├── .editorconfig.txt ├── .gitattributes.txt ├── .gitignore ├── CHANGELOG.md ├── CONTRIBUTING.md ├── LICENSE.md ├── README.md ├── composer.json ├── composer.lock ├── composer.phar ├── config └── cloudfront-url-signer.php ├── phpunit.xml.dist ├── src ├── CloudFrontUrlSigner.php ├── CloudFrontUrlSignerServiceProvider.php ├── Exceptions │ ├── InvalidExpiration.php │ └── InvalidKeyPairId.php ├── Facades │ └── CloudFrontUrlSigner.php ├── UrlSigner.php └── helpers.php └── tests ├── SignatureGenerationTest.php ├── TestCase.php └── dummy-key.pem /.editorconfig.txt: -------------------------------------------------------------------------------- 1 | ; This file is for unifying the coding style for different editors and IDEs. 2 | ; More information at http://editorconfig.org 3 | 4 | root = true 5 | 6 | [*] 7 | charset = utf-8 8 | indent_size = 4 9 | indent_style = space 10 | end_of_line = lf 11 | insert_final_newline = true 12 | trim_trailing_whitespace = true 13 | 14 | [*.md] 15 | trim_trailing_whitespace = false 16 | -------------------------------------------------------------------------------- /.gitattributes.txt: -------------------------------------------------------------------------------- 1 | # Path-based git attributes 2 | # https://www.kernel.org/pub/software/scm/git/docs/gitattributes.html 3 | 4 | # Ignore all test and documentation with "export-ignore". 5 | /.gitattributes export-ignore 6 | /.gitignore export-ignore 7 | /tests export-ignore 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | vendor/ 2 | node_modules/ 3 | npm-debug.log 4 | 5 | # Laravel 5 & Lumen specific 6 | public/storage 7 | public/hot 8 | storage/*.key 9 | .env.*.php 10 | .env.php 11 | .env 12 | Homestead.yaml 13 | Homestead.json 14 | 15 | .phpunit.result.cache -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | 5 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 6 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 7 | 8 | ## [Unreleased] 9 | 10 | ## [3.4.0] - 2023-04-03 11 | 12 | - Added support for L10 13 | 14 | ## [3.3.0] - 2022-03-14 15 | 16 | - Added support for L9 17 | 18 | ## [3.2.0] - 2021-03-13 19 | 20 | - Added support for PHP 8 21 | 22 | ## [3.1.0] - 2020-11-03 23 | 24 | ### Added 25 | 26 | - Added support for L8 27 | 28 | ## [3.0.0] - 2020-03-05 29 | 30 | ### Added 31 | 32 | - Added support for L7 33 | 34 | ### Changed 35 | 36 | - Updated dev dependencies and tests 37 | 38 | ### Removed 39 | 40 | - Removed support for L5 41 | 42 | ## [2.2.0] - 2019-10-08 43 | 44 | ### Added 45 | 46 | - Added support for L6+ 47 | 48 | ### Changed 49 | 50 | - Updated CHANGELOG to adhere to "Keep a Changelog" initiative 51 | 52 | ## [2.1.0] - 2019-06-03 53 | 54 | ### Added 55 | 56 | - Added support for L5.8 57 | 58 | ## [2.0.0] - 2018-09-24 59 | 60 | ### Added 61 | 62 | - Added support for L5.7 63 | 64 | ### Removed 65 | 66 | - Removed support for L5.5 67 | 68 | ## [1.0.1] - 2018-04-22 69 | 70 | ### Added 71 | 72 | - Updated CHANGELOG to cover undocumented releases 73 | 74 | ### Changed 75 | 76 | - Removed dependency and consequentially php-intl extension: it gives some problems on High Sierra development environment. URL check is now delegated to AWS SDK. 77 | 78 | ## [1.0.0] - 2018-02-19 79 | 80 | ### Added 81 | 82 | - Add support for L5.6 83 | 84 | ## [0.1.5] - 2018-02-18 85 | 86 | ### Fixed 87 | 88 | - getExpirationTimestamp now returns int value instead of string to overcome an AWS SDK bug 89 | 90 | ## [0.1.4] - 2018-02-13 91 | 92 | ### Changed 93 | 94 | - Refactored tests 95 | - Switched to UrlSigner class instead of CloudFrontClient 96 | 97 | ## [0.1.3] - 2018-02-09 98 | 99 | ### Changed 100 | 101 | - \$expiration default behaviour moved to internal `sign()` method instead of helper 102 | 103 | ## [0.1.2] - 2018-02-09 104 | 105 | ### Fixed 106 | 107 | - Fixed config publishing 108 | 109 | ### Changed 110 | 111 | - \$expiration parameter of `sign()` helper now defaults to the value defined in the configuration file when not defined 112 | 113 | ## [0.1.1] - 2018-02-09 114 | 115 | ### Added 116 | 117 | - Added `sign()` helper 118 | 119 | ## [0.1.0 - 2018-02-09 120 | 121 | - Initial release 122 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Contributions are **welcome** and will be fully **credited**. 4 | 5 | We accept contributions via Pull Requests on [Github](https://github.com/dreamonkey/laravel-cludfront-url-signer). 6 | 7 | 8 | ## Pull Requests 9 | 10 | - **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](http://pear.php.net/package/PHP_CodeSniffer). 11 | 12 | - **Document any change in behaviour** - Make sure the `README.md` and any other relevant documentation are kept up-to-date. 13 | 14 | - **Consider our release cycle** - We try to follow [SemVer v2.0.0](http://semver.org/). Randomly breaking public APIs is not an option. 15 | 16 | - **Create feature branches** - Don't ask us to pull from your master branch. 17 | 18 | - **One pull request per feature** - If you want to do more than one thing, send multiple pull requests. 19 | 20 | - **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please [squash them](http://www.git-scm.com/book/en/v2/Git-Tools-Rewriting-History#Changing-Multiple-Commit-Messages) before submitting. 21 | 22 | 23 | **Happy coding**! 24 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Dreamonkey Srl 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | !!!! THIS PACKAGE IS UNMAINTAINED !!!! 2 | Feel free to fork and start maintaining a copy yourself, we can link here popular forks 3 | 4 | # Create CloudFront signed URLs in Laravel 6+ 5 | 6 | Easy to use Laravel 6+ wrapper around the official AWS PHP SDK which allows to sign URLs to access Private Content through CloudFront CDN 7 | 8 | Inspired by [laravel-url-signer](https://github.com/spatie/laravel-url-signer) 9 | 10 | [![Latest Version on Packagist](https://img.shields.io/packagist/v/dreamonkey/laravel-cloudfront-url-signer.svg?style=flat-square)](https://packagist.org/packages/dreamonkey/laravel-cloudfront-url-signer) 11 | [![Total Downloads](https://img.shields.io/packagist/dt/dreamonkey/laravel-cloudfront-url-signer.svg?style=flat-square)](https://packagist.org/packages/dreamonkey/laravel-cloudfront-url-signer) 12 | 13 | This package can create canned policies signed URLs for CloudFront which expires after a given time. This is done by wrapping the AWS SDK method adding a Laravel-style configuration and accessibility. 14 | 15 | This is how you can create signed URL that's valid for 30 days: 16 | 17 | ```php 18 | // With Facade 19 | CloudFrontUrlSigner::sign('https://myapp.com/resource', 30); 20 | 21 | // With helper 22 | sign('https://myapp.com/resource', 30); 23 | ``` 24 | 25 | The output is compliant with [CloudFront specifications](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-canned-policy.html) 26 | 27 | ## Installation 28 | 29 | The package can be installed via Composer: 30 | 31 | ``` 32 | composer require dreamonkey/laravel-cloudfront-url-signer 33 | ``` 34 | 35 | ## Configuration 36 | 37 | The configuration file can optionally be published via: 38 | 39 | ``` 40 | php artisan vendor:publish --provider="Dreamonkey\CloudFrontUrlSigner\CloudFrontUrlSignerServiceProvider" 41 | ``` 42 | 43 | This is the content of the file: 44 | 45 | ```php 46 | return [ 47 | /* 48 | * The default expiration time of a URL in days. 49 | */ 50 | 'default_expiration_time_in_days' => 1, 51 | 52 | /* 53 | * The private key used to sign all URLs. 54 | */ 55 | 'private_key_path' => storage_path(env('CLOUDFRONT_PRIVATE_KEY_PATH', 'trusted-signer.pem')), 56 | 57 | /* 58 | * Identifies the CloudFront key pair associated 59 | * to the trusted signer which validates signed URLs. 60 | */ 61 | 'key_pair_id' => env('CLOUDFRONT_KEY_PAIR_ID', ''), 62 | 63 | /* 64 | * CloudFront API version, by default it uses the latest available. 65 | */ 66 | 'version' => env('CLOUDFRONT_API_VERSION', 'latest'), 67 | 68 | ]; 69 | ``` 70 | 71 | ## Usage 72 | 73 | ### Signing URLs 74 | 75 | URL's can be signed with the `sign` method: 76 | 77 | ```php 78 | CloudFrontUrlSigner::sign('https://myapp.com/resource'); 79 | ``` 80 | 81 | By default the lifetime of an URL is one day. This value can be change in the config-file. 82 | If you want a custom life time, you can specify the number of days the URL should be valid: 83 | 84 | ```php 85 | // The generated URL will be valid for 5 days. 86 | CloudFrontUrlSigner::sign('https://myapp.com/resource', 5); 87 | ``` 88 | 89 | For fine grained control, you may also pass a `DateTime` instance as the second parameter. The url 90 | will be valid up to that moment. This example uses Carbon for convenience: 91 | 92 | ```php 93 | // This URL will be valid up until 2 hours from the moment it was generated. 94 | CloudFrontUrlSigner::sign('https://myapp.com/resource', Carbon\Carbon::now()->addHours(2) ); 95 | ``` 96 | 97 | ## Changelog 98 | 99 | Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently. 100 | 101 | ## Testing 102 | 103 | ```bash 104 | $ vendor/bin/phpunit 105 | ``` 106 | 107 | ## Contributing 108 | 109 | Please see [CONTRIBUTING](CONTRIBUTING.md) for details. 110 | 111 | ## Security 112 | 113 | If you discover any security related issues, please email p.caleffi@dreamonkey.com instead of using the issue tracker. 114 | 115 | ## Credits 116 | 117 | - [Paolo Caleffi](https://github.com/IlCallo) 118 | 119 | ## License 120 | 121 | The MIT License (MIT). Please see [License File](LICENSE.md) for more information. 122 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "dreamonkey/laravel-cloudfront-url-signer", 3 | "description": "Laravel 5.6+ wrapper around CloudFront canned signed URLs", 4 | "keywords": [ 5 | "dreamonkey", 6 | "laravel-cloudfront-url-signer", 7 | "private content", 8 | "cloudfront" 9 | ], 10 | "homepage": "https://github.com/dreamonkey/laravel-cloudfront-url-signer", 11 | "license": "MIT", 12 | "authors": [ 13 | { 14 | "name": "Paolo Caleffi", 15 | "email": "p.caleffi@dreamonkey.com", 16 | "homepage": "https://dreamonkey.com", 17 | "role": "Developer" 18 | } 19 | ], 20 | "require": { 21 | "php": "^7.3.0|^8.0", 22 | "illuminate/support": "^6.0|^7.0|^8.0|^9.0|^10.0|^11.0", 23 | "aws/aws-sdk-php": "^3.52" 24 | }, 25 | "require-dev": { 26 | "orchestra/testbench": "^6.0|^8.0|^9.0", 27 | "phpunit/phpunit": "^8.0|^9.0|^10.5" 28 | }, 29 | "autoload": { 30 | "psr-4": { 31 | "Dreamonkey\\CloudFrontUrlSigner\\": "src" 32 | }, 33 | "files": [ 34 | "src/helpers.php" 35 | ] 36 | }, 37 | "autoload-dev": { 38 | "psr-4": { 39 | "Dreamonkey\\CloudFrontUrlSigner\\Tests\\": "tests" 40 | } 41 | }, 42 | "extra": { 43 | "laravel": { 44 | "providers": [ 45 | "Dreamonkey\\CloudFrontUrlSigner\\CloudFrontUrlSignerServiceProvider" 46 | ], 47 | "aliases": { 48 | "CloudFrontUrlSigner": "Dreamonkey\\CloudFrontUrlSigner\\Facades\\CloudFrontUrlSigner" 49 | } 50 | } 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /composer.phar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dreamonkey/laravel-cloudfront-url-signer/b0129b0fb6de97f06b945ca227a838d16fcfb1c4/composer.phar -------------------------------------------------------------------------------- /config/cloudfront-url-signer.php: -------------------------------------------------------------------------------- 1 | 1, 8 | 9 | /* 10 | * The private key used to sign all URLs. 11 | */ 12 | 'private_key_path' => storage_path(env('CLOUDFRONT_PRIVATE_KEY_PATH', 'trusted-signer.pem')), 13 | 14 | /* 15 | * Identifies the CloudFront key pair associated 16 | * to the trusted signer which validates signed URLs. 17 | */ 18 | 'key_pair_id' => env('CLOUDFRONT_KEY_PAIR_ID', ''), 19 | 20 | /* 21 | * CloudFront API version, by default it uses the latest available. 22 | */ 23 | 'version' => env('CLOUDFRONT_API_VERSION', 'latest'), 24 | 25 | ]; 26 | -------------------------------------------------------------------------------- /phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | app/ 6 | 7 | 8 | 9 | 10 | ./tests/ 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /src/CloudFrontUrlSigner.php: -------------------------------------------------------------------------------- 1 | urlSigner = $urlSigner; 23 | } 24 | 25 | /** 26 | * Get a secure URL to a controller action. 27 | * 28 | * @param string $url 29 | * @param \DateTime|int|null $expiration 30 | * 31 | * @return string 32 | * @throws \Dreamonkey\CloudFrontUrlSigner\Exceptions\InvalidExpiration 33 | */ 34 | public function sign(string $url, $expiration = null): string 35 | { 36 | $expiration = $this->getExpirationTimestamp($expiration ?? 37 | config('cloudfront-url-signer.default_expiration_time_in_days')); 38 | 39 | return $this->urlSigner->getSignedUrl($url, $expiration); 40 | } 41 | 42 | /** 43 | * Check if a timestamp is in the future. 44 | * 45 | * @param int $timestamp 46 | * 47 | * @return bool 48 | */ 49 | protected function isFuture(int $timestamp): bool 50 | { 51 | return ((int)$timestamp) >= (new DateTime())->getTimestamp(); 52 | } 53 | 54 | /** 55 | * Retrieve the expiration timestamp for a link based on an absolute DateTime or a relative number of days. 56 | * 57 | * @param \DateTime|int $expiration The expiration date of this link. 58 | * - DateTime: The value will be used as expiration date 59 | * - int: The expiration time will be set to X days from now 60 | * 61 | * @return int 62 | * @throws \Dreamonkey\CloudFrontUrlSigner\Exceptions\InvalidExpiration 63 | */ 64 | protected function getExpirationTimestamp($expiration): int 65 | { 66 | if (is_int($expiration)) { 67 | $expiration = (new DateTime())->modify((int)$expiration . ' days'); 68 | } 69 | 70 | if (!$expiration instanceof DateTime) { 71 | throw new InvalidExpiration('Expiration date must be an instance of DateTime or an integer'); 72 | } 73 | 74 | if (!$this->isFuture($expiration->getTimestamp())) { 75 | throw new InvalidExpiration('Expiration date must be in the future'); 76 | } 77 | 78 | return $expiration->getTimestamp(); 79 | } 80 | } 81 | -------------------------------------------------------------------------------- /src/CloudFrontUrlSignerServiceProvider.php: -------------------------------------------------------------------------------- 1 | publishes([__DIR__ . '/../config/cloudfront-url-signer.php' => config_path('cloudfront-url-signer.php')], 'config'); 16 | } 17 | 18 | /** 19 | * Register the service provider. 20 | */ 21 | public function register() 22 | { 23 | $this->mergeConfigFrom(__DIR__ . '/../config/cloudfront-url-signer.php', 'cloudfront-url-signer'); 24 | 25 | $this->app->singleton(UrlSigner::class, function () { 26 | $config = config('cloudfront-url-signer'); 27 | 28 | if ($config['key_pair_id'] === '') { 29 | throw new InvalidKeyPairId('Key pair id cannot be empty'); 30 | } 31 | 32 | return new CloudFrontUrlSigner(new \Aws\CloudFront\UrlSigner($config['key_pair_id'], $config['private_key_path'])); 33 | }); 34 | 35 | $this->app->alias(UrlSigner::class, 'cloudfront-url-signer'); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /src/Exceptions/InvalidExpiration.php: -------------------------------------------------------------------------------- 1 | sign($url, $expiration); 17 | } 18 | } -------------------------------------------------------------------------------- /tests/SignatureGenerationTest.php: -------------------------------------------------------------------------------- 1 | $this->dummyKeyPairId]); 19 | config(['cloudfront-url-signer.private_key_path' => $this->dummyPrivateKeyPath]); 20 | } 21 | 22 | /** @test */ 23 | public function it_registered_cloudfront_url_signer_in_the_container() 24 | { 25 | $instance = $this->app['cloudfront-url-signer']; 26 | 27 | $this->assertInstanceOf(\Dreamonkey\CloudFrontUrlSigner\CloudFrontUrlSigner::class, $instance); 28 | } 29 | 30 | /** 31 | * @test 32 | */ 33 | public function it_will_throw_an_exception_for_an_empty_key_pair_id() 34 | { 35 | $this->expectException(\Dreamonkey\CloudFrontUrlSigner\Exceptions\InvalidKeyPairId::class); 36 | 37 | config(['cloudfront-url-signer.key_pair_id' => '']); 38 | 39 | /** @noinspection PhpUnhandledExceptionInspection */ 40 | sign($this->dummyUrl); 41 | } 42 | 43 | /** @test */ 44 | public function it_can_sign_an_url_that_expires_at_a_certain_time() 45 | { 46 | $expiration = DateTime::createFromFormat('d/m/Y H:i:s', '10/08/2025 18:15:44', 47 | new DateTimeZone('Europe/Brussels')); 48 | 49 | /** @noinspection PhpUnhandledExceptionInspection */ 50 | $signedUrl = sign($this->dummyUrl, $expiration); 51 | 52 | $this->assertEquals($expiration->getTimestamp(), $this->getSignedUrlExpirationTimestamp($signedUrl)); 53 | } 54 | 55 | /** @test */ 56 | public function it_can_sign_an_url_that_expires_after_a_relative_amount_of_days() 57 | { 58 | $expiration = 30; 59 | 60 | /** @noinspection PhpUnhandledExceptionInspection */ 61 | $signedUrl = sign($this->dummyUrl, $expiration); 62 | 63 | $this->assertLessThanOrEqual(60, (new DateTime())->modify($expiration . ' days')->getTimestamp() - $this->getSignedUrlExpirationTimestamp($signedUrl)); 64 | } 65 | 66 | /** 67 | * @test 68 | */ 69 | public function it_does_not_allow_expiration_in_the_past_when_integer_is_given() 70 | { 71 | $this->expectException(\Dreamonkey\CloudFrontUrlSigner\Exceptions\InvalidExpiration::class); 72 | 73 | $expiration = -5; 74 | 75 | sign($this->dummyUrl, $expiration); 76 | } 77 | 78 | /** 79 | * @test 80 | */ 81 | public function it_does_not_allow_expiration_in_the_past_when_datetime_is_given() 82 | { 83 | $this->expectException(\Dreamonkey\CloudFrontUrlSigner\Exceptions\InvalidExpiration::class); 84 | 85 | $expiration = DateTime::createFromFormat('d/m/Y H:i:s', '10/08/2005 18:15:44'); 86 | 87 | sign($this->dummyUrl, $expiration); 88 | } 89 | 90 | /** 91 | * @param string $signedUrl 92 | * @return int 93 | */ 94 | private function getSignedUrlExpirationTimestamp(string $signedUrl): int 95 | { 96 | $parts = parse_url($signedUrl); 97 | parse_str($parts['query'], $queryParams); 98 | return (int)$queryParams['Expires']; 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /tests/TestCase.php: -------------------------------------------------------------------------------- 1 |