- Add storage driver for private key to config

gertvanhout · gertvanhout · commit edf6af4044b0 · 2025-05-19T09:18:02.000+02:00
- Added private key caching
- Improve middleware logic, check if config has minimal values set before trying to sign
diff --git a/config/cloudfront-cookies.php b/config/cloudfront-cookies.php
@@ -11,6 +11,8 @@
 
     'private_key_path' => env('CLOUDFRONT_PRIVATE_KEY_PATH'),
 
+    'private_key_storage' => env('CLOUDFRONT_PRIVATE_KEY_STORAGE'),
+
     'domain' => env('CLOUDFRONT_DOMAIN'),
 
     'resource' => env('CLOUDFRONT_RESOURCE', 'http*://localhost/*'),
diff --git a/src/Http/Middleware/CloudfrontSignedCookiesMiddleware.php b/src/Http/Middleware/CloudfrontSignedCookiesMiddleware.php
@@ -16,7 +16,10 @@ public function handle(Request $request, Closure $next)
     {
         $cookies = collect(static::cookieNames());
 
-        $shouldNotSign = $cookies->every(function ($cookie) use ($request) {
+        $shouldNotSign = config('cloudfront-cookies.resource') === '' ||
+            config('cloudfront-cookies.key_pair_id') === '' ||
+            config('cloudfront-cookies.private_key_path') === '' ||
+            $cookies->every(function ($cookie) use ($request) {
             return $request->hasCookie($cookie);
         });
 
diff --git a/src/LaravelCloudfrontCookies.php b/src/LaravelCloudfrontCookies.php
@@ -7,6 +7,8 @@
 use Aws\CloudFront\CloudFrontClient;
 use Exception;
 use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Storage;
 
 class LaravelCloudfrontCookies
 {
@@ -58,9 +60,18 @@ public function policy(?string $policy = null): static
 
     public function get(): array
     {
+        $private_key = Cache::remember('laravel_cloudfront_cookies_private_key',
+            3600 * 24,
+            fn () => Storage::disk(config('cloudfront-cookies.private_key_storage'))->get(config('cloudfront-cookies.private_key_path'))
+        );
+
+        if (! $private_key) {
+            throw new Exception('private key not found');
+        }
+
         return $this->client->getSignedCookie([
             'policy' => $this->policy,
-            'private_key' => config('cloudfront-cookies.private_key_path'),
+            'private_key' => $private_key,
             'key_pair_id' => config('cloudfront-cookies.key_pair_id'),
         ]);
     }
