+Authentication parameters
+=========================
+``atimestamp``
+ Time at which the request URL was generated (unix timestamp)
+``atoken``
+ Access token (username)
+``asignature``
+ Signature for the request. See the authentication section.
+
+
+==============
+Authentication
+==============
+Creating screenshots of websites is a resource intensive process.
+To prevent unauthorized access to the service, phancap supports authentication
+via a signature parameter similar to OAuth's ``oauth_signature``.
+
+Phancap's configuration file may contain a ``$access`` variable:
+
+``true``
+ Everyone is allowed to access the service
+``false``
+ Nobody is allowed to access the service
+``array``
+ A list of usernames that are allowed to request screenshots, together
+ with their secret keys (password)
+
+The signature algorithm is as follows:
+
+#. Parameters ``atimestamp`` (current unix timestamp) and
+ ``atoken`` (username) have to be added to the URL parameters
+
+#. URL parameters are normalized as described in
+ `OAuth Parameters Normalization`__:
+
+ #. Sort parameters list by name
+ #. Name and value are `raw-url-encoded`__
+ #. Name and value are concatenated with ``=`` as separator
+ #. The resulting strings are concatenated with ``&`` as separator
+
+#. URL parameter string is used together with the secret key
+ to create a `HMAC-SHA1`__ digest
+
+#. Digest is appended to the URL as ``asignature``
+
+__ http://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
+__ http://tools.ietf.org/html/rfc5849#section-3.6
+__ http://tools.ietf.org/html/rfc5849#section-3.4.2
+
+
+Example
+=======
+We want to create a screenshot of ``http://example.org/`` in size 400x300,
+using the browser size of 1024x768::
+
+ http://example.org/phancap/get.php?swidth=400&sheight=300&url=http%3A%2F%2Fexample.org%2F&bwidth=1024&bheight=768
+
+Phancap's config file contains::
+
+ $access = array(
+ 'user' => 'secret'
+ );
+
+Our parameters are thus:
+
+============== =====
+Name Value
+============== =====
+``swidth`` ``400``
+``sheight`` ``300``
+``url`` ``http://example.org/``
+``bwidth`` ``1024``
+``bheight`` ``768``
+============== =====
+
+At first, we need to add parameters ``atimestamp`` and ``atoken``.
+``atimestamp`` is the current unix timestamp.
+``atoken`` is our user name: ``user``.
+
+Now the parameter list is sorted:
+
+============== =====
+Name Value
+============== =====
+``atimestamp`` ``1396353987``
+``atoken`` ``user``
+``bheight`` ``768``
+``bwidth`` ``1024``
+``sheight`` ``300``
+``swidth`` ``400``
+``url`` ``http://example.org/``
+============== =====
+
+The parameters are raw-url-encoded. The only value that changes is the url,
+it becomes ``http%3A%2F%2Fexample.org%2F``.
+
+Concatenating the name/value pairs leads to the following string::
+
+ atimestamp=1396353987&atoken=user&bheight=768&bwidth=1024&sheight=300&swidth=400&url=http%3A%2F%2Fexample.org%2F
+
+Creating the HMAC digest with sha1, the calculated string and our key
+``secret`` gives us the following string::
+
+ 9a12eac5ff859f9306eaaf5a18b9a931fe10b89d
+
+This is the signature; it gets appended the URL as ``asignature`` parameter.
+
git.cweiske.de / phancap.git / commitdiff