# `PhoenixKit.Modules.Storage.URLSigner`
[🔗](https://github.com/BeamLabEU/phoenix_kit/blob/v1.7.71/lib/modules/storage/services/url_signer.ex#L1)

Token-based URL signing for secure file serving.

Generates and verifies secure tokens that prevent file enumeration attacks.
Each file instance receives a unique 4-character token based on MD5 hashing.

## Token Generation

Token = first 4 chars of MD5(file_uuid:instance_name + secret_key_base)

This ensures:
- Prevents file enumeration (can't guess URLs)
- Each instance has unique token
- Token changes if secret changes
- Secure comparison prevents timing attacks
- No user-guessable patterns

## Examples

    iex> file_uuid = "018e3c4a-9f6b-7890-abcd-ef1234567890"
    iex> PhoenixKit.Modules.Storage.URLSigner.signed_url(file_uuid, "thumbnail")
    "/file/018e3c4a-9f6b-7890-abcd-ef1234567890/thumbnail/a3f2"

    iex> PhoenixKit.Modules.Storage.URLSigner.verify_token(file_uuid, "thumbnail", "a3f2")
    true

    iex> PhoenixKit.Modules.Storage.URLSigner.verify_token(file_uuid, "thumbnail", "xxxx")
    false

# `generate_token`
[🔗](https://github.com/BeamLabEU/phoenix_kit/blob/v1.7.71/lib/modules/storage/services/url_signer.ex#L112)

Generate the 4-character token for a file instance.

Used internally by signed_url/2 and verify_token/4.

## Arguments

- `file_uuid` (binary) - File UUID v7
- `instance_name` (binary) - Variant name

## Returns

A 4-character hex string token.

## Examples

    iex> PhoenixKit.Modules.Storage.URLSigner.generate_token("018e3c4a", "thumbnail")
    "abc1"

# `signed_url`
[🔗](https://github.com/BeamLabEU/phoenix_kit/blob/v1.7.71/lib/modules/storage/services/url_signer.ex#L55)

Generate a signed URL for a file instance.

## Arguments

- `file_uuid` (binary) - File UUID v7
- `instance_name` (binary) - Variant name (e.g., "thumbnail", "medium", "large")

## Returns

A relative URL path with prefix: `{url_prefix}/file/{file_uuid}/{instance_name}/{token}`

## Examples

    iex> PhoenixKit.Modules.Storage.URLSigner.signed_url("018e3c4a-9f6b-7890", "thumbnail")
    "/phoenix_kit/file/018e3c4a-9f6b-7890/thumbnail/abc1"  # With default prefix

# `verify_token`
[🔗](https://github.com/BeamLabEU/phoenix_kit/blob/v1.7.71/lib/modules/storage/services/url_signer.ex#L86)

Verify a token is valid for the given file and instance.

## Arguments

- `file_uuid` (binary) - File UUID v7
- `instance_name` (binary) - Variant name
- `token` (binary) - 4-character token from URL

## Returns

Boolean indicating if token is valid.

## Examples

    iex> file_uuid = "018e3c4a-9f6b-7890"
    iex> token = PhoenixKit.Modules.Storage.URLSigner.generate_token(file_uuid, "thumbnail")
    iex> PhoenixKit.Modules.Storage.URLSigner.verify_token(file_uuid, "thumbnail", token)
    true

    iex> PhoenixKit.Modules.Storage.URLSigner.verify_token(file_uuid, "thumbnail", "xxxx")
    false

---

*Consult [api-reference.md](api-reference.md) for complete listing*