PhoenixKit.Storage.URLSigner (phoenix_kit v1.6.15)

View Source

Token-based URL signing for secure file serving.

Generates and verifies secure tokens that prevent file enumeration attacks. Each file instance receives a unique 4-character token based on MD5 hashing.

Token Generation

Token = first 4 chars of MD5(file_id:instance_name + secret_key_base)

This ensures:

  • ✅ Prevents file enumeration (can't guess URLs)
  • ✅ Each instance has unique token
  • ✅ Token changes if secret changes
  • ✅ Secure comparison prevents timing attacks
  • ✅ No user-guessable patterns

Examples

iex> file_id = "018e3c4a-9f6b-7890-abcd-ef1234567890"
iex> PhoenixKit.Storage.URLSigner.signed_url(file_id, "thumbnail")
"/file/018e3c4a-9f6b-7890-abcd-ef1234567890/thumbnail/a3f2"

iex> PhoenixKit.Storage.URLSigner.verify_token(file_id, "thumbnail", "a3f2")
true

iex> PhoenixKit.Storage.URLSigner.verify_token(file_id, "thumbnail", "xxxx")
false

Summary

Functions

generate_token(file_id, instance_name)

Generate the 4-character token for a file instance.

signed_url(file_id, instance_name, opts \\ [])

Generate a signed URL for a file instance.

verify_token(file_id, instance_name, token)

Verify a token is valid for the given file and instance.

Functions

generate_token(file_id, instance_name)

Generate the 4-character token for a file instance.

Used internally by signed_url/2 and verify_token/4.

Arguments

  • file_id (binary) - File UUID v7
  • instance_name (binary) - Variant name

Returns

A 4-character hex string token.

Examples

iex> PhoenixKit.Storage.URLSigner.generate_token("018e3c4a", "thumbnail")
"abc1"

signed_url(file_id, instance_name, opts \\ [])

Generate a signed URL for a file instance.

Arguments

  • file_id (binary) - File UUID v7
  • instance_name (binary) - Variant name (e.g., "thumbnail", "medium", "large")

Returns

A relative URL path with prefix: {url_prefix}/file/{file_id}/{instance_name}/{token}

Examples

iex> PhoenixKit.Storage.URLSigner.signed_url("018e3c4a-9f6b-7890", "thumbnail")
"/phoenix_kit/file/018e3c4a-9f6b-7890/thumbnail/abc1"  # With default prefix

verify_token(file_id, instance_name, token)

Verify a token is valid for the given file and instance.

Arguments

  • file_id (binary) - File UUID v7
  • instance_name (binary) - Variant name
  • token (binary) - 4-character token from URL

Returns

Boolean indicating if token is valid.

Examples

iex> file_id = "018e3c4a-9f6b-7890"
iex> token = PhoenixKit.Storage.URLSigner.generate_token(file_id, "thumbnail")
iex> PhoenixKit.Storage.URLSigner.verify_token(file_id, "thumbnail", token)
true

iex> PhoenixKit.Storage.URLSigner.verify_token(file_id, "thumbnail", "xxxx")
false