PHPackages screamz/securedownload-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Caching](/categories/caching) 4. / 5. screamz/securedownload-bundle ActiveSymfony-bundle[Caching](/categories/caching) screamz/securedownload-bundle ============================= Allow to secure file download. V1.1.0(8y ago)1136MITPHPPHP >=5.3.0 Since Dec 3Pushed 8y ago1 watchersCompare [ Source](https://github.com/ScreamZ/SecureDownloadBundle)[ Packagist](https://packagist.org/packages/screamz/securedownload-bundle)[ Docs](https://github.com/ScreamZ/SecureDownloadBundle)[ RSS](/packages/screamz-securedownload-bundle/feed)WikiDiscussions master Synced 4w ago READMEChangelog (4)Dependencies (4)Versions (15)Used By (0) SecureDownloadBundle ==================== [](#securedownloadbundle) [![SensioLabsInsight](https://camo.githubusercontent.com/f68680eb8e353f55921d5e9fd2dfdc539cf3e3947d79bb6cb8b1c07542ac705c/68747470733a2f2f696e73696768742e73656e73696f6c6162732e636f6d2f70726f6a656374732f63666530613234632d336566622d346266652d613766352d6133663030616234316262332f6269672e706e67)](https://insight.sensiolabs.com/projects/cfe0a24c-3efb-4bfe-a7f5-a3f00ab41bb3) This bundle make it easier and quicker to deploy a secure download document solution, using a Cache engine like Memcached or Redis. Many cache system are supported thanks to [tedious/TedivmStashBundle!](https://github.com/tedious/TedivmStashBundle). At the moment the default one using service [@stash](TedivmStashBundle/Service/CacheService.php), but feel free to override my service declaration to use your own. Basic usage ----------- [](#basic-usage) In order to access a secured resource or file you need to pre-authorize this one. You either need a file path on the system (full path) or some data you want to save. This can be whole base64 data, just some data that will be required to fetch some others data (like through a web-service). In order to achieve that, you need to generate an access key that is known by the encoder and the decoder. This will allows you to secure the access to your resource or file, it can be a simple hash or string if the context doesn't depend on it or it can be a salt mixed with a unique identifier of the current logged used, you can also use a cookie to save it or a session variable. Feel free to try different approaches. Here are quick example of common use case: ### I have a path on my API, that I don't want to expose on the frontend [](#i-have-a-path-on-my-api-that-i-dont-want-to-expose-on-the-frontend) #### TransactionID generation [](#transactionid-generation) This path must be only accesible to the guy that triggered his generation too. If you share the download link to someone else this guy will not be able to download it. For that we need something that identify in a unique manner the user who triggered the transactionID hash. The userID is perfect. If we wanted to allow sharing or the download link we could have used something that is not user-dependant. ``` public function generateHashAction() { $secureDownloader = $this->get('screamz.service.secure_downloader'); $currentUser = $this->getAuthenticationManager()->getCurrentUser(); // Provided by the server (client don't know it), use something that identify the current logged user. $accessKey = md5('somecustomhash'.$currentUser->getId()); try{ // This return a string $transactionID = $secureDownloader->preAuthorizeDocumentPath('/home/site/www/document.txt', $accessKey); } catch {DownloadRequestException $e){ // Do something with errors var_dump($e->getReasons()); // Throw a 400 / 500 HTTP exception throw new HttpException(500); } // Do something... // Return response with the transactionID or render a template with link to download controller... } ``` #### Downloading the file using the given transactionID in a secured way [](#downloading-the-file-using-the-given-transactionid-in-a-secured-way) ``` public function downloadAction($transactionID) { $secureDownloader = $this->get('screamz.service.secure_downloader'); $currentUser = $this->getAuthenticationManager()->getCurrentUser(); // Provided by the server (client don't know it), use something that identify the current logged user. $accessKey = md5('somecustomhash'.$currentUser->getId()); try { $binaryResponse = $secureDownloader->getResourceBinaryFileResponse($transactionID, $accessKey); return $binaryResponse; } catch (DownloadRequestException $e) { // Do something with errors var_dump($e->getReasons()); // Throw a 400 / 500 HTTP exception throw new HttpException(500); } } ``` ### I want to save data that will allow me to query a remote API later in order to get something [](#i-want-to-save-data-that-will-allow-me-to-query-a-remote-api-later-in-order-to-get-something) #### Generate a transactionID [](#generate-a-transactionid) ``` public function generateHashAction() { $secureDownloader = $this->get('screamz.service.secure_downloader'); $currentUser = $this->getAuthenticationManager()->getCurrentUser(); // Provided by the server (client don't know it), use something that identify the current logged user. $accessKey = md5('somecustomhash'.$currentUser->getId()); try{ // This return a string $transactionID = $secureDownloader->preAuthorizeResource(json_encode(['token' => 'sometoken'], $accessKey); } catch {DownloadRequestException $e){ // Do something with errors var_dump($e->getReasons()); // Throw a 400 / 500 HTTP exception throw new HttpException(500); } // Do something... // Return response with the transactionID or render a template with link to download controller... } ``` #### Retrieve the resource after checking authorization [](#retrieve-the-resource-after-checking-authorization) ``` public function downloadAction($transactionID) { $secureDownloader = $this->get('screamz.service.secure_downloader'); $currentUser = $this->getAuthenticationManager()->getCurrentUser(); // Provided by the server (client don't know it), use something that identify the current logged user. $accessKey = md5('somecustomhash'.$currentUser->getId()); try { $resource = $secureDownloader->getResource($transactionID, $accessKey); } catch (DownloadRequestException $e){ throw $this->createAccessDeniedException('Accès à la ressource non autorisé.'); } $params = json_decode($resource->getTransactionSavedData(), true); // Call Webservice from here using $params } ``` Documentation ------------- [](#documentation) - [Error codes](/Resources/doc/error_codes.md) - [Default configuration](/Resources/doc/config.md) ### Health Score 29 — LowBetter than 57% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity12 Limited adoption so far Community7 Small or concentrated contributor base Maturity66 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~56 days Recently: every ~163 days Total 13 Last Release 3190d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/6640835?v=4)[Andréas Hanss](/maintainers/ScreamZ)[@ScreamZ](https://github.com/ScreamZ) --- Top Contributors [![ScreamZ](https://avatars.githubusercontent.com/u/6640835?v=4)](https://github.com/ScreamZ "ScreamZ (12 commits)") --- Tags bundlefile-downloadfilesphpsymfonysymfony-bundlesymfonyrediscachecachingmemcachedsecuresessionsdownloaddocumentstash ### Embed Badge ![Health badge](/badges/screamz-securedownload-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/screamz-securedownload-bundle/health.svg)](https://phpackages.com/packages/screamz-securedownload-bundle) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)