TheRON/core
1
0
Fork 0
mirror of https://framagit.org/hubzilla/core.git synced 2026-06-21 00:52:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

composer update macgirvin/http-message-signer to version 0.2.6

Browse Source
This commit is contained in:
Mario Vavti
2025-10-21 16:01:28 +02:00
parent 4ba414fb8d
commit b4f6241357
5 changed files with 64 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
composer.lock generated
View File

@@ -1081,16 +1081,16 @@
},
{
"name": "macgirvin/http-message-signer",
"version": "v0.2.3",
"version": "v0.2.6",
"source": {
"type": "git",
"url": "https://github.com/macgirvin/HTTP-Message-Signer.git",
"reference": "35b42f0a2b84b3a300badeaa437128f5897b57fe"
"reference": "f40ea6d5ee9f0c2dacc996e081bf34e5217f8b13"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/35b42f0a2b84b3a300badeaa437128f5897b57fe",
"reference": "35b42f0a2b84b3a300badeaa437128f5897b57fe",
"url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/f40ea6d5ee9f0c2dacc996e081bf34e5217f8b13",
"reference": "f40ea6d5ee9f0c2dacc996e081bf34e5217f8b13",
"shasum": ""
},
"require": {
@@ -1118,9 +1118,9 @@
"description": "RFC 9421 HTTP Message Signer and Verifier for PSR-7 requests",
"support": {
"issues": "https://github.com/macgirvin/HTTP-Message-Signer/issues",
"source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.3"
"source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.6"
},
"time": "2025-07-13T20:25:22+00:00"
"time": "2025-09-27T20:20:56+00:00"
},
{
"name": "michelf/php-markdown",

14
vendor/composer/installed.json vendored
View File

@@ -1112,17 +1112,17 @@
},
{
"name": "macgirvin/http-message-signer",
"version": "v0.2.3",
"version_normalized": "0.2.3.0",
"version": "v0.2.6",
"version_normalized": "0.2.6.0",
"source": {
"type": "git",
"url": "https://github.com/macgirvin/HTTP-Message-Signer.git",
"reference": "35b42f0a2b84b3a300badeaa437128f5897b57fe"
"reference": "f40ea6d5ee9f0c2dacc996e081bf34e5217f8b13"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/35b42f0a2b84b3a300badeaa437128f5897b57fe",
"reference": "35b42f0a2b84b3a300badeaa437128f5897b57fe",
"url": "https://api.github.com/repos/macgirvin/HTTP-Message-Signer/zipball/f40ea6d5ee9f0c2dacc996e081bf34e5217f8b13",
"reference": "f40ea6d5ee9f0c2dacc996e081bf34e5217f8b13",
"shasum": ""
},
"require": {
@@ -1137,7 +1137,7 @@
"require-dev": {
"phpunit/phpunit": "^10.0"
},
"time": "2025-07-13T20:25:22+00:00",
"time": "2025-09-27T20:20:56+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
@@ -1152,7 +1152,7 @@
"description": "RFC 9421 HTTP Message Signer and Verifier for PSR-7 requests",
"support": {
"issues": "https://github.com/macgirvin/HTTP-Message-Signer/issues",
"source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.3"
"source": "https://github.com/macgirvin/HTTP-Message-Signer/tree/v0.2.6"
},
"install-path": "../macgirvin/http-message-signer"
},

10
vendor/composer/installed.php vendored
View File

@@ -3,7 +3,7 @@
'name' => 'zotlabs/hubzilla',
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'reference' => '48433c9479a5de3837e9cf85e8644d7407ad635e',
'reference' => '4ba414fb8d9a21ba45ff298e487caf421eb3f855',
'type' => 'application',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
@@ -146,9 +146,9 @@
'dev_requirement' => false,
),
'macgirvin/http-message-signer' => array(
'pretty_version' => 'v0.2.3',
'version' => '0.2.3.0',
'reference' => '35b42f0a2b84b3a300badeaa437128f5897b57fe',
'pretty_version' => 'v0.2.6',
'version' => '0.2.6.0',
'reference' => 'f40ea6d5ee9f0c2dacc996e081bf34e5217f8b13',
'type' => 'library',
'install_path' => __DIR__ . '/../macgirvin/http-message-signer',
'aliases' => array(),
@@ -499,7 +499,7 @@
'zotlabs/hubzilla' => array(
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'reference' => '48433c9479a5de3837e9cf85e8644d7407ad635e',
'reference' => '4ba414fb8d9a21ba45ff298e487caf421eb3f855',
'type' => 'application',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),

50
vendor/macgirvin/http-message-signer/README.md vendored
View File

@@ -6,21 +6,21 @@ A PHP 8.1+ library for signing and verifying HTTP messages (requests or response
This is a fork of quantificant/http-message-signer
Supports:
- RSA-SHA256
- RSA-v1.5-SHA256
- Ed25519
- HMAC-SHA256
- RSA-PSS-SHA512
- PSR-7 requests (e.g., Guzzle)
- Optionally (recommended) calculate and verify body digest (content-digest header)
- Automatically verify body digest (content-digest header) -- if present
Requirements:
- bakame/http-structured-fields
- phpseclib/phpseclib
- psr/http-message
## Note
This is Alpha version please report issues. Thanks. Tested on PHP 8.4, should run fine on 8.1+
2025-05-28: Partially reversed the constructor change.
Please report issues. Thanks. Tested on PHP 8.4, should run fine on 8.1+
## Installation
@@ -40,7 +40,45 @@ use GuzzleHttp\Psr7\ServerRequest;
$request = ServerRequest::fromGlobals();
```
This would typically be used to verify a message.
This would typically be used to verify a message.
If your project uses URL rewriting (such as Apache's 'mod_rewrite'), you may have difficulties verifying some request parameters using a PSR7 request generated using ServerRequest::fromGlobals(). In that case, you might wish instead to generate a minimal PSR7 Request Message which is populated from the original request URI and which is not affected by URL re-writing:
```
use GuzzleHttp\Psr7\Request;
function createRequest(string $baseurl)
{
/**
* $baseurl for your site e.g. 'https://example.com'
*/
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$input = file_get_contents('php://input');
}
$headers = [];
if (isset($_SERVER['CONTENT_TYPE'])) {
$headers['content-type'] = $_SERVER['CONTENT_TYPE'];
}
if (isset($_SERVER['CONTENT_LENGTH'])) {
$headers['content-length'] = $_SERVER['CONTENT_LENGTH'];
}
foreach ($_SERVER as $k => $v) {
if (str_starts_with($k, 'HTTP_')) {
$field = str_replace('_', '-', strtolower(substr($k, 5)));
$headers[$field] = $v;
}
}
return new Request(
$_SERVER['REQUEST_METHOD'],
$baseurl . $_SERVER['REQUEST_URI']),
$headers,
$input ?? null
);
}
```
To sign a message, install the composer package guzzlehttp/psr7 and create an instance of `Request`.

4
vendor/macgirvin/http-message-signer/src/HttpMessageSigner.php vendored
View File

@@ -368,7 +368,7 @@ class HttpMessageSigner
// The $interface has no single method to extract the target-uri, so build it from
// the available components.
$targetUri = $interface->getUri()->getScheme() . '://' . $this->getAuthority($interface)
. $interface->getUri()->getPath() . $interface->getUri()->getQuery();
. $interface->getUri()->getPath() . (($interface->getUri()->getQuery()) ? '?' . $interface->getUri()->getQuery() : '');
$value = match ($fieldName) {
'@signature-params' => ['', ''],
@@ -405,7 +405,7 @@ class HttpMessageSigner
{
if (method_exists($interface, 'getUri')) {
$authority = strtolower($interface->getUri()->getAuthority());
$authority = explode($authority, ':');
$authority = explode(':', $authority);
return $authority[0];
}
throw new UnprocessableSignatureException('Unable to extract authority from MessageInterface');