search

cloudinary-community / cloudinary-laravel

Laravel SDK for Cloudinary
MIT License
255 stars 71 forks source link

specify signature_algorithm in the config/cloudinary.php #63

Open meyer59 opened 2 years ago

meyer59 commented 2 years ago

Hello It will be great if we can specify some more parameters in the cloudinary.php conf file as mentioned here. Actually, i am trying to specify the signature_algorithm parameter, is there any way to do it with the current package version ? Thank you

tara-matthew commented 7 months ago

Please could I have a go at working on this?

unicodeveloper commented 7 months ago

@tara-matthew assigned to you.

uhexos commented 7 months ago

@unicodeveloper after taking a stab at this seems like the extra env parameters would not be needed since we use the cloudinary url. The extra parameters can be added to the string the signature_algorithm in particular can be added using

cloudinary://cloudinary_url_here?cloud[signature_algorithm]=sha256

relevant cloudinary docs maybe we just need to add some more docs here to let people know

unicodeveloper commented 7 months ago

You might be right. Seems possible.

Have you tried it to see if it actually works?

On Thu, Oct 12, 2023 at 8:16 PM Nwokorobia Ugo @.***> wrote:

@unicodeveloper https://github.com/unicodeveloper after taking a stab at this seems like the extra env parameters would not be needed since we use the cloudinary url. The extra parameters can be added to the string the signature_algorithm in particular can be added using

cloudinary://cloudinary_url_here?cloud[signature_algorithm]=sha256

relevant cloudinary docs https://cloudinary.com/documentation/php_integration#landingpage:~:text=You%20can%20also%20configure%20parameters%20for%20an%20instance%20via%20environment%20variable%2C%20for%20example%3A maybe we just need to add some more docs here to let people know

— Reply to this email directly, view it on GitHub https://github.com/cloudinary-devs/cloudinary-laravel/issues/63#issuecomment-1760231865, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAWPNUJXDT7OPXWWU6I62XLX7A6YRANCNFSM5ROPWELA . You are receiving this because you were mentioned.Message ID: @.***>

uhexos commented 7 months ago

tried adding the sha256 and if you set a sha eg 2566 that doesn't exist it throws an error that says you need a enter a valid signature_algorithm. Seems it actually detects the setting. Buuuutt I couldn't actually get it to produce a sha 256 signature.

Given
$uploadedFileUrl = cloudinary()->upload($request->file('file')->getRealPath()); SignatureVerifier::verifyApiResponseSignature($uploadedFileUrl->getPublicId(), $uploadedFileUrl->getVersion(), $uploadedFileUrl->getSignature());

the signature that comes back seems to be sha1 encrypted cause we end up here at which during execution and it returns true public static function generateHmac($payloadToSign, $apiSecret) { return sha1($payloadToSign . $apiSecret); }

Any chance the sha256 is for paying accounts only ?