PHPackages                             masterei/laravel-signer - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. masterei/laravel-signer

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

masterei/laravel-signer
=======================

Laravel signed URL wrapper with additional feature such as consumable and user-based signed URLs.

v1.0.0(2y ago)013MITPHPPHP ^8.0

Since Apr 24Pushed 2y ago1 watchersCompare

[ Source](https://github.com/masterei/laravel-signer)[ Packagist](https://packagist.org/packages/masterei/laravel-signer)[ RSS](/packages/masterei-laravel-signer/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (1)Dependencies (4)Versions (2)Used By (0)

Laravel Signer
==============

[](#laravel-signer)

[![Latest Version on Packagist](https://camo.githubusercontent.com/8df535e2ff877aedc9b3c0ddeab574688e14efccec0f5b82b27ff282dde91686/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d617374657265692f6c61726176656c2d7369676e65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/masterei/laravel-signer)[![Total Downloads](https://camo.githubusercontent.com/aa507c92f43b12b77d6ef0c794002397a8b63282a2807f7b0c555826c3afd408/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d617374657265692f6c61726176656c2d7369676e65722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/masterei/laravel-signer)

Laravel signed URL wrapper with additional feature such as consumable and user-based signed URLs.

Installation
------------

[](#installation)

You can install the package via composer:

```
composer require masterei/laravel-signer
```

You need to publish the migration to create the package table:

```
php artisan vendor:publish --tag="signer-migration"
```

After that, you need to run migration command.

```
php artisan migrate
```

Optionally, you can publish the config file with:

```
php artisan vendor:publish --tag="signer-config"
```

Compatibility
-------------

[](#compatibility)

- Laravel version 9.x.x or later

Usage
-----

[](#usage)

### Basic Usage

[](#basic-usage)

```
use App\Models\User;
use Masterei\Signer\Signer;

// creating signed url that can only be accessed by limited number of times
Signer::consumableRoute('subscribe', 1, ['user' => 1]);

// expires after a specified amount of time
Signer::temporaryConsumableRoute('subscribe', now()->addMinute(), 1, ['user' => 1]);

// creating signed url that can only be access by certain specified user/s
$user = User::first();
Signer::authenticatedRoute('subscribe', $user, ['user' => 1]);

// note: user parameter can accept; user id as int or array, model, collection

// expires after a specified amount of time
Signer::temporaryAuthenticatedRoute('subscribe', now()->addMinute(), $user, ['user' => 1]);
```

#### Additional Arguments

[](#additional-arguments)

As usual, you may exclude the domain from the signed URL hash by providing the `absolute` argument to the class method.

```
return Signer::consumableRoute('subscribe', 1, ['user' => 1], absolute: false);
```

You may also want to force the domain prefix, even if you excluded the domain from the signed URL hash by providing the `prefixDomain` argument to the class method.

```
return Signer::consumableRoute('subscribe', 1, ['user' => 1], prefixDomain: true);
```

### Advance Usage

[](#advance-usage)

```
return Signer::route('subscribe')   // route name
    ->parameters(['user' => 1])     // additional parameters
    ->authenticated([1, 2])         // user id as int or array, model, collection
    ->consumable(2)                 // number of times url can be accessed
    ->relative()                    // exclude domain from signature hashing
    ->prefixDomain()                // force domain prefix on relative url
    ->expiration(now()->addDays(2)) // url expiration period; accepts: Carbon/Carbon instance
    ->make();                       // finally create the url
```

### Native Signed URL

[](#native-signed-url)

If you don't want to use the additional feature. Native `signedRoute` and `temporarySignedRoute` is a goto option.

Note: This does not store in database and will only be validated using the framework native validation method.

```
Signer::signedRoute('subscribe', ['user' => 1]);

// You may exclude the domain from the signed URL hash
// by providing the `absolute` argument to the signedRoute method:
Signer::signedRoute('subscribe', ['user' => 1], absolute: false);

// If you would like to generate a temporary signed URL
// that expires after a specified amount of time.
Signer::temporarySignedRoute('subscribe', now()->addDay(), ['user' => 1]);
```

### Validating Signed Route Requests

[](#validating-signed-route-requests)

#### Package Signed Route

[](#package-signed-route)

```
// To ensure that the incoming request has a valid signature,
// you have to include the middleware into the route for it to work.
Route::post('subscribe/{user}', function (Request $request) {
    // ...
})->name('subscribe')->middleware('signer');

// Sometimes, you want to forcefully disable the framework native validation,
// you should provide the `strict` argument to the middleware parameter.
Route::post('subscribe/{user}', function (Request $request) {
    // ...
})->name('subscribe')->middleware('signer:strict');
```

#### Native Signed Route

[](#native-signed-route)

If your route uses the native signed url method namely `signedRoute` and `temporarySignedRoute`; and excluded the domain from the signed URL hash you should provide the `relative` argument to the middleware for it to work.

```
Route::post('subscribe/{user}', function (Request $request) {
    // ...
})->name('subscribe')->middleware('signer:relative');
```

Classes
-------

[](#classes)

#### Way to reconstruct signed route model back into signed URL:

[](#way-to-reconstruct-signed-route-model-back-into-signed-url)

```
use Masterei\Signer\Models\Signed;

return Signed::first()->url();
```

#### To parse URL and get its underlying data:

[](#to-parse-url-and-get-its-underlying-data)

```
use Masterei\Signer\URLParser;

$parsedUrl = URLParser::fromString(request()->getUri());
return $parsedUrl->getSignature();
```

#### Finding signed URL model using its signature:

[](#finding-signed-url-model-using-its-signature)

```
use Masterei\Signer\Models\Signed;
use Masterei\Signer\URLParser;

$parsedUrl = URLParser::fromString(request()->getUri());
return Signed::findValidSignature($parsedUrl->getSignature());
```

```
// or specify with path
return Signed::findValidSignature($parsedUrl->getSignature(), $parsedUrl->getPath());
```

Changelog
---------

[](#changelog)

Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

21

—

LowBetter than 19% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity5

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity46

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

749d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/c8b19fb533634e9c6f48193419880bcdf5c3b17be1e0933e569a2cfb220290c9?d=identicon)[masterei](/maintainers/masterei)

---

Top Contributors

[![masterei](https://avatars.githubusercontent.com/u/34229270?v=4)](https://github.com/masterei "masterei (8 commits)")

---

Tags

mastereilaravel-signerconsumable signed urluser-based signed url

### Embed Badge

![Health badge](/badges/masterei-laravel-signer/health.svg)

```
[![Health](https://phpackages.com/badges/masterei-laravel-signer/health.svg)](https://phpackages.com/packages/masterei-laravel-signer)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M118](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock

A flexible, driver based Acl package for PHP 5.4+

870304.7k2](/packages/beatswitch-lock)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)