Composer
首页 包列表 提交包 常见问题 关于

承接 zappzarapp/security 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

zappzarapp/security

最新稳定版本:v1.1.0

Composer 安装命令:

composer require zappzarapp/security

包简介

Comprehensive PHP security library: CSP, Security Headers, CSRF, Cookies, Password Validation, Input Sanitization, Rate Limiting, SRI, and Audit Logging

关键字:

# security # password # headers # csrf # xss # sanitization # csp # sri # content-security-policy # hsts # rate-limiting # subresource-integrity # php8 # audit-logging

README 文档

README

Latest Version PHP Version License CI Socket Badge

Comprehensive PHP security library providing CSP, Security Headers, CSRF protection, Secure Cookies, Password Validation, Input Sanitization, Rate Limiting, SRI, and Audit Logging.

Highlights

  • All-in-one — 11 security modules in a single, composable package
  • Secure by default — strict CSP, no unsafe-*, HTTPS-first
  • Framework-agnostic — works with any PHP 8.4+ application
  • Immutable & type-safe — readonly classes, enums, with*() API
  • Quality-backed — PHPStan Level 8, Psalm Level 1, 100% Mutation Score, Deptrac architecture enforcement
  • PSR-compatible — PSR-3 (Logging), PSR-15 (Middleware), PSR-18 (HTTP Client)

Modules

Module Description Key Classes
CSP Content Security Policy header building CspDirectives, HeaderBuilder, NonceGenerator
Headers Security headers (HSTS, Permissions-Policy, etc.) SecurityHeaders, SecurityHeadersBuilder
CSRF Cross-Site Request Forgery protection CsrfProtection, CsrfConfig
Cookie Secure cookie handling SecureCookie, CookieBuilder, CookieOptions
Password Password validation and hashing PasswordPolicy, PwnedPasswordChecker, PepperedPasswordHasher
Sanitization Input sanitization (HTML, SQL, URI, Path) HtmlSanitizer, UriSanitizer, PathValidator
RateLimiting Rate limiting with multiple algorithms DefaultRateLimiter, RateLimitConfig
SRI Subresource Integrity hash generation SriHashGenerator, IntegrityAttribute
Analyzer Security header analysis and auditing SecurityHeaderAnalyzer, AnalysisResult
Middleware PSR-15 middleware for drop-in framework integration SecurityHeadersMiddleware, CsrfMiddleware, RateLimitMiddleware
Logging Security event audit logging SecurityAuditLogger, SecurityEvent

Requirements

  • PHP ^8.4
  • ext-dom
  • ext-libxml
  • ext-sodium

Installation

composer require zappzarapp/security

Quick Start

Security Headers

use Zappzarapp\Security\Headers\Builder\SecurityHeadersBuilder;

$headers = SecurityHeadersBuilder::recommended()->build();
foreach ($headers as $name => $value) {
    header("{$name}: {$value}");
}

CSP with Nonces

use Zappzarapp\Security\Csp\HeaderBuilder;
use Zappzarapp\Security\Csp\Directive\CspDirectives;
use Zappzarapp\Security\Csp\Nonce\NonceGenerator;

$generator = new NonceGenerator();
$csp = HeaderBuilder::build(CspDirectives::strict(), $generator);
header("Content-Security-Policy: {$csp}");

$nonce = $generator->get();
echo "<script nonce=\"{$nonce}\">console.log('Safe!');</script>";

CSRF Protection

use Zappzarapp\Security\Csrf\CsrfProtection;
use Zappzarapp\Security\Csrf\Storage\SessionCsrfStorage;

$csrf = new CsrfProtection(new SessionCsrfStorage());

// Generate token for form
$token = $csrf->generateToken();
echo '<input type="hidden" name="_token" value="' . $token->value() . '">';

// Validate on submission
if (!$csrf->validateToken($_POST['_token'])) {
    throw new Exception('CSRF validation failed');
}

Input Sanitization

use Zappzarapp\Security\Sanitization\Html\HtmlSanitizer;
use Zappzarapp\Security\Sanitization\Path\PathValidator;

// Sanitize HTML (removes dangerous tags/attributes)
$sanitizer = new HtmlSanitizer();
$safe = $sanitizer->sanitize($userInput);

// Validate file paths (prevent directory traversal)
$validator = new PathValidator('/var/www/uploads');
if (!$validator->isValid($userPath)) {
    throw new Exception('Invalid path');
}

See the documentation for detailed examples of all modules.

Documentation

Each module has detailed API documentation with class references, configuration options, and code examples:

Module Description
CSP Content Security Policy with nonces
Headers HSTS, COOP, COEP, CORP, Permissions
CSRF Token patterns and validation
Cookie Secure cookie handling
Password Hashing, policies, breach detection
Sanitization HTML, URI, path sanitization
Rate Limiting Token bucket, sliding window
SRI Subresource integrity hashes
Analyzer Security header auditing
Middleware PSR-15 middleware
Logging Security audit logging
Glossary Security terminology reference

Versioning

This library follows Semantic Versioning 2.0.0.

All classes, interfaces, and methods in the Zappzarapp\Security namespace are considered public API unless marked with @internal. Breaking changes only happen in major versions, with deprecation warnings at least one minor version before removal.

Releases are automated via release-please and GPG-signed. See CHANGELOG.md for release history.

Security

See SECURITY.md for vulnerability reporting and security considerations.

Contributing

See CONTRIBUTING.md for development setup and contribution guidelines.

License

MIT License - see LICENSE file for details.

统计信息

  • 总下载量: 11
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 20
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP
访问仓库

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-02-12