -13,10 +7,15 @@ SIGNING URLS IS NOW PART OF LARAVEL: https://laravel-news.com/signed-routes**
 
 This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.
 
+The difference with [Laravel's native route signing](https://laravel.com/docs/master/urls#signed-urls) is that using this package:
+
+- the secret used is not tied to the app key
+- allows you to easily sign any URL (and not only a route belonging to your app), this makes it easy to use signed URLs between different apps.
+
 This is how you can create signed URL that's valid for 30 days:
 
 ```php
-UrlSigner::sign('https://myapp.com/protected-route', 30);
+UrlSigner::sign('https://myapp.com/protected-route', now()->addDays(30);
 ```
 
 The output will look like this:
@@ -43,51 +42,40 @@ We highly appreciate you sending us a postcard from your hometown, mentioning wh
 
 ## Installation
 
-As you would have guessed the package can be installed via Composer:
+As you would have guessed the package can be installed via composer:
 
-```
+```bash
 composer require spatie/laravel-url-signer
 ```
 
-In Laravel 5.5 the service provider and facade will automatically get registered. In older versions of the framework, just add the serviceprovider, and optionally register the facade:
-
-```php
-// config/app.php
+You must set an environment variable called `URL_SIGNER_SIGNATURE_KEY` and set it to a long secret value. This value will be used to sign and validate signed URLs.
 
-'providers' => [
-    ...
-    Spatie\UrlSigner\Laravel\UrlSignerServiceProvider::class,
-];
-
-'aliases' => [
-    ...
-    'UrlSigner' => Spatie\UrlSigner\Laravel\UrlSignerFacade::class,
-];
 ```
+# in your .env file
 
-## Configuration
+URL_SIGNER_SIGNATURE_KEY=some_random_value
+```
 
 The configuration file can optionally be published via:
 
-```
-php artisan vendor:publish --provider="Spatie\UrlSigner\Laravel\UrlSignerServiceProvider"
+```bash
+php artisan vendor:publish --tag="url-signer-config"
 ```
 
 This is the content of the file:
 
 ```php
 return [
-
     /*
     * This string is used the to generate a signature. You should
     * keep this value secret.
     */
-    'signatureKey' => env('APP_KEY'),
+    'signature_key' => env('URL_SIGNER_SIGNATURE_KEY'),
 
     /*
-     * The default expiration time of a URL in days.
+     * The default expiration time of a URL in seconds.
      */
-    'default_expiration_time_in_days' => 1,
+    'default_expiration_time_in_seconds' => 60 * 60 * 24,
 
     /*
      * These strings are used a parameter names in a signed url.
@@ -96,45 +84,63 @@ return [
         'expires' => 'expires',
         'signature' => 'signature',
     ],
-
 ];
 ```
 ## Usage
 
-### Signing URLs
 URL's can be signed with the `sign`-method:
+
 ```php
+use Spatie\UrlSigner\Laravel\Facades\UrlSigner;
+
 UrlSigner::sign('https://myapp.com/protected-route');
 ```
-By default the lifetime of an URL is one day. This value can be change in the config-file.
-If you want a custom life time, you can specify the number of days the URL should be valid:
 
-```php
-//the generated URL will be valid for 5 days.
-UrlSigner::sign('https://myapp.com/protected-route', 5);
-```
+By default, the lifetime of an URL is one day. This value can be change in the config file.
+If you want a custom lifetime, you can specify the number of days the URL should be valid:
 
-For fine grained control, you may also pass a `DateTime` instance as the second parameter. The url
-will be valid up to that moment. This example uses Carbon for convenience:
 ```php
-//This URL will be valid up until 2 hours from the moment it was generated.
-UrlSigner::sign('https://myapp.com/protected-route', Carbon\Carbon::now()->addHours(2) );
+use Spatie\UrlSigner\Laravel\Facades\UrlSigner;
+
+// the generated URL will be valid for 5 minutes.
+UrlSigner::sign('https://myapp.com/protected-route', now()->addMinutes(5));
+
+// alternatively you could also pass the amount of seconds
+UrlSigner::sign('https://myapp.com/protected-route', 60 * 5);
 ```
 
 ### Validating URLs
-To validate a signed URL, simply call the `validate()`-method. This return a boolean.
+
+To validate a signed URL, simply call the `validate()`-method. This method returns a boolean.
+
 ```php
+use Spatie\UrlSigner\Laravel\Facades\UrlSigner;
+
 UrlSigner::validate('https://app.com/protected-route?expires=xxxxxx&signature=xxxxxx');
 ```
 
 ### Protecting routes with middleware
-The package also provides a middleware to protect routes:
+
+The package provides a middleware to protect routes.
+
+To use it you must first register the `Spatie\UrlSigner\Laravel\Middleware\ValidateSignature` as route middleware in your HTTP kernel.
+
+```php
+// in app/Http/Kernel.php
+
+protected $routeMiddleware = [
+    // ...
+    'signed-url' => \Spatie\UrlSigner\Laravel\Middleware\ValidateSignature::class,
+];
+```
+
+Next, you can apply it on any route you want.
 
 ```php
-Route::get('protected-route', ['middleware' => 'signedurl', function () {
-    return 'Hello secret world!';
-}]);
+Route::get('protected-route', fn () => 'Hello secret world!')
+    ->middleware('signed-url');
 ```
+
 Your app will abort with a 403 status code if the route is called without a valid signature.
 
 ## Changelog

diff --git a/UPGRADING.md b/UPGRADING.md
@@ -0,0 +1,6 @@
+# From v1 to v2
+
+
+Breaking changes between v1 and v2 that you need to account for: 
+- When passing the expiration time to `sign()` as an int, it will be interpreted as seconds instead of days.
+- the `default_expiration_time_in_days` has been renamed to `default_expiration_time_in_seconds`
diff --git a/composer.json b/composer.json
@@ -16,14 +16,14 @@
         }
     ],
     "require": {
-        "php" : "^7.2|^8.0",
-        "spatie/url-signer": "^1.0.1",
-        "illuminate/support": "~5.8.0|^6.0|^7.0|^8.0|^9.0",
-        "illuminate/http": "~5.8.0|^6.0|^7.0|^8.0|^9.0"
+        "php" : "^8.1",
+        "spatie/url-signer": "^2.0",
+        "illuminate/support": "^9.0",
+        "spatie/laravel-package-tools": "^1.13.6"
     },
     "require-dev": {
-        "orchestra/testbench": "~3.8.0|^4.0|^5.0|^6.0|^7.0",
-        "phpunit/phpunit" : "^8.0|^9.0"
+        "orchestra/testbench": "^7.12.1",
+        "pestphp/pest": "^1.22.2"
     },
     "autoload": {
         "psr-4": {
@@ -32,7 +32,7 @@
     },
     "autoload-dev": {
         "psr-4": {
-            "Spatie\\UrlSigner\\Laravel\\Test\\": "tests"
+            "Spatie\\UrlSigner\\Laravel\\Tests\\": "tests"
         }
     },
     "extra": {
@@ -41,10 +41,17 @@
                 "Spatie\\UrlSigner\\Laravel\\UrlSignerServiceProvider"
             ],
             "aliases": {
-                "UrlSigner": "Spatie\\UrlSigner\\Laravel\\UrlSignerFacade"
+                "UrlSigner": "Spatie\\UrlSigner\\Laravel\\Facades\\UrlSigner"
             }
         }
     },
+    "config": {
+        "sort-packages": true,
+        "allow-plugins": {
+            "phpstan/extension-installer": true,
+            "pestphp/pest-plugin": true
+        }
+    },
     "minimum-stability": "dev",
     "prefer-stable": true
 }
diff --git a/config/url-signer.php b/config/url-signer.php
@@ -1,24 +1,22 @@
 <?php
 
 return [
-
     /*
     * This string is used the to generate a signature. You should
     * keep this value secret.
     */
-    'signatureKey' => env('APP_KEY'),
+    'signature_key' => env('URL_SIGNER_SIGNATURE_KEY'),
 
     /*
-     * The default expiration time of a URL in days.
+     * The default expiration time of a URL in seconds.
      */
-    'default_expiration_time_in_days' => 1,
+    'default_expiration_time_in_seconds' => 60 * 60 * 24,
 
     /*
      * These strings are used a parameter names in a signed url.
      */
     'parameters' => [
-        'expires'   => 'expires',
+        'expires' => 'expires',
         'signature' => 'signature',
     ],
-
 ];
diff --git a/src/Facades/UrlSigner.php b/src/Facades/UrlSigner.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace Spatie\UrlSigner\Laravel\Facades;
+
+use Illuminate\Support\Facades\Facade;
+
+class UrlSigner extends Facade
+{
+    protected static function getFacadeAccessor()
+    {
+        return 'url-signer';
+    }
+}