Security Checks

You can simply add your own security check or override existing ones and change their priorities. Your check has to extend the AbstractCheck class.

Register Security Check

You can add following method call to your ext_localconf.php file:

\Leuchtfeuer\SecureDownloads\Registry\CheckRegistry::register(
    'tx_securedownloads_group',
    \Leuchtfeuer\SecureDownloads\Security\UserGroupCheck::class,
    10,
    true
);

Instead of tx_securedownloads_group you can use your own unique identifier. The second argument of that method contains the class of your check. The third one mirrors the priority of your check and you can override existing checks when you set the fourth argument of that method to true.

Example

An example of how to register your own security check can be found in the example extension. This example check allows only a single access to a file. On the second call, the link is identified as invalid and the server returns a 403 status code.

Register the Check

ext_localconf.php

\Leuchtfeuer\SecureDownloads\Registry\CheckRegistry::register(
    'tx_evenmoresecuredownloads_once',
    \Flossels\EvenMoreSecureDownloads\Security\OneTimeCheck::class,
    50,
    true
);

The Security Check

Classes/Security/OneTimeCheck.php

class OneTimeCheck extends AbstractCheck
{
    /**
     * @var RsaToken
     */
    protected $token;

    public function hasAccess(): bool
    {
        $claimRepository = new ClaimRepository();

        if (!$claimRepository->isClaimed($this->token)) {
            $claimRepository->setClaimed($this->token);

            return true;
        }

        return false;
    }
}