tuupola / branca-php Goto Github PK
View Code? Open in Web Editor NEWAuthenticated and encrypted API tokens using modern crypto
License: MIT License
Authenticated and encrypted API tokens using modern crypto
License: MIT License
First of all, nice job with Branca-php lib, now the "issue".
This is the question:
Can you add config which disables RuntimeExceptions and just returns 'false' when decipherer operation fails? Something like:
$branca = new Branca( "supersecretkeyyoushouldnotcommit", false );
This solves both points.
Is timestamp a security risk? Ie. should there be another version without timestamp in header. Currently it is possible to opt out by passing a 0
or false
as timestamp. This still wastes a few bytes per request.
Dear Tuupola,
First of all, thank you for all your great work. I'm currently implementing a REST api using branca-middleware. I haven't touched my code since one month and I experienced an issue with sodium_compat library. I assume it's not an issue with Branca library but I'm just curious about this change.
Apparently, we need a 64 bit version of php to encode payload. Here is the error message than occur when I try to encode payload :
pack(): 64-bit format codes are not available for 32-bit versions of PHP
E:\Utilisateurs\Dropbox\brancatest\vendor\paragonie\sodium_compat\src\Core\Util.php:656
E:\Utilisateurs\Dropbox\brancatest\vendor\paragonie\sodium_compat\src\Crypto32.php:298
E:\Utilisateurs\Dropbox\brancatest\vendor\paragonie\sodium_compat\src\Crypto32.php:362
E:\Utilisateurs\Dropbox\brancatest\vendor\paragonie\sodium_compat\src\Compat.php:732
E:\Utilisateurs\Dropbox\brancatest\vendor\tuupola\branca\src\Branca.php:55
I have build a minimalistic test to reproduce this issue/change :
Error test
I'm currently learning php, so I probably miss something relevant.
64-bit versions of PHP is now required to work with Branca ?
These are 9 error logs within 3 weeks:
ErrorException: unpack(): Type N: not enough input values, need 4 values but only 0 were provided in /var/www/example/com/vendor/tuupola/branca/src/Branca.php:131
Error is caused by bots sniffing around the website.
The line is:
$parts = unpack("Cversion/Ntime", $header);
Maybe @unpack
will help.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.